Skip to content

docs: add cleanup and verify image examples to quick start guide#1795

Open
hudazaan wants to merge 6 commits intokyverno:mainfrom
hudazaan:add/cleanup-verify-quickstart
Open

docs: add cleanup and verify image examples to quick start guide#1795
hudazaan wants to merge 6 commits intokyverno:mainfrom
hudazaan:add/cleanup-verify-quickstart

Conversation

@hudazaan
Copy link
Contributor

@hudazaan hudazaan commented Jan 8, 2026

Description

This PR addresses issue #1665 by adding the missing cleanup and verify images rule type examples to the Quick Start Guide.

Proposed Changes

  • Added Cleanup Resources section

    • Demonstrates DeletingPolicy for removing bare pods on a schedule
    • Uses CEL expressions to match pods without owner references
    • Includes TTL label approach for immediate cleanup
    • Follows the same structure as existing quick start sections
  • Added Verify Images section

    • Demonstrates ImageValidatingPolicy with CEL and Cosign attestor
    • Shows how to block unsigned and incorrectly signed images
    • Uses verifyImageSignatures() CEL function for signature verification
    • Uses existing Kyverno test images for easy testing

Testing

Both examples have been tested locally:

  • DeletingPolicy successfully removes bare pods on schedule
  • TTL label cleanup works as expected
  • Signed images are allowed
  • Unsigned images are correctly blocked
  • Images signed with wrong key are correctly blocked

Related issue

Closes issue #1665

Checklist

  • I have read the contributing guidelines.
  • I have inspected the website preview for accuracy.
  • I have signed off my issue.
  • All examples have been manually tested in a local Kubernetes cluster and verified to work as documented

```yaml
kubectl create -f- << EOF
apiVersion: kyverno.io/v2
kind: ClusterCleanupPolicy
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use the new DeletingPolicy type instead.

```yaml
kubectl create -f- << EOF
apiVersion: kyverno.io/v1
kind: ClusterPolicy
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use the new ImageValidatingPolicy type instead.

…licies

Signed-off-by: hudazaan <naazhuda2000@gmail.com>
Signed-off-by: hudazaan <naazhuda2000@gmail.com>
Signed-off-by: hudazaan <naazhuda2000@gmail.com>
@hudazaan
Copy link
Contributor Author

hudazaan commented Feb 4, 2026

@JimBugwadia Please review it and let me know if this works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants