Verification at admission

The last gate: unsigned means unscheduled.

Advanced14 min · lesson 13 of 18

Everything so far produces evidence — signed commits, provenance, SBOMs, signatures, scan attestations. Verification is where that evidence finally does something: the last gate before an artifact runs refuses anything that does not carry the evidence you require. In Kubernetes this gate is admission control — a policy engine intercepts every pod create and checks the image against your rules before it is ever scheduled. Unsigned, unattested, or wrong-identity means unscheduled. This is the step that turns the whole chain from documentation into enforcement.

The last gate: admission verification
1pod create
someone deploys an image
2admission webhook
policy engine intercepts
3verify
signature + identity + attestations
4allow / deny
no evidence = rejected
This is the one place that enforces the chain. Signing/attesting produce evidence; admission is what refuses to run without it.

Verify identity and attestations, not just presence

A meaningful admission policy checks more than "is it signed." It verifies the signature was made by the exact identity you expect (your CI’s OIDC identity and issuer), that the required attestations are present and valid (provenance from your builder, a passing scan attestation, maybe a minimum SLSA level), and that the image comes from a registry you trust. Each of those is a separate assertion, and skipping any leaves a hole — a signature check alone lets an attacker sign their own image and pass.

verify-images (Kyverno)
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata: { name: require-signed-provenance }
spec:
validationFailureAction: Enforce # deny, not just warn
rules:
- name: verify-signature-and-provenance
match: { any: [{ resources: { kinds: [Pod] } }] }
verifyImages:
- imageReferences: ["registry.acme.internal/*"]
attestors:
- entries:
- keyless:
issuer: "https://gitlab.acme.internal"
subject: "https://gitlab.acme.internal/acme/*"
attestations:
- type: https://slsa.dev/provenance/v1 # require provenance, not just a signature
Enforce, and stage the rollout
Set the policy to Enforce (deny) or it only warns while unsigned images keep running — Audit mode is for the rollout period, not the destination. But flip to Enforce carefully: run in Audit first to find the workloads that would break, fix or exempt them (system namespaces, third-party images you cannot sign), then enforce. A verification policy that blocks the whole cluster on day one gets rolled back; one staged in gradually sticks.