FluxCD deployment of only signed images on EKS

Question

FluxCD deployment of only signed images on EKS

coder-2001 opened this issue a year ago · 1 comments

coder-2001 commented a year ago

Hi
I am triggering a pipeline and there is buildspec file which contains image build command and also after build and image is pushed to ecr and also with help of AWS Signer and platform type "notation " the image is getting signed and stored in ECR. Now The deployment is done with FLUXCD and image is deployed on EKS but all the images are deployed whether they are signed or not. And there is Gatekeeper and ratify in EKS for validating the image but flux deploy all the images. So, I need help in how I can modify or setup flux so that it check and deploy only the signed image stored in ECR not every image with the tag specified in image policy.
So can you help me regarding this issue?

Hope I give all details and if any more information is required please let me know.

Answer 1 · 2023-12-12T17:01:08.000Z

I'm not 100% sure what you are looking for so I'll write what I understand from your message. Please correct me if I'm wrong: You are asking for a way to configure an ImageUpdateAutomation so that Flux verifies the signature of an image before it creates the commit updating the image. Is that correct?