feat: Kyverno + cosign image verification #150
Loading…
x
Reference in New Issue
Block a user
No description provided.
Delete Branch "feature/cosign-kyverno"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Deploy Kyverno admission controller with cosign image signature verification.
AI Code Review
Обзор PR: Kyverno + Cosign
🔴 Критические проблемы
10.10.10.1:3000.Failили мониторить failures.secret/k8s/keycloakв K8s Secret и монтировать в Kyverno.🟡 Проблемы надёжности
🟢 Хорошо
📋 Рекомендации перед мержом
allowInsecure: true→ явно указать CA или использоватьhttps://10.10.10.1:3000с валидным сертификатом.minAvailable: 1.webhookTimeoutSecondsдо 5–10 сек, изменитьfailurePolicyнаFailс monitoring.Статус: ❌ Не готово к merge. Требует 2–3 правок перед production.
Automated review by Claude Haiku | advisory, does not block merge