Workflows on Nirmata Documentationhttps://docs.nirmata.io/docs/control-hub/how-to/Recent content in Workflows on Nirmata DocumentationHugoenSun, 06 Apr 2025 00:00:00 +0000Image Verification using Nirmatahttps://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/Sun, 06 Apr 2025 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/<h2 id="table-of-contents">Table of Contents</h2> <ol> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#steps-for-image-verification">Steps for Image Verification</a></li> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#prerequisites">Prerequisites</a></li> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#sign-image-using-cosign">Sign Image using cosign</a></li> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#configure-kyverno-to-use-a-custom-certificate-for-imageregistry">Configure Kyverno to use a custom certificate for ImageRegistry (Optional)</a></li> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#verify-image-using-kyverno">Verify Image using Kyverno</a></li> </ol> <h2 id="steps-for-image-verification">Steps for Image Verification</h2> <p>Below are the steps to verify images before deployment to Kubernetes runtime environments:</p> <ol> <li>Deploy Enterprise Kyverno to the Workload cluster</li> <li>(Optional) If your local image registry uses a custom CA, configure Kyverno to use this custom CA for verifying locally hosted images</li> <li>Leverage cosign cli to sign the images. Ensure that the node where cosign is installed has the private CA added to its keystore</li> <li>Deploy the image verification Kyverno policy</li> <li>Confirm image verification based on policy pass/fail</li> </ol> <h2 id="prerequisites">Prerequisites</h2> <ul> <li>Install cosign: <a href="https://docs.sigstore.dev/cosign/system_config/installation/">Installation Guide</a></li> <li>(Optional) When using a local registry with a custom certificate authority (CA), retain the full certificate chain for use during configuration</li> </ul> <h2 id="sign-image-using-cosign">Sign Image using cosign</h2> <p>To sign your container images, you&rsquo;ll need to generate a key pair and use it to sign your images. This process ensures the authenticity and integrity of your container images.</p>