EKS support for signing containers with SHA (via ECR) #534
Comments
|
Related to #43 |
|
There are a few open source options for this now. We outlined one here: https://blog.chainguard.dev/cosigned-up-and-running-on-eks/ Kyverno also supports this, and there's an experimental data provider in OPA gatekeeper, that all work with EKS and ECR. https://kyverno.io/docs/writing-policies/verify-images/ https://github.com/developer-guy/container-image-sign-and-verify-with-cosign-and-opa |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tell us about your request
EKS support for Image signing with SHA hash (via ECR) like is supported here
https://aws.amazon.com/about-aws/whats-new/2019/10/amazon-ecs-now-supports-ecs-image-sha-tracking/
Which service(s) is this request for?
this is for EKS this capability exists already in ECR (for ECS)
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
trying to make sure only signed images are run on the EKS cluster.
signed from the specific CICD build/deploy process
Are you currently working around this issue?
I do not yet have a workaround, was hoping for a generic pattern.
Additional context
this could possibly be done via open policy agent.
https://github.com/open-policy-agent/opa
The text was updated successfully, but these errors were encountered: