mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
2a136f5b8d
* feat: use kubectl-validate to load policies Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * schemas Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * policies v2beta1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * option Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * defaulting test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
25 lines
No EOL
660 B
YAML
25 lines
No EOL
660 B
YAML
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: check-image
|
|
annotations:
|
|
pod-policies.kyverno.io/autogen-controllers: none
|
|
spec:
|
|
rules:
|
|
- name: verify-signature
|
|
match:
|
|
resources:
|
|
kinds:
|
|
- Pod
|
|
verifyImages:
|
|
- imageReferences:
|
|
- "*"
|
|
attestors:
|
|
- count: 1
|
|
entries:
|
|
- keys:
|
|
publicKeys: |-
|
|
-----BEGIN PUBLIC KEY-----
|
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFN8gGjQua2g8N+aLx3Eff+/j5HxL
|
|
bV+H2z50/0A4d8XyMUvizPQBtcgei43pqLj1850m3wSwI08z2+6zT1QaEg==
|
|
-----END PUBLIC KEY----- |