Install the Sigstore policy-controller using the official Helm chart; it installs a ValidatingWebhookConfiguration and its own CRDs for ClusterImagePolicy.
Create a ClusterImagePolicy CRD that matches an image glob pattern (e.g., ghcr.io/my-org/*) and specifies the required authorities: either a static public key or keyless authorities referencing the expected OIDC issuer and certificate identity.
Label the namespaces where you want policy enforcement with the label the policy-controller monitors (verify the exact label key in current policy-controller docs, as it may differ from older versions).
Test enforcement by attempting to deploy an unsigned image in a labeled namespace; the policy-controller webhook should deny the admission with a message indicating no matching signature was found.
Monitor policy-controller logs and metrics; admission latency increases when the controller contacts Rekor or Fulcio for keyless verification, so configure appropriate timeout and availability settings.
Known gotchas
The policy-controller webhook failure policy should be set carefully; FailClosed blocks all images if the controller is unavailable, while FailOpen allows images through — choose based on your availability and security tradeoffs.
Namespace labeling is required for the policy-controller to intercept admission requests; unlabeled namespaces receive no enforcement, which can lead to a false sense of security if namespaces are created without the label.
ClusterImagePolicy authorities using keyless verification must have accurate OIDC issuer and subject glob patterns; overly broad patterns (matching any subject from an issuer) defeat the purpose of identity-based enforcement.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp