POST /oapi/v1/imagesignatures HTTP/1.1 Authorization: Bearer $TOKEN Accept: application/json Connection: close Content-Type: application/json' { "kind": "ImageSignature", "apiVersion": "v1", ... }
ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature’s content by the server. They serve just an informative purpose.
Expand or mouse-over a field for more information about it.
apiVersion:conditions:
- lastProbeTime:lastTransitionTime:message:reason:status:type:content:created:imageIdentity:issuedBy:
commonName:organization:issuedTo:
commonName:organization:publicKeyID:kind:metadata:
annotations:
[string]:clusterName:creationTimestamp:deletionGracePeriodSeconds:deletionTimestamp:finalizers:
- [string]:generateName:generation:initializers:
pending:
- name:result:
apiVersion:code:details:
causes:
- field:message:reason:group:kind:name:retryAfterSeconds:uid:kind:message:metadata:
continue:resourceVersion:selfLink:reason:status:labels:
[string]:name:namespace:ownerReferences:
- apiVersion:blockOwnerDeletion:controller:kind:name:uid:resourceVersion:selfLink:uid:signedClaims:
[string]:type:
Create an ImageSignature
POST /oapi/v1/imagesignatures HTTP/1.1 Authorization: Bearer $TOKEN Accept: application/json Connection: close Content-Type: application/json' { "kind": "ImageSignature", "apiVersion": "v1", ... }
$ curl -k \ -X POST \ -d @- \ -H "Authorization: Bearer $TOKEN" \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ https://$ENDPOINT/oapi/v1/imagesignatures <<'EOF' { "kind": "ImageSignature", "apiVersion": "v1", ... } EOF
Delete an ImageSignature
DELETE /oapi/v1/imagesignatures/$NAME HTTP/1.1 Authorization: Bearer $TOKEN Accept: application/json Connection: close