pub/cosign-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
60cb08b767f6f425b45a895dcd6befd5eccf4de3
cosign-images/policies/kyverno-image-signature-policy.yaml
Vassiliy Yegorov 38ecc2ad24 init
2026-03-26 18:58:53 +07:00

25 lines
997 B
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-image-signature
spec:
validationFailureAction: Enforce
rules:
- name: verify-image-signature
match:
resources:
kinds:
- Pod
include:
resources:
namespaces:
- cosign-test
verifyImages:
- image: "git.ntk.novotelecom.ru/adm/docker-trust*"
key: "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kmEd1dzkY0MLMhNlkPz8LbX70tdw5acXoKYvOGzcTUK4jppKBCLst121UMC0L5DcgqNE9uly0S78aE8pbIxpBSgVdM8NPRa90vGTi50rauzOGiVRSxOzmkh3BVErqga84U9xb8QmS28rwjdSCbZSx27quzkDrvHwrfid5DroCSkNFQo7Bb84jlgTbrV5KwXkd7G5bMB3qaAzIpBQH+LbKn8/76rlU9/NfUpzftFdOwVVOWQIC7PYU8z2cKI9C+Su+MkrozuGSLrR/Z/urCK9xibrUzRMX7N2v5ORXGhili4pFJG7asxQjPzl2a23iYGkt8c5egxlXWFk4zrVnmawIDAQAB-----END PUBLIC KEY-----"
attestors:
- entries:
- keyless:
subject: "*"
issuer: "*"
Reference in New Issue View Git Blame Copy Permalink