v1.ImageSignature

Description

ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature’s content by the server. They serve just an informative purpose.

Object Schema

Expand or mouse-over a field for more information about it.

  1. apiVersion:
  2. conditions:
  3. - lastProbeTime:
  4.   lastTransitionTime:
  5.   message:
  6.   reason:
  7.   status:
  8.   type:
  9. content:
  10. created:
  11. imageIdentity:
  12. issuedBy:
  13.   commonName:
  14.   organization:
  15. issuedTo:
  16.   commonName:
  17.   organization:
  18.   publicKeyID:
  19. kind:
  20. metadata:
  21.   annotations:
  22.     [string]:
  23.   clusterName:
  24.   creationTimestamp:
  25.   deletionGracePeriodSeconds:
  26.   deletionTimestamp:
  27.   finalizers:
  28.   - [string]:
  29.   generateName:
  30.   generation:
  31.   initializers:
  32.     pending:
  33.     - name:
  34.     result:
  35.       apiVersion:
  36.       code:
  37.       details:
  38.         causes:
  39.         - field:
  40.           message:
  41.           reason:
  42.         group:
  43.         kind:
  44.         name:
  45.         retryAfterSeconds:
  46.         uid:
  47.       kind:
  48.       message:
  49.       metadata:
  50.         resourceVersion:
  51.         selfLink:
  52.       reason:
  53.       status:
  54.   labels:
  55.     [string]:
  56.   name:
  57.   namespace:
  58.   ownerReferences:
  59.   - apiVersion:
  60.     blockOwnerDeletion:
  61.     controller:
  62.     kind:
  63.     name:
  64.     uid:
  65.   resourceVersion:
  66.   selfLink:
  67.   uid:
  68. signedClaims:
  69.   [string]:
  70. type:

Operations

Create a ImageSignature

Create an ImageSignature

HTTP request

  1. POST /oapi/v1/imagesignatures HTTP/1.1
  2. Authorization: Bearer $TOKEN
  3. Accept: application/json
  4. Connection: close
  5. Content-Type: application/json'
  7. {
  8.   "kind": "ImageSignature",
  9.   "apiVersion": "v1",
  10.   ...
  11. }

Curl request

  1. $ curl -k \
  2.     -X POST \
  3.     -d @- \
  4.     -H "Authorization: Bearer $TOKEN" \
  5.     -H 'Accept: application/json' \
  6.     -H 'Content-Type: application/json' \
  7.     https://$ENDPOINT/oapi/v1/imagesignatures <<'EOF'
  8. {
  9.   "kind": "ImageSignature",
  10.   "apiVersion": "v1",
  11.   ...
  12. }
  13. EOF

HTTP body

ParameterSchema

body

v1.ImageSignature

Query parameters

ParameterDescription

pretty

If ‘true’, then the output is pretty printed.

Responses

HTTP CodeSchema

200 OK

v1.ImageSignature

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf

Delete a ImageSignature

Delete an ImageSignature

HTTP request

  1. DELETE /oapi/v1/imagesignatures/$NAME HTTP/1.1
  2. Authorization: Bearer $TOKEN
  3. Accept: application/json
  4. Connection: close

Curl request

  1. $ curl -k \
  2.     -X DELETE \
  3.     -H "Authorization: Bearer $TOKEN" \
  4.     -H 'Accept: application/json' \
  5.     https://$ENDPOINT/oapi/v1/imagesignatures/$NAME

Path parameters

ParameterDescription

name

name of the ImageSignature

Query parameters

ParameterDescription

pretty

If ‘true’, then the output is pretty printed.

Responses

HTTP CodeSchema

200 OK

v1.Status

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf