Skip to content

Instantly share code, notes, and snippets.

@developer-guy

developer-guy/kyverno-verify-images.yaml

Created March 22, 2022 14:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save developer-guy/3596f939d233d1e41acad6deac99d881 to your computer and use it in GitHub Desktop.
Save developer-guy/3596f939d233d1e41acad6deac99d881 to your computer and use it in GitHub Desktop.
Download ZIP
Kyverno verifyImages GCP KMS
Raw
kyverno-verify-images.yaml
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: check-image
spec:
validationFailureAction: enforce
background: false
webhookTimeoutSeconds: 30
failurePolicy: Fail
rules:
- name: check-image
match:
resources:
kinds:
- Pod
verifyImages:
- image: "gcr.io/shaped-shuttle-342907/alpine:*"
key: "gcpkms://projects/shaped-shuttle-342907/locations/global/keyRings/test/cryptoKeys/cosign/versions/1"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment