Chip Zoller
Chip Zoller
In searching for a new theme for a site, the first three rows (presently) have two themes that haven't seen an update in over a year while several which have...
The online documentation, for each resource, has main headings and sub-headings for related sub-topics. It would be nice to preserve this same hierarchy in these offline docs if at all...
### Kyverno Version 1.7.x ### Kubernetes Version 1.23.x ### Kubernetes Platform K3d ### Description The [Verify Images with Multiple Keys](https://main.kyverno.io/policies/other/verify_image_with_multi_keys/) policy, as it's written currently, doesn't work and from my...
### Problem Statement GCPKMS verification doesn't seem to work in Kyverno 1.7.2, and owing to the breaking changes in Cosign which forced us to adopt 1.9.0 internally, earlier versions of...
### Kyverno Version 1.6.x ### Kubernetes Version 1.23.x ### Kubernetes Platform EKS ### Description Tests were failing from PRs sent to kyverno/kyverno `main` which tested against kyverno/policies `main` on one...
Per prior agreement, add new annotations to policies which list the tested version of Kubernetes and Kyverno.
Create a sample policy to [advertise extended resources](https://kubernetes.io/docs/tasks/administer-cluster/extended-resource-node/) for new nodes.
**Description** In keyless mode with Cosign 1.9, an attestation that is attached to a container image using `cosign attach attestation` is not returned in a `cosign verify-attestations` command with others...
**Description** Currently, cosign is not able to leverage the existing trust established by container runtime engines such as Docker or Containerd against private registries signed with an internally-trusted certificate authority....
Most of the examples I've seen for achieving SLSA 3 involve cosign's [keyless signing](https://github.com/sigstore/cosign/blob/main/KEYLESS.md) ability. While this is handy, involves managing no keys manually, and can result in better security,...