The OPA connector ensures that all images are signed properly and prevents tampering in external storage services.
Open Policy Agent
Flexible, fine-grained control for administrators across the stack
The Open Policy Agent (OPA, pronounced “oh-pa”) is an open-source, general-purpose policy engine that unifies policy enforcement across the stack.
OPA Notary Connector
Ensure Authenticity of Container Images
It glues together both pieces to create an admission/mutation
Kubernetes webhook to check if a container image was signed (and trusted) by a platform administrator. If it is not
trusted nor signed, Kubernetes API will refuse the execution of these requests.
Sign integrity of containers
Notary is a tool for publishing and managing trusted collections of content. Publishers can digitally sign
collections and consumers can verify the integrity and origin of content. Request a demo or talk to our