Step-by-step guide to sign Images and enforce deploy-time validation on GKE using Container Analysis API and Kritis
Kubernetes Image Signingwith GCP Container Analysisand Kritis
This guide will show you how to sign your Images and setup GKE Kubernetes
Cluster to enforce deploy-time security policies using the Google Cloud
Container Analysis API and Kritis
Variables used in this document
${GCP_PROJECT} - GCP Project ID
${IMAGE_NAME} - Docker Image name
${IMAGE_TAG} - Docker Image tag
${IMAG
Deploy-time Policy Enforcer for Kubernetes applications
Kritis
[][BuildStatus Result]
Kritis (“judge” in Greek), is an open-source solution for securing your software supply chain for Kubernetes applications Kritis enforces deploy-time security policies using the Google Cloud Container Analysis API, and in a subsequent release, Grafeas
Here is an example Kritis policy, to prevent the deployment of Pod with a critica