constellation icon indicating copy to clipboard operation
constellation copied to clipboard
verified publisher icon edgelesssys

[WIP] Verify Kubernetes components with cosign

Open 3u13r opened this issue 3 years ago • 4 comments

Proposed change(s)

This is currently block until Kubernetes 1.26 is released, since it is the first version with signed binaries.

Checklist

3u13r avatar Dec 07 '22 12:12 3u13r

Deploy Preview for constellation-docs canceled.

Name Link
Latest commit a70837616d564665c2d7aadc1d224e8f4d4c8267
Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/650adb518c02000008fbe56d

netlify[bot] avatar Dec 07 '22 12:12 netlify[bot]

The sigstore/sigstore project can be used to programmatically check signatures.

We already depend on it in internal/sigstore/verify.go. Maybe you can use or adapt the code that is there?

datosh avatar Dec 07 '22 13:12 datosh

The sigstore/sigstore project can be used to programmatically check signatures.

We already depend on it in internal/sigstore/verify.go. Maybe you can use or adapt the code that is there?

Thanks for the hint, I'll give it a try.

3u13r avatar Dec 07 '22 23:12 3u13r

This is now finalized: https://kubernetes.io/blog/2022/12/12/kubernetes-release-artifact-signing/

malt3 avatar Dec 12 '22 10:12 malt3