OPA Notary Connector

Ensure Authenticity of Container Images.

The OPA connector ensures that all images are signed properly and prevents tampering in external storage services.

datacenter

Open Policy Agent

Flexible, fine-grained control for administrators across the stack


The Open Policy Agent (OPA, pronounced “oh-pa”) is an open-source, general-purpose policy engine that unifies policy enforcement across the stack.



OPA Notary Connector

Ensure Authenticity of Container Images


It glues together both pieces to create an admission/mutation Kubernetes webhook to check if a container image was signed (and trusted) by a platform administrator. If it is not trusted nor signed, Kubernetes API will refuse the execution of these requests.



Notary

Sign integrity of containers


Notary is a tool for publishing and managing trusted collections of content. Publishers can digitally sign collections and consumers can verify the integrity and origin of content. Request a demo or talk to our technical sales.