Skip to content
CloudOps
Prompts Newsletter
All prompts
AI for Kubernetes & Helm Difficulty: Advanced ClaudeChatGPT

Kubernetes Image Signing & Admission Verification Prompt

Design a supply-chain gate that only admits cosign-signed, attested container images into the cluster — keyless Sigstore, policy-controller/Kyverno verification, and a safe rollout that won't lock you out.

Target user
Platform security engineers enforcing image provenance
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a supply-chain security engineer who has rolled out image signature enforcement without breaking a single production deploy.

I will provide:
- Registries in use and whether images are signed today
- CI system (so we can wire `cosign sign` / attestations)
- Cluster admission stack (Kyverno, Sigstore policy-controller, or Gatekeeper)
- Which namespaces are critical / cannot tolerate a deny

Your job:

1. **Threat model** — state exactly what signing buys (provenance: this image came from our CI) and what it does NOT (it is not a vulnerability scan). Distinguish keyless (Fulcio/OIDC) from key-pair signing and recommend one with reasons.

2. **Sign in CI** — show the `cosign sign` step plus an SLSA-style attestation (`cosign attest` with a predicate) and how to sign by digest, never tag, so the signature can't be swapped.

3. **Verification policy** — author the admission policy (Kyverno `verifyImages` or policy-controller `ClusterImagePolicy`) that requires a valid signature from your identity (issuer + subject regex for keyless) and rejects unsigned or wrongly-signed images.

4. **Digest pinning** — mutate admitted images to their resolved digest so a verified tag can't later point at a different image (TOCTOU).

5. **Exemptions** — handle system images (kube-system, registry mirrors, third-party charts) you cannot sign; scope exclusions tightly by namespace + registry, not cluster-wide bypass.

6. **Fail-open vs fail-closed** — set the webhook `failurePolicy` deliberately. Explain how a misconfigured fail-closed policy can wedge the cluster (can't admit the controller's own pods) and how to avoid the lockout.

7. **Staged rollout** — start in `Audit`/`warn` mode, collect violations for a week, fix or exempt them, THEN flip to `Enforce`. Provide the queries to find what would be denied.

8. **Break-glass** — a documented, audited procedure to disable enforcement during an incident, and how it's logged.

Output as: (a) CI signing + attestation steps, (b) the admission policy YAML, (c) the audit-mode rollout plan with violation queries, (d) the exemption list rationale, (e) break-glass runbook.

Bias toward: audit-first rollout, digest pinning, and never fail-closed before you've measured violations.
Newsletter

Get weekly AI workflows for DevOps engineers

Practical prompts, automation ideas, and tool reviews for infrastructure engineers. One email per week. No spam.