🔐Enforcing image provenance in Kubernetes using Cosign + Sigstore + Kyverno

What if your Kubernetes cluster simply refused to run unsigned images? I spent some time experimenting with enforcing image provenance in a small Kubernetes setup using MicroK8s. The idea was simple: Only container images with valid cryptographic signatures are allowed to run in the cluster. For this I used: GitLab CI/CD (build + signing pipeline) Cosign / Sigstore (image signing) Kyverno (admission control) MicroK8s (local cluster) Repo: https://github.com/trottomv/microk8s-cosign-kyverno Why t