Signing and Verifying Container Images With Sigstore Cosign and Kyverno

If we want to be certain that what we're running is what we built, we might need to sign container (Docker) images, as well as other types of artifacts. That's where Cosign jump in. Sigstore Cosign makes signatures invisible, especially if we combine it with Kyverno or other Kubernetes admission controller solutions.

#cosign #sigstore #kubernetes

Consider joining the channel: devopstoolkit

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬
➡  Gist with the commands: https://gist.github.com/d1bd7ab00d228...
🔗 Sigstore (Cosign): https://sigstore.dev
🎬 Kubernetes-Native Policy Management With Kyverno: Kubernetes-Native Policy Management W...
🎬 How To Replace Docker With nerdctl And Rancher Desktop: How To Replace Docker With nerdctl An...
🎬 Bitnami Sealed Secrets - How To Store Kubernetes Secrets In Git Repositories: Bitnami Sealed Secrets - How To Store...

▬▬▬▬▬▬ 💰 Sponsoships 💰 ▬▬▬▬▬▬
If you are interested in sponsoring this channel, please use https://calendly.com/vfarcic/meet to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬
➡  Twitter: Twitter: vfarcic
➡  LinkedIn: LinkedIn: viktorfarcic

▬▬▬▬▬▬ 🚀 Courses, books, and podcasts 🚀 ▬▬▬▬▬▬
📚 Books and courses: https://www.devopstoolkitseries.com
🎤 Podcast: https://www.devopsparadox.com/
💬 Live streams: devopsparadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬
00:00 Introduction To Sigstore Cosign
03:38 Client-Side Container Image Validation With Cosign
06:22 Enforce Usage Of Signed Container Images With Kyverno
09:47 Sign Container Images With Sigstore Cosign
11:51 It's Not Only About Container Images

• #science_technology
• #devops
• #devops_toolkit
• #review
• #tutorial
• #viktor_farcic
• #k8s
• #kubernetes
• #sign_container
• #sign_docker
• #sign_container_image
• #sign_docker_image
• #container_image
• #sign_artifact
• #sigstore
• #cosign
• #sigstore_cosign
• #container_signature
• #docker_signature
• #signature_verification
• #kubernetes_admission_controller
• #k8s_admission_controller
• #admission_controller
• #kyverno