The policy-controller project contains an admission controller for Kubernetes, which can be installed on your Kubernetes cluster in a form of a helm chart. If you run a private instance of Sigstore components, you can specify your own TUF root by mounting your TUF root.json file into the container (for example by mounting a Secret) and then pointing to it with –tuf-root argument as well as using –tuf-mirror argument to point to where the TUF mirror is.
