Description

ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature’s content by the server. They serve just an informative purpose.

Object Schema

Expand or mouse-over a field for more information about it.

apiVersion:
conditions:
- lastProbeTime:
lastTransitionTime:
message:
reason:
status:
type:
content:
created:
imageIdentity:
issuedBy:
commonName:
organization:
issuedTo:
commonName:
organization:
publicKeyID:
kind:
metadata:
annotations:
[string]:
clusterName:
creationTimestamp:
deletionGracePeriodSeconds:
deletionTimestamp:
finalizers:
- [string]:
generateName:
generation:
initializers:
pending:
- name:
result:
apiVersion:
code:
details:
causes:
- field:
message:
reason:
group:
kind:
name:
retryAfterSeconds:
uid:
kind:
message:
metadata:
continue:
resourceVersion:
selfLink:
reason:
status:
labels:
[string]:
name:
namespace:
ownerReferences:
- apiVersion:
blockOwnerDeletion:
controller:
kind:
name:
uid:
resourceVersion:
selfLink:
uid:
signedClaims:
[string]:
type:

Operations

Create a ImageSignature

Create an ImageSignature

HTTP request

POST /apis/image.openshift.io/v1/imagesignatures HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'

{
  "kind": "ImageSignature",
  "apiVersion": "image.openshift.io/v1",
  ...
}

Curl request

$ curl -k \
    -X POST \
    -d @- \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    https://$ENDPOINT/apis/image.openshift.io/v1/imagesignatures <<'EOF'
{
  "kind": "ImageSignature",
  "apiVersion": "image.openshift.io/v1",
  ...
}
EOF

HTTP body

Parameter Schema

body

v1.ImageSignature

Query parameters

Parameter Description

pretty

If 'true', then the output is pretty printed.

Responses

HTTP Code Schema

200 OK

v1.ImageSignature

201 Created

v1.ImageSignature

202 Accepted

v1.ImageSignature

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf

Delete a ImageSignature

Delete an ImageSignature

HTTP request

DELETE /apis/image.openshift.io/v1/imagesignatures/$NAME HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'

{
  ...
}

Curl request

$ curl -k \
    -X DELETE \
    -d @- \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    https://$ENDPOINT/apis/image.openshift.io/v1/imagesignatures/$NAME <<'EOF'
{
  ...
}
EOF

HTTP body

Parameter Schema

body

v1.DeleteOptions

Path parameters

Parameter Description

name

name of the ImageSignature

Query parameters

Parameter Description

gracePeriodSeconds

The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.

orphanDependents

Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.

pretty

If 'true', then the output is pretty printed.

propagationPolicy

Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Responses

HTTP Code Schema

200 OK

v1.Status

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf