kyverno/test/conformance/kuttl/validate/e2e/trusted-images/README.md at b6fb496d9b46dee4bed50ccc52021c8e9b094bbe

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Migrate validate e2e tests to kuttl tests (#5483 )

* add global-anchor test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add trusted-images test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add yaml-signing test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add x509-decode test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

2022-11-28 14:04:21 +00:00

432 B

Raw Blame History

Description

This test is migrated from e2e. It tests an imageRegistry context lookup for a "real" image and states that an image built to run as root can only come from GHCR.

Expected Behavior

If an image is built to run as root user and it does NOT come from GHCR, the Pod is blocked. If it either isn't built to run as root OR it is built to run as root and does come from GHCR, it is allowed.

Reference Issue(s)

N/A

432 B Raw Blame History

Description

Expected Behavior

Reference Issue(s)

432 B

Raw Blame History