Kyverno Policy to enforce Signed IB Images
Container image signing allows users to add a digital “fingerprint” to an image. This fingerprint can later be cryptographically tested to verify trust. This allows users of container images to verify origin and trust the content included in container images.
Kyverno is able to use sigstore to validate images: https://kyverno.io/docs/writing-policies/verify-images/sigstore/
Acceptance Criteria:
- when image signing is enabled, a Kyverno policy should be implemented that will enforce all images are signed
- when image signing is disabled, a kyverno policy should be implemented that will audit all images are signed
Related MRs: big-bang/product/packages/kyverno-policies!110 (merged) big-bang/product/packages/kyverno-policies!108 (merged)