Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Verify Kubernetes components with cosign #744

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

3u13r
Copy link
Member

@3u13r 3u13r commented Dec 7, 2022

Proposed change(s)

This is currently block until Kubernetes 1.26 is released, since it is the first version with signed binaries.

Checklist

@netlify
Copy link

netlify bot commented Dec 7, 2022

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit a708376
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/650adb518c02000008fbe56d

@datosh
Copy link
Contributor

datosh commented Dec 7, 2022

The sigstore/sigstore project can be used to programmatically check signatures.

We already depend on it in internal/sigstore/verify.go. Maybe you can use or adapt the code that is there?

@3u13r
Copy link
Member Author

3u13r commented Dec 7, 2022

The sigstore/sigstore project can be used to programmatically check signatures.

We already depend on it in internal/sigstore/verify.go. Maybe you can use or adapt the code that is there?

Thanks for the hint, I'll give it a try.

@malt3
Copy link
Contributor

malt3 commented Dec 12, 2022

This is now finalized: https://kubernetes.io/blog/2022/12/12/kubernetes-release-artifact-signing/

@3u13r 3u13r force-pushed the feat/verifyKubernetesComponentsSignatures branch 2 times, most recently from 3cfb158 to 5bf177b Compare December 13, 2022 15:35
@3u13r 3u13r added the blocked Blocked by an external cause label Dec 13, 2022
@3u13r 3u13r force-pushed the feat/verifyKubernetesComponentsSignatures branch from 5bf177b to 9e56163 Compare September 20, 2023 08:08
@3u13r 3u13r force-pushed the feat/verifyKubernetesComponentsSignatures branch from 9e56163 to a708376 Compare September 20, 2023 11:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked Blocked by an external cause
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants