search

jimmidyson / configmap-reload

Simple binary to trigger a reload when a Kubernetes ConfigMap is updated
Apache License 2.0
986 stars 193 forks source link

Signed images #37

Open MrDienns opened 4 years ago

MrDienns commented 4 years ago

Proposal

Use case. Why is this important? Docker Content Trust allows us to verify if the images downloaded are indeed the images that jimmidyson/configmap-reload published. Security measures can be setup to only download signed images.

Is there any particular reason why signed images haven't been added, or is it simply a feature which hasn't been looked into yet?

https://docs.docker.com/engine/security/trust/content_trust/

lwille commented 4 years ago

Very much in favor of this suggestion!