Skip to content

A question about deploying signed and non-signed images combined with glob pattern #621

New issue
New issue
Open
Open
A question about deploying signed and non-signed images combined with glob pattern#621
Labels
questionFurther information is requested
@gals-ma

Description

@gals-ma
gals-ma
opened on Feb 28, 2023

Question

Hello Guys,

Is there a way to achieve the following flow-

Background: We are a company who has all images in one private AWS ECR.
In general, we have 2 types of images that we deploy-

Infrastructure related images (K8S components such as monitoring agents, etc..)- Deployed on various Namespaces.
Services images (All our micro-services) - Deployed only on a specific Namespace
We want to achieve the following Image Policy-

To summarized, we need all namespaces to be enforced with policy-controller-

  • Namespace of Services images must be deployed with signature validation + image glob validation.
  • Namespace of Infrastructure related images are deployed without signature validation + image glob validation.
    The image glob pattern is the same for both 1+2.

Is there a way to achieve that with Policy-controller?

Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions