generated from coulomb/repo-seed
1.2 KiB
1.2 KiB
Pattern: Signed Image Admission
Status: seed Readiness target: RL3 production Primary owners: Railiance platform, artifact-store, product repos Genesis family: Kubernetes and platform
Problem
Clusters cannot trust that an image came from reviewed source or an approved build unless admission verifies signature and provenance.
Context
Use this pattern for Kubernetes admission, container registries, artifact-store, release promotion, and supply-chain evidence.
Forces
- Developers need fast image builds.
- Production needs evidence of review and provenance.
- Not every image source is equally trusted.
- Emergency rollback must still use trusted artifacts.
Solution
Require production workloads to use signed images from approved registries. Admission verifies signature, digest, provenance, and policy before the workload runs.
Verification
- Unsigned images are rejected in production namespaces.
- Admission pins by digest or verifies immutable references.
- Signatures and provenance link to reviewed source and build identity.
- Emergency images follow the same trust policy.
Related Patterns
- Supply-Chain Provenance.
- Signed Container Images.
- SLSA Build Provenance.
- Policy-as-Code Admission Control.