feat: enable `require-image-signature` policy as `audit`

cddf46a2 · Noah Birrer · Ryan Garcia · c2468a44 · cddf46a2 · cddf46a2
Commit cddf46a2 authored 1 year ago by Noah Birrer Committed by Ryan Garcia 1 year ago
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -160,7 +160,7 @@ policies:
  # Kyverno Beta feature - https://kyverno.io/docs/writing-policies/verify-images/
  require-image-signature:
-    enabled: false
+    enabled: true
    validationFailureAction: audit
  require-istio-on-namespaces:

--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -411,6 +411,8 @@ kyvernoPolicies:
          - 'kyverno-policies-bbtest/test: required'
          - kyverno-policies-bbtest/required
      require-image-signature:
+        enabled: true
+        validationFailureAction: enforce
        parameters:
          require:
          - imageReferences:
@@ -424,6 +426,8 @@ kyvernoPolicies:
                    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
                    5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
                    -----END PUBLIC KEY-----
+            mutateDigest: false
+            verifyDigest: false 
          - imageReferences:
            - "registry1.dso.mil/ironbank/*"
            attestors: