Is it possible to configure a Kubernetes cluster to run only _signed_ images? I.e., if someone has replaced a Docker in registry is should not be accepted by cluster.
If you use cri-o as the runtime along with an openshift container registry, it will actually verify signatures at the runtime layer. In addition to crio, podman and anything based on containers/image supports this too.
Really that just means a registry that sends back a header indicating it supports signatures and serves up the right signature endpoints. It's shocking this isn't more common.
But if you just want to check signatures at the cluster's point of entry, you can use an admission controller to block the pods from being created with unsigned images.
The short answer is yes. There are multiple tools that let you do this.
My personal favorite tool for this is Kubewarden[1] because its policies are web assembly. There is a specific policy just for verifying signatures[2].
Being able to specify images by hash would be a simpler alternative.
Requiring signed images seems like an arbitrary place to require signatures, given that there's plenty of parts of kubernetes deployment configs that could be used to do damage and you need the whole thing authenticated. I guess a benefit of having signed images instead of content-addressed images is that they could be updated by a trusted person without needing to update any kubernetes deployments, but presumably you'd want to tell kubernetes to switch its running instances to the new images so that sounds like an incomplete solution.
