Description

ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature’s content by the server. They serve just an informative purpose.

Object Schema

Expand or mouse-over a field for more information about it.

apiVersion:
conditions:
- lastProbeTime:
lastTransitionTime:
message:
reason:
status:
type:
content:
created:
imageIdentity:
issuedBy:
commonName:
organization:
issuedTo:
commonName:
organization:
publicKeyID:
kind:
metadata:
annotations:
[string]:
clusterName:
creationTimestamp:
deletionGracePeriodSeconds:
deletionTimestamp:
finalizers:
- [string]:
generateName:
generation:
initializers:
pending:
- name:
result:
apiVersion:
code:
details:
causes:
- field:
message:
reason:
group:
kind:
name:
retryAfterSeconds:
uid:
kind:
message:
metadata:
resourceVersion:
selfLink:
reason:
status:
labels:
[string]:
name:
namespace:
ownerReferences:
- apiVersion:
blockOwnerDeletion:
controller:
kind:
name:
uid:
resourceVersion:
selfLink:
uid:
signedClaims:
[string]:
type:

Operations

Create a ImageSignature

Create an ImageSignature

HTTP request

POST /apis/image.openshift.io/v1/imagesignatures HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'

{
  "kind": "ImageSignature",
  "apiVersion": "image.openshift.io/v1",
  ...
}

Curl request

$ curl -k \
    -X POST \
    -d @- \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    https://$ENDPOINT/apis/image.openshift.io/v1/imagesignatures <<'EOF'
{
  "kind": "ImageSignature",
  "apiVersion": "image.openshift.io/v1",
  ...
}
EOF

HTTP body

Parameter Schema

body

v1.ImageSignature

Query parameters

Parameter Description

pretty

If 'true', then the output is pretty printed.

Responses

HTTP Code Schema

200 OK

v1.ImageSignature

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf

Delete a ImageSignature

Delete an ImageSignature

HTTP request

DELETE /apis/image.openshift.io/v1/imagesignatures/$NAME HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close

Curl request

$ curl -k \
    -X DELETE \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    https://$ENDPOINT/apis/image.openshift.io/v1/imagesignatures/$NAME

Path parameters

Parameter Description

name

name of the ImageSignature

Query parameters

Parameter Description

pretty

If 'true', then the output is pretty printed.

Responses

HTTP Code Schema

200 OK

v1.Status

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf