Verify Signed Artifacts in Kubernetes

Kubernetes publishes cryptographically signed artifacts to guarantee integrity. You can verify binaries, tarballs, SPDX metadata and container images. This guide uses cosign’s keyless signing. You will learn step-by-step commands, diagrams and best practices.

TL;DR

• Install cosign, curl and jq before you begin.
• Retrieve binary and its .sig and .keyless.json for verification.
• Use cosign to verify tarballs, SPDX metadata and container images.
• Implement policy checks in CI pipelines for enforceable security.
• Audit verification logs and rotate keys via sigstore record services.

Verify Signed Artifacts Overview

Kubernetes v1.26 introduced beta for verifying signed artifacts. It uses cosign’s keyless signing with ephemeral key pairs bound to OIDC identities. You fetch the artifact URL plus its signature and certificate bundle. Then cosign validates the chain trust against Sigstore’s root certificate. A successful run confirms the artifact origin and integrity.

Prerequisites for Artifact Verification

Install these tools on your admin host:

• cosign 1.14.1 or later
• curl (usually in OS repos)
• jq (download from stedolan.github.io)

Export environment values for your artifacts. Example:

export URL=https://dl.k8s.io/release/v1.33.0/bin/linux/amd64
export BINARY=kubectl
FILES=("$BINARY" "$BINARY.sig" "$BINARY.keyless.json")

Verify Signed Artifacts for Binaries

This step verifies standalone binaries like kubectl or kubelet.

# Download binary and signature files
for FILE in "${FILES[@]}"; do
  curl -LO "${URL}/$FILE"
done

# Verify signature
cosign verify-blob \
  --keyless \
  --output json \
  --signature "$BINARY.sig" \
  --cert "$BINARY.keyless.json" \
  "$BINARY" | jq .

cosign outputs a JSON object with the signer identity and timestamp. A non-zero exit code indicates a mismatch or tampering. This process runs in seconds and requires no manual trust setup.

Verify Signed Artifacts in Tarballs

Kubernetes tarballs contain binaries, license files and configs. The signing process covers the entire archive.

# Set tarball URL and files
export TAR=v1.33.0.tar.gz
tarball_url=https://dl.k8s.io/release/${TAR}

curl -LO $tarball_url
curl -LO ${tarball_url}.sig
curl -LO ${tarball_url}.keyless.json

# Verify entire archive
cosign verify-blob \
  --keyless \
  --signature ${TAR}.sig \
  --cert ${TAR}.keyless.json \
  ${TAR} | jq .

If cosign returns a successful status, you trust every file inside. You can then extract and install binaries without extra checks. This protects against archive-level tampering.

Verify Signed Artifacts for SPDX Files

SPDX SBOM files document software composition and license data. Kubernetes signs these SBOMs too.

# Download SPDX SBOM and signature
curl -LO https://dl.k8s.io/v1.33.0/kubernetes-spdx.json
curl -LO https://dl.k8s.io/v1.33.0/kubernetes-spdx.json.sig
curl -LO https://dl.k8s.io/v1.33.0/kubernetes-spdx.json.keyless.json

# Verify SBOM signature
echo "Verifying SPDX SBOM"
cosign verify-blob \
  --keyless \
  --signature kubernetes-spdx.json.sig \
  --cert kubernetes-spdx.json.keyless.json \
  kubernetes-spdx.json | jq .

This check ensures SBOM integrity. Teams can automate compliance workflows by rejecting unsigned or altered SBOMs in pipelines.

Verify Signed Artifacts for Container Images

Kubernetes container images live in OCI registries. cosign adds signature attachments following OCI distribution spec.

# Example image
IMAGE=registry.k8s.io/kube-apiserver:v1.33.0

# Verify container signature
cosign verify \
  --keyless \
  $IMAGE | tee verification_output.json

# Inspect output fields
jq .verification_output.json

cosign pulls signature layers named like .sig and .keyless.json. It resolves trust via Sigstore’s transparency log. The tool reports the identity that signed the image and the timestamp. Use --certificate-identity to assert specific issuer values.

Cosign Keyless Workflow

cosign keyless uses OpenID Connect to acquire an ephemeral key pair. It signs the artifact then stores the public key in Sigstore’s transparency log. On verification, cosign fetches the public key and certificate chain. It validates the chain root against cosign.pub trust anchor. No local key management needed.

Best Practices and Troubleshooting

• Pin cosign version in CI pipelines to avoid signature schema drift.
• Cache Sigstore root certificate (cosign.pub) in a secure store.
• Use --certificate-oidc-issuer to restrict valid issuers.
• Monitor transparency log metrics for latency and failures.
• If cosign network calls fail, verify firewall and DNS for sigstore.dev.

References

• Code signing and transparency for containers and binaries
• Verify Signed Kubernetes Artifacts
• Open Container Initiative Distribution Specification

Suggested Reading

• Install kubectl for interacting with k8s: A Quick Guide
• Download SSL Certificates from Website for Local Verification
• Image Volumes graduate to beta in Kubernetes v1.33!
• How to Update Your App in Kubernetes
• Change where Kafka Server logs are stored

PostHashID: a359fca14915a3b848435254c6bd5ed236a4e534ff22f53fbcbdf4230684d25d