mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
chore: update publicKey description (#5789)
* update publicKey description Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api doc Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
parent
631a8e1796
commit
c3ab0687bb
6 changed files with 600 additions and 78 deletions
|
@ -127,9 +127,12 @@ type Attestor struct {
|
|||
type StaticKeyAttestor struct {
|
||||
// Keys is a set of X.509 public keys used to verify image signatures. The keys can be directly
|
||||
// specified or can be a variable reference to a key specified in a ConfigMap (see
|
||||
// https://kyverno.io/docs/writing-policies/variables/). When multiple keys are specified each
|
||||
// key is processed as a separate staticKey entry (.attestors[*].entries.keys) within the set of
|
||||
// attestors and the count is applied across the keys.
|
||||
// https://kyverno.io/docs/writing-policies/variables/), or reference a standard Kubernetes Secret
|
||||
// elsewhere in the cluster by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
// The named Secret must specify a key `cosign.pub` containing the public key used for
|
||||
// verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
// When multiple keys are specified each key is processed as a separate staticKey entry
|
||||
// (.attestors[*].entries.keys) within the set of attestors and the count is applied across the keys.
|
||||
PublicKeys string `json:"publicKeys,omitempty" yaml:"publicKeys,omitempty"`
|
||||
|
||||
// Specify signature algorithm for public keys. Supported values are sha256 and sha512
|
||||
|
|
|
@ -5833,7 +5833,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -6179,7 +6185,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -6490,7 +6504,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -9085,7 +9105,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -9450,7 +9478,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -9773,7 +9809,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -12188,7 +12231,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -12519,7 +12568,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -12830,7 +12887,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -15400,7 +15463,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -15765,7 +15836,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -16088,7 +16167,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -18946,7 +19032,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -19292,7 +19384,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -19603,7 +19703,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -22199,7 +22305,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -22564,7 +22678,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -22887,7 +23009,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -25303,7 +25432,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -25634,7 +25769,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -25945,7 +26088,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -28515,7 +28664,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -28880,7 +29037,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -29203,7 +29368,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
|
|
@ -2431,7 +2431,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -2777,7 +2783,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -3088,7 +3102,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -5683,7 +5703,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -6048,7 +6076,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -6371,7 +6407,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -8786,7 +8829,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -9117,7 +9166,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -9428,7 +9485,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -11998,7 +12061,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -12363,7 +12434,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -12686,7 +12765,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
|
|
@ -2432,7 +2432,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -2778,7 +2784,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -3089,7 +3103,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -5685,7 +5705,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -6050,7 +6078,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -6373,7 +6409,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -8789,7 +8832,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -9120,7 +9169,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -9431,7 +9488,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -12001,7 +12064,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -12366,7 +12437,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -12689,7 +12768,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
|
|
@ -5904,7 +5904,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -6250,7 +6256,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -6561,7 +6575,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -9156,7 +9176,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -9521,7 +9549,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -9844,7 +9880,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -12259,7 +12302,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -12590,7 +12639,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -12901,7 +12958,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -15471,7 +15534,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -15836,7 +15907,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -16159,7 +16238,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -19019,7 +19105,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -19365,7 +19457,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -19676,7 +19776,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -22272,7 +22378,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -22637,7 +22751,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -22960,7 +23082,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -25376,7 +25505,13 @@ spec:
|
|||
The keys can be directly specified
|
||||
or can be a variable reference to
|
||||
a key specified in a ConfigMap (see
|
||||
https://kyverno.io/docs/writing-policies/variables/).
|
||||
https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster by
|
||||
specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public
|
||||
key used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys)
|
||||
|
@ -25707,7 +25842,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -26018,7 +26161,13 @@ spec:
|
|||
keys used to verify image signatures.
|
||||
The keys can be directly specified or
|
||||
can be a variable reference to a key
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
specified in a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying
|
||||
it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a key
|
||||
`cosign.pub` containing the public key
|
||||
used for verification, (see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified each
|
||||
key is processed as a separate staticKey
|
||||
entry (.attestors[*].entries.keys) within
|
||||
|
@ -28588,7 +28737,15 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable
|
||||
reference to a key specified in
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/).
|
||||
a ConfigMap (see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -28953,7 +29110,15 @@ spec:
|
|||
keys can be directly specified
|
||||
or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format
|
||||
"k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify
|
||||
a key `cosign.pub` containing
|
||||
the public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a
|
||||
separate staticKey entry (.attestors[*].entries.keys)
|
||||
|
@ -29276,7 +29441,14 @@ spec:
|
|||
signatures. The keys can be directly
|
||||
specified or can be a variable reference
|
||||
to a key specified in a ConfigMap
|
||||
(see https://kyverno.io/docs/writing-policies/variables/).
|
||||
(see https://kyverno.io/docs/writing-policies/variables/),
|
||||
or reference a standard Kubernetes
|
||||
Secret elsewhere in the cluster
|
||||
by specifying it in the format "k8s://<namespace>/<secret_name>".
|
||||
The named Secret must specify a
|
||||
key `cosign.pub` containing the
|
||||
public key used for verification,
|
||||
(see https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret).
|
||||
When multiple keys are specified
|
||||
each key is processed as a separate
|
||||
staticKey entry (.attestors[*].entries.keys)
|
||||
|
|
|
@ -3723,9 +3723,12 @@ string
|
|||
<td>
|
||||
<p>Keys is a set of X.509 public keys used to verify image signatures. The keys can be directly
|
||||
specified or can be a variable reference to a key specified in a ConfigMap (see
|
||||
<a href="https://kyverno.io/docs/writing-policies/variables/)">https://kyverno.io/docs/writing-policies/variables/)</a>. When multiple keys are specified each
|
||||
key is processed as a separate staticKey entry (.attestors[*].entries.keys) within the set of
|
||||
attestors and the count is applied across the keys.</p>
|
||||
<a href="https://kyverno.io/docs/writing-policies/variables/)">https://kyverno.io/docs/writing-policies/variables/)</a>, or reference a standard Kubernetes Secret
|
||||
elsewhere in the cluster by specifying it in the format “k8s://<namespace>/<secret_name>”.
|
||||
The named Secret must specify a key <code>cosign.pub</code> containing the public key used for
|
||||
verification, (see <a href="https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret">https://github.com/sigstore/cosign/blob/main/KMS.md#kubernetes-secret</a>).
|
||||
When multiple keys are specified each key is processed as a separate staticKey entry
|
||||
(.attestors[*].entries.keys) within the set of attestors and the count is applied across the keys.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
Loading…
Reference in a new issue