Page History

...

Code Block
helm repo add kyverno https://kyverno.github.io/kyverno/ helm repo update helm install kyverno-policies-n ncyd-flux kyverno kyverno/kyverno-policies -n ncyd-flux

Code Block

apiVersion: kyverno.io/v1
kind: ClusterPolicyPolicy
metadata:
  name: check-signed-imagesimage
spec:
  validationFailureAction: Enforce
  background: false
  webhookTimeoutSeconds: 30
  failurePolicy: Fail
  rules:
    - name: check-image-signature
      match:
        any:
        - resources:
            kinds:
              - Pod
      verifyImages:
      - imageReferences:
            - "ncydacrinprogress.azurecr.io/cloudhut/kowl:*"
#       - "ncydacrinprogress.azurecr.io/*"
        attestors:
        - count: 1
       # Replace with your own public key
   entries:
          - keys:
              keypublicKeys: |-
                          -----BEGIN PUBLIC KEY-----
                MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6887939UfT9OPMHvST7OBfT1xAva
                iRPbB1Hyar+nFCUWVvX7EviEPLxTZRNQ2A4OPKAkDo1e3HI8OFTr9ZAIyQ==
                -----END PUBLIC KEY-----


# or 
         key: ???? secret ????

...

Space shortcuts

Page tree

Versions Compared

Old Version 24

New Version 25

Key