Kubewarden policy verify-image-signatures

Description

This policy validates Sigstore signatures for containers, init container and ephemeral container that match the name provided in the image settings field. It will reject the Pod if any validation fails. If all signature validation pass or there is no container that matches the image name, the Pod will be accepted.

This policy also mutates matching images to add the image digest, therefore the version of the deployed image can't change. This mutation can be disabled by setting modifyImagesWithDigest to false.

It can also reject all workload resources that contain containers: Deployments, ReplicaSets, StatefulSets, DaemonSets, Jobs, CronJobs, ReplicationControllers For this you need to add these resources in the rules field of the policy.

Example of a policy that will reject any workload resources mentioned before:

apiVersion: policies.kubewarden.io/v1
kind: ClusterAdmissionPolicy
metadata:
  name: verify-image-signatures
spec:
  module: ghcr.io/kubewarden/policies/verify-image-signatures:v0.1.7
  rules:
    - apiGroups: [""]
      apiVersions: ["v1"]
      resources: [ "pods" ]
      operations: ["CREATE", "UPDATE"]
    - apiGroups: [""]
      apiVersions: ["v1"]
      resources: ["replicationcontrollers"]
      operations: ["CREATE", "UPDATE"]
    - apiGroups: ["apps"]
      apiVersions: ["v1"]
      resources: ["deployments", "replicasets", "statefulsets", "daemonsets"]
      operations: ["CREATE", "UPDATE"]
    - apiGroups: ["batch"]
      apiVersions: ["v1"]
      resources: ["jobs", "cronjobs"]
      operations: ["CREATE", "UPDATE"]
  mutating: true
  settings:
    signatures:
      - image: "*"
        githubActions:
          owner: "kubewarden"
          repo: "app-example"

See the Secure Supply Chain docs in Kubewarden for more info.

Settings

The policy takes a list of signatures. A signature can be of four types: GitHub actions, public key, keyless exact match or keyless prefix. Each signature has an image field which will be used to select the matching containers in the pod that will be evaluated. image supports wildcard. For example, ghcr.io/kubewarden/* will match all images from the kubewarden ghcr repo.

Signature types:

GitHub actions. It will verify that all images were signed for a GitHub action with the kubewarden owner and in the repo app-example.

signatures:
  - image: "ghcr.io/kubewarden/*"
    githubActions:
      owner: "kubewarden"
      repo: "app-example" #optional

Keyless subject prefix. It will verify that the issuer is https://token.actions.githubusercontent.com and the subject starts with https://github.com/kubewarden/app-example/.github/workflows/ci.yml@refs/tags/ urlPrefix is sanitized to prevent typosquatting.

signatures:
  - image: "ghcr.io/kubewarden/*"
    keylessPrefix:
      - issuer: "https://token.actions.githubusercontent.com"
        urlPrefix: "https://github.com/kubewarden/app-example/.github/workflows/ci.yml@refs/tags/"

Keyless exact match. It will verify that the issuer is https://token.actions.githubusercontent.com and the subject is kubewarden. It will not modify the image with the digest.

modifyImagesWithDigest: false #optional. default is true
signatures:
  - image: "ghcr.io/kubewarden/*"
    keyless:
      - issuer: "https://token.actions.githubusercontent.com"
        subject: "kubewarden"

Public key. It will verify that all images were signed with the two public keys provided and contains the env: prod annotation.

signatures:
  - image: "ghcr.io/kubewarden/*"
    pubKeys:
      - "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
      - "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
    annotations: #optional
      env: prod

Certificate. It will verify that the image has been signed using all the certificates provided by the user. The certificates must be PEM encoded. Optionally the settings can have the list of PEM encoded certificates that can create the certificateChain used to verify the given certificate. The requireRekorBundle should be set to true to have a stronger verification process. When set to true, the signature must have a Rekor bundle and the signature must have been created during the validity time frame of the certificate.

The following configuration requires all the container images coming from registry.acme.org/secure-project to be signed both by Alice and by Bob.

signatures:
  - image: "registry.acme.org/secure-project/*"
    certificates:
      - |
        -----BEGIN CERTIFICATE-----
        alice's cert
        -----END CERTIFICATE-----
      - |
        -----BEGIN CERTIFICATE-----
        bob's cert
        -----END CERTIFICATE-----
    certificateChain:
      - |
        -----BEGIN CERTIFICATE-----
        <intermediate cert>
        -----END CERTIFICATE-----
      - |
        -----BEGIN CERTIFICATE-----
        <root CA>
        -----END CERTIFICATE-----
    requireRekorBundle: true
    annotations: #optional
      env: prod

Name		Name	Last commit message	Last commit date
Latest commit History 254 Commits
.github/workflows		.github/workflows
src		src
test_data		test_data
.gitignore		.gitignore
CODEOWNERS		CODEOWNERS
CONTRIBUTING.md		CONTRIBUTING.md
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
artifacthub-pkg.yml		artifacthub-pkg.yml
artifacthub-repo.yml		artifacthub-repo.yml
e2e.bats		e2e.bats
hub.yml		hub.yml
metadata.yml		metadata.yml
questions-ui.yml		questions-ui.yml
renovate.json		renovate.json

License

kubewarden/verify-image-signatures

Folders and files

Latest commit

History

Repository files navigation

Kubewarden policy verify-image-signatures

Description

Settings

About

Topics

Resources

License

Stars

Watchers

Forks

Languages