A question about deploying signed and non-signed images combined with glob pattern

[gals-ma]

Question

Hello Guys,

Is there a way to achieve the following flow-

Background: We are a company who has all images in one private AWS ECR.
In general, we have 2 types of images that we deploy-

Infrastructure related images (K8S components such as monitoring agents, etc..)- Deployed on various Namespaces.
Services images (All our micro-services) - Deployed only on a specific Namespace
We want to achieve the following Image Policy-

To summarized, we need all namespaces to be enforced with policy-controller-

• Namespace of Services images must be deployed with signature validation + image glob validation.
• Namespace of Infrastructure related images are deployed without signature validation + image glob validation.
  The image glob pattern is the same for both 1+2.

Is there a way to achieve that with Policy-controller?

Thank you!

[hectorj2f]

For context sharing, we initially started discussing options here sigstore/helm-charts#476. So we moved this issue here :) .