Created
May 16, 2023 08:49
-
-
Save saschagrunert/08a3bca626c27f97865fee45e259440f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Verify signed image using a public key without a fulcio issued certificate. | |
| apiVersion: config.openshift.io/v1alpha1 | |
| kind: ImagePolicy | |
| metadata: | |
| name: image-is-signed | |
| spec: | |
| images: | |
| - hostname:5000/myns/sigstore-signed-with-full-references | |
| policy: | |
| keyData: Zm9vIGJhcg== | |
| --- | |
| # Verify signed image with oidcIssuer and subjectEmail. | |
| apiVersion: config.openshift.io/v1alpha1 | |
| kind: ImagePolicy | |
| metadata: | |
| name: image-is-signed-fulcio | |
| spec: | |
| images: | |
| - hostname:5000/myns/sigstore-signed-fulcio-rekor | |
| policy: | |
| oidcIssuer: https://github.com/login/oauth | |
| subjectEmail: test-user@example.com | |
| --- | |
| # Verify signed image with remapped identity. | |
| apiVersion: config.openshift.io/v1alpha1 | |
| kind: ImagePolicy | |
| metadata: | |
| name: image-remap | |
| spec: | |
| images: | |
| - hostname:5000/myns/sigstore-signed-fulcio-rekor | |
| policy: | |
| oidcIssuer: https://github.com/login/oauth | |
| subjectEmail: test-user@example.com | |
| signedIdentity: | |
| identityMatchPolicy: RemapIdentity | |
| prefix: private-mirror:5000/vendor-mirror | |
| signedPrefix: vendor.example.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment