Enforcing container image security in Container Registry by using Portieris
You can use Portieris to enforce image security policies in IBM Cloud® Container Registry.
Portieris is a Kubernetes admission controller that verifies your container images before you deploy them to your cluster in IBM Cloud Kubernetes Service.
You can use Portieris to enforce policies on image signatures. If an image doesn't meet your policy requirements, the resource that contains the pod is not deployed to your cluster.
Using Portieris to block the deployment of images with issues that are found by Vulnerability Advisor is deprecated.
If Portieris is deployed and the cluster workers are showing as working correctly, but nothing is scheduled, see Why don't my pods restart after my workers are down? for assistance.
Portieris is supported on Red Hat® OpenShift®.
Installing Portieris in your cluster
Install Portieris in your cluster.
To install Portieris in your IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud cluster, see Enabling image security enforcement in your cluster. If you use this installation, it is deployed and maintained for you and it runs in the control plane, which gives higher availability.
If you prefer to install Portieris directly, or you aren't using IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud, see Installing Portieris.
Portieris policies
Portieris has two types of policy. Image policy resources and cluster image policy resources. You can override the default Portieris policies.
For more information about Portieris policies, see Portieris policies.
Uninstalling Portieris
How to uninstall Portieris.