Image Promotion Policies
Definition
Image Promotion Policies are a set of rules and procedures that govern the movement of container images from one stage of the software development lifecycle to another, such as from development to testing or production. These policies ensure that only verified, secure, and compliant images are promoted, reducing the risk of deploying vulnerable or unauthorized images in production environments. They typically involve checks for vulnerabilities, compliance with organizational standards, and verification of image signatures.
Secure Settings Example
apiVersion: imagepolicy.k8s.io/v1alpha1
kind: ImagePolicy
metadata:
name: secure-image-promotion
spec:
rules:
- name: "Check for Vulnerabilities"
match:
- pattern: "registry.example.com/production/*"
verify:
- type: "vulnerabilityScan"
minimumSeverity: "medium"
- name: "Verify Image Signature"
match:
- pattern: "registry.example.com/production/*"
verify:
- type: "signature"
key: "trusted-public-key"
Insecure Settings Example
apiVersion: imagepolicy.k8s.io/v1alpha1
kind: ImagePolicy
metadata:
name: insecure-image-promotion
spec:
rules:
- name: "Allow All Images"
match:
- pattern: "*"
verify:
- type: "none"