The Airlock Microgateway images are signed using Cosign, which can be verified easily by running the following command.
copy
cosign verify --key https://raw.githubusercontent.com/airlock/microgateway/main/cosign/cosign.pub <image-reference>
List of images:
- Microgateway Operator – quay.io/airlock/microgateway-operator
- Microgateway CNI plugin – quay.io/airlock/microgateway-cni
- Microgateway Engine – quay.io/airlock/microgateway-engine
Verifying the image signature with the cosign.pub key can be automated by a policy controller such as sigstore policy-controller, Kyverno, or Connaisseur.