Skip to search

ImageConfig

pkg.crossplane.io / v1beta1

apiVersion: pkg.crossplane.io/v1beta1 kind: ImageConfig metadata: name: example
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object
ImageConfigSpec contains the configuration for matching images.
matchImages []object required
MatchImages is a list of image matching rules. This ImageConfig will match an image if any one of these rules is satisfied. In the case where multiple ImageConfigs match an image for a given purpose the one with the most specific match will be used. If multiple rules of equal specificity match an arbitrary one will be selected.
prefix string required
Prefix is the prefix that should be matched. When multiple prefix rules match an image path, the longest one takes precedence.
type string
Type is the type of match.
enum: Prefix
registry object
Registry is the configuration for the registry.
authentication object
Authentication is the authentication information for the registry.
pullSecretRef object required
PullSecretRef is a reference to a secret that contains the credentials for the registry.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
rewriteImage object
RewriteImage defines how a matched image's path should be rewritten.
prefix string required
Prefix is the prefix that will replace the portion of the image's path matched by the prefix in the ImageMatch. If multiple prefixes matched, the longest one will be replaced.
runtime object
Runtime allows configuration of runtime options for the image.
configRef object
ConfigReference references a RuntimeConfig resource that will be used to configure the package runtime.
apiVersion string
API version of the referent.
kind string
Kind of the referent.
name string required
Name of the RuntimeConfig.
verification object
Verification contains the configuration for verifying the image.
cosign object
Cosign is the configuration for verifying the image using cosign.
authorities []object required
Authorities defines the rules for discovering and validating signatures.
attestations []object
Attestations is a list of individual attestations for this authority, once the signature for this authority has been verified.
name string required
Name of the attestation.
predicateType string required
PredicateType defines which predicate type to verify. Matches cosign verify-attestation options.
key object
Key defines the type of key to validate the image.
hashAlgorithm string required
HashAlgorithm always defaults to sha256 if the algorithm hasn't been explicitly set
secretRef object required
SecretRef sets a reference to a secret with the key.
key string required
The key to select.
name string required
Name of the secret.
keyless object
Keyless sets the configuration to verify the authority against a Fulcio instance.
identities []object required
Identities sets a list of identities.
issuer string
Issuer defines the issuer for this identity.
issuerRegExp string
IssuerRegExp specifies a regular expression to match the issuer for this identity. This has precedence over the Issuer field.
subject string
Subject defines the subject for this identity.
subjectRegExp string
SubjectRegExp specifies a regular expression to match the subject for this identity. This has precedence over the Subject field.
insecureIgnoreSCT boolean
InsecureIgnoreSCT omits verifying if a certificate contains an embedded SCT
name string required
Name is the name for this authority.
provider string required
Provider is the provider that should be used to verify the image.
enum: Cosign

No matches. Try .spec.matchImages for an exact path