pub/cosign-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c04e161cbcd3184cd0f68c1cbf977aee09145ab9
cosign-images/policies/kyverno-image-signature-policy.yaml
Vassiliy Yegorov 5db0ab10f6
All checks were successful
build, sign and push / build-and-sign (push) Successful in 34s
Details
add doc
2026-03-26 19:53:49 +07:00

27 lines
750 B
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-image-signature
spec:
validationFailureAction: Enforce
background: false
rules:
- name: check-image-signature
match:
any:
- resources:
kinds: [Pod]
namespaces: ["cosign-test"]
verifyImages:
- imageReferences:
# - "git.realmanual.ru/pub/*"
- "*"
attestors:
- entries:
- keys:
publicKeys: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZZ/9MbR3WZg9K/pk936vukFjeWVt
2oMpW4OmElpIq1aH3jZIA03Hwm7FVdhyumb1vPu5k0DOV8RX4UIs6rkhzA==
-----END PUBLIC KEY-----
Reference in New Issue View Git Blame Copy Permalink