Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: workaround for missing k8s:// certificate support in Cosign #1475

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

fix: workaround for missing k8s:// certificate support in Cosign #1475

wants to merge 6 commits into from

Conversation

Mohdcode
Copy link
Contributor

Related issue

kyverno/kyverno#11545
@JimBugwadia

This update documents a workaround for Cosign's lack of support for k8s:// certificate references in Kyverno.

Proposed Changes

  • Added documentation on using Kyverno’s context feature to fetch and decode certificates stored in Kubernetes secrets.
  • Ensures compatibility with Kyverno by avoiding direct k8s:// references, which Cosign does not support for certificates.
  • Provides a secure and maintainable approach to verifying image signatures without modifying policy manifests.

Checklist

  • I have read the contributing guidelines.
  • I have inspected the website preview for accuracy.
  • I have signed off my issue.

@Mohdcode
Copy link
Contributor Author

@JimBugwadia

@Mohdcode
Copy link
Contributor Author

Should we add a conformance test to kyverno/test/conformance/chainsaw/verifyImages ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vishal-chdhry vishal-chdhry Awaiting requested review from vishal-chdhry

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Mohdcode @vishal-chdhry @JimBugwadia