Does connaisseur allow configuration to only mutate spec to image digest from tag and not verify signature

[mathuvenkat]

When downloading images from k8s.gcr.io, we do not have public key to validate them or the images might not be signed, but by mutating tag to digest, we can have the container runtime will automatically verify hash.
Is there any way to allow this in connaisseur or does it automatically do this ?

Eg: for a pattern that is set in validators, it mutates tag to digest
kind: Pod
spec:
containers:

• image: @sha256:

But if for eg validators is set to allow, it does not do the mutation. Is there any way we can achieve this ?

• pattern: "k8s.gcr.io/:"
  validator: allow

kind: Pod
spec:
containers:

• image: k8s.gcr.io/busybox
  imagePullPolicy: Always
  name: busybox

[xopham]

@mathuvenkat thanks for the great question!
If I understand you correctly, you are wondering whether it is possible to have Connaisseur translate tags to digests, even if there is no signature. That is currently not possible. In essence, Connaisseur admits images by identifying a signed digest and then sets this digest as the image reference in exchange for the tag. This provides a verified digest that is then confirmed by the kubernetes container runtime as consistent with the image, as described in the docs.

However, the natural question arises: Should Connaisseur implement another static validator that allows converting tags to digests?
Here, I am not yet entirely sure of the security and usability implications of such a validator. Still, I think the idea is intriguing.

Could you share your thoughts on why this would be advantageous and which improvements you see in your use case?
Maybe, @phbelitz and @Starkteetje could also share their thoughts on this.

[mathuvenkat]

thanks @xopham. I was thinking of a case where we want to verify signatures of the images we own/publish, but for certain other images we pull from docker or gcr.io, if they are not signed, we can rely on the container runtime to at-least verify hash, if the image are referenced by hash and coverted to digest by the admission webhook. From security point of view, there might not be a benefit here other than protecting change to image between time of admission -> time of use.
https://github.com/google/k8s-digester -> for certain cases like google cloud binary authorization its mandatory to use digests to leverage that.

[xopham]

@mathuvenkat I think this could be picked up as a new static validator in Connaisseur. Feel free to create an issue for this