Skip to content

kustomizer

kustomizer inspect artifact

stefanprodan/kustomizer

Inspect

kustomizer inspect artifact

Inspect downloads the specified OCI artifact and prints a report of its content.

Synopsis

The inspect command downloads the specified OCI artifact and prints the artifact metadata, lists the Kubernetes objects and the container image references. For private registries, the inspect command uses the credentials from '~/.docker/config.json'.

kustomizer inspect artifact [flags]

Examples

 kustomizer inspect artifact <oci url>

  # Inspect an OCI artifact
  kustomizer inspect artifact oci://docker.io/user/repo:latest

  # Verify artifact with cosign public key
  kustomizer inspect artifact oci://docker.io/user/repo:v1.0.0 --verify --cosign-key ./keys/cosign.pub

  # Verify artifact signed with cosign and GitHub OIDC
  kustomizer inspect artifact oci://docker.io/user/repo:v1.0.0 --verify

  # List only the container images references
  kustomizer inspect artifact oci://docker.io/user/repo:v1.0 --container-images

Options

      --age-identities string   Path to a file containing one or more age identities (private keys generated by age-keygen).
      --container-images        List only the container images referenced in the Kubernetes manifests.
      --cosign-key string       Path to the consign public key file, KMS URI or Kubernetes Secret. When not specified, cosign will try to verify the signature using Rekor.
  -h, --help                    help for artifact
      --verify                  Verify the artifact signature with cosign.

Options inherited from parent commands

      --as string                      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --as-uid string                  UID to impersonate for the operation.
      --cache-dir string               Default cache directory (default "/home/runner/.kube/cache")
      --certificate-authority string   Path to a cert file for the certificate authority
      --client-certificate string      Path to a client certificate file for TLS
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
  -n, --namespace string               The inventory namespace. (default "default")
  -s, --server string                  The address and port of the Kubernetes API server
      --timeout duration               The length of time to wait before giving up on the current operation. (default 1m0s)
      --tls-server-name string         Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use

SEE ALSO

kustomizer inspect - Inspect artifacts and inventories.