Image Signature Validation

To enhance the security and integrity of Sisense, this feature enables you to validate Sisense images deployed in your environment. This ensures that the images are official, developed, and maintained by Sisense.

By default, this feature is disabled.

Enabling this option will perform an extra installation of the Kyverno Helm chart in your environment.

kyverno/charts/kyverno at main · kyverno/kyverno

Kyverno is used to scan container images in your environment and verify that they are signed by Sisense.

Important Note:

This feature is not supported for offline or air-gapped installations, as the validation process requires access to our official quay.io image repository.

Resource Usage Considerations

Enabling image signature validation may introduce a slight delay in the installation process due to the validation steps. Additionally, it will slightly increase resource consumption.

Performance Impact (based on internal testing):

Installation delay: A few extra minutes
CPU usage: Peaks at approximately 100 milliCPUs
Memory usage: Ranges between 50 MB and 128 MB

Enabling and Applying Image Signature Validation

To enable image signature validation, modify the configuration file as follows:

Copy

## Enable image signature validation - true/false
## When enabled, Kyverno will validate the signatures of all pods images in the 'sisense' namespace
## and in the 'monitoring' namespace (if enabled)
signature_validation: true

After making this change, proceed with your installation or update as usual.

Installation Log

During the installation process, the logs will indicate:

Kyverno installation confirmation
Application of ClusterPolicy rules for container image validation

By enabling this feature, you enhance security by ensuring that only verified Sisense images are deployed in your environment.