https://rancher.com/ logo
Title
k

kind-librarian-59515

10/19/2022, 10:26 AM
๐Ÿ‘‹ Hello everyone, does k3s supports cosign / sigstore natively to "verify the signature of signed container images"? As of kubernetes 1.25, this feature is native: k8s v1.25 sigstore cosign support - Verify Signed Container Images However for k3s, I only see the support of k3s with connaisseur. Where should I ask this?
๐Ÿ‘€ 2
c

creamy-pencil-82913

10/19/2022, 4:02 PM
K3s is a CNCF certified Kubernetes distro. Anything built in to core Kubernetes and required for conformance will work on K3s.
๐Ÿ‘€ 1
Although I will note, this document is talking about signing of the K8s release artifacts, so it is not something that is built in to Kubernetes itself, rather it is part of the core Kubernetes software supply chain. We are not currently signing our release images or binaries.
๐Ÿ‘€ 1
You can absolutely deploy the sigstore admission controller though, It will work on any cluster to verify images used by your pods.
๐Ÿ™Œ 1
๐Ÿ‘€ 1
k

kind-librarian-59515

10/19/2022, 4:13 PM
Okay great thank you @creamy-pencil-82913 ๐Ÿ˜„, I will try on k3s the HELM chart Sigstore Policy Controller Admission Controller. Source : content/en/policy-controller/installation.md And maybe I try connaisseur, but I imagine I prefer Sigstore over connaisseur since Sigstore seems to be the official upstream Kubernetes choice.