Built with Shell Operator
$ ./build.image.sh [repository:tag]
...cfssl is needed.
# Generate certs for
$ ./gen-certs.sh
...
# Store public keys into the secret.
$ kubectl create secret generic cosign-keys --from-file=cosign.pub
$ helm install cosign-validator .
...# If a namespace has a label like signed: "required", any pods without signature will be rejected.