https://rancher.com/ logo
Title
a

astonishing-park-79642

01/26/2023, 11:31 AM
Hi! We're new to k3s, and hoping to be able to verify downloaded binaries (from https://github.com/k3s-io/k3s/releases and https://hub.docker.com/r/rancher/klipper-lb etc.) ideally via a detached GPG signature with a previously published/well-known GPG key from the k3s maintainers. I've looked over the docs/FAQ, github issues and searched slack so far. It it the case that no such signatures are available? Thank you for any thoughts on this!
c

careful-piano-35019

01/26/2023, 1:09 PM
Not signed yet
­čĹŹ 1
a

astonishing-park-79642

01/26/2023, 2:06 PM
Thanks for confirming. Do you happen to know if paying for commercial Rancher support (or anything else) changes that?
c

careful-piano-35019

01/26/2023, 4:14 PM
I'm not the best person to answer that, sorry I assume you're interested is somehow similar to what we're doing on Kubewarden => https://github.com/kubewarden/policy-server/releases
and there are many more on that topic actually
a

able-lawyer-59560

01/26/2023, 5:39 PM
@astonishing-park-79642 just building on here. With our Rancher Prime subscription, we will be looking at notarizing images to allow for source integrity to be maintained when selected for use by customers. TLDR, the subscription will allow you to get that.
a

astonishing-park-79642

01/27/2023, 5:19 PM
Many thanks both