UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit edadecb2 authored by Ryan Garcia's avatar Ryan Garcia :dizzy:
Browse files

Merge branch '1777-kyverno-policy-verify-ib-image' into 'master' 

feat: enable `require-image-signature` policy as `audit`

Closes #1777

See merge request !3286
parents 4efa3057 cddf46a2
No related branches found
No related tags found
1 merge request!3286feat: enable `require-image-signature` policy as `audit`
Pipeline #2369796 failed
Stage: 🎛 prevar
Stage: 🔌 network up
Stage: ⚓ eks cluster up
Stage: 🌌 eks bigbang up
Stage: 🤞 eks test
Stage: 💣 eks bigbang down
Stage: 💣 eks cluster down
Stage: 💣 network down
Hide whitespace changes
Inline Side-by-side
chart/templates/kyverno-policies/values.yaml
+ 1
1
View file @ edadecb2
......@@ -160,7 +160,7 @@ policies:
# Kyverno Beta feature - https://kyverno.io/docs/writing-policies/verify-images/
require-image-signature:
enabled: false
enabled: true
validationFailureAction: audit
require-istio-on-namespaces:
......
tests/test-values.yaml
+ 4
0
View file @ edadecb2
......@@ -411,6 +411,8 @@ kyvernoPolicies:
- 'kyverno-policies-bbtest/test: required'
- kyverno-policies-bbtest/required
require-image-signature:
enabled: true
validationFailureAction: enforce
parameters:
require:
- imageReferences:
......@@ -424,6 +426,8 @@ kyvernoPolicies:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
mutateDigest: false
verifyDigest: false
- imageReferences:
- "registry1.dso.mil/ironbank/*"
attestors:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED - NO CUI