v1.ImageSignature
Description
ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature’s content by the server. They serve just an informative purpose.
Object Schema
Expand or mouse-over a field for more information about it.
apiVersion:conditions:
- lastProbeTime:lastTransitionTime:message:reason:status:type:content:created:imageIdentity:issuedBy:
commonName:organization:issuedTo:
commonName:organization:publicKeyID:kind:metadata:
annotations:
[string]:clusterName:creationTimestamp:deletionGracePeriodSeconds:deletionTimestamp:finalizers:
- [string]:generateName:generation:initializers:
pending:
- name:result:
apiVersion:code:details:
causes:
- field:message:reason:group:kind:name:retryAfterSeconds:uid:kind:message:metadata:
continue:resourceVersion:selfLink:reason:status:labels:
[string]:name:namespace:ownerReferences:
- apiVersion:blockOwnerDeletion:controller:kind:name:uid:resourceVersion:selfLink:uid:signedClaims:
[string]:type:
Operations
Create a ImageSignature
Create an ImageSignature
HTTP request
POST /apis/image.openshift.io/v1/imagesignatures HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'
{
"kind": "ImageSignature",
"apiVersion": "image.openshift.io/v1",
...
}
Curl request
$ curl -k \
-X POST \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
https://$ENDPOINT/apis/image.openshift.io/v1/imagesignatures <<'EOF'
{
"kind": "ImageSignature",
"apiVersion": "image.openshift.io/v1",
...
}
EOF
Delete a ImageSignature
Delete an ImageSignature
HTTP request
DELETE /apis/image.openshift.io/v1/imagesignatures/$NAME HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'
{
...
}
Curl request
$ curl -k \
-X DELETE \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
https://$ENDPOINT/apis/image.openshift.io/v1/imagesignatures/$NAME <<'EOF'
{
...
}
EOF
Query parameters
| Parameter | Description |
|---|---|
gracePeriodSeconds |
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. |
orphanDependents |
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both. |
pretty |
If 'true', then the output is pretty printed. |
propagationPolicy |
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. |