Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
franรงais
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
k
kind-librarian-59515
10/19/2022, 10:26 AM๐ Hello everyone, does k3s supports cosign / sigstore natively to "verify the signature of signed container images"?
As of kubernetes 1.25, this feature is native: k8s v1.25 sigstore cosign support - Verify Signed Container Images
However for k3s, I only see the support of k3s with connaisseur.
Where should I ask this?
๐ 2
c
creamy-pencil-82913
10/19/2022, 4:02 PMK3s is a CNCF certified Kubernetes distro. Anything built in to core Kubernetes and required for conformance will work on K3s.
๐ 1
Although I will note, this document is talking about signing of the K8s release artifacts, so it is not something that is built in to Kubernetes itself, rather it is part of the core Kubernetes software supply chain. We are not currently signing our release images or binaries.
๐ 1
You can absolutely deploy the sigstore admission controller though, It will work on any cluster to verify images used by your pods.
๐ 1
๐ 1
k
kind-librarian-59515
10/19/2022, 4:13 PMOkay great thank you @creamy-pencil-82913 ๐, I will try on k3s the HELM chart Sigstore Policy Controller Admission Controller.
Source : content/en/policy-controller/installation.md
And maybe I try connaisseur, but I imagine I prefer Sigstore over connaisseur since Sigstore seems to be the official upstream Kubernetes choice.