If we want to be certain that what we're running is what we built, we might need to sign container (Docker) images, as well as other types of artifacts. That's where Cosign jump in. Sigstore Cosign makes signatures invisible, especially if we combine it with Kyverno or other Kubernetes admission controller solutions. #cosign #sigstore #kubernetes Consider joining the channel: ▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Gist with the commands: 🔗 Sigstore (Cosign): 🎬 Kubernetes-Native Policy Management With Kyverno: 🎬 How To Replace Docker With nerdctl And Rancher Desktop: 🎬 Bitnami Sealed Secrets - How To Store Kubernetes Secrets In Git Repositories: ▬▬▬▬▬▬ 💰 Sponsoships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please use to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below). ▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: ➡ LinkedIn: ▬▬▬▬▬▬ 🚀 Courses, books, and podcasts 🚀 ▬▬▬▬▬▬ 📚 Books and courses: 🎤 Podcast: 💬 Live streams: ▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 Introduction To Sigstore Cosign 03:38 Client-Side Container Image Validation With Cosign 06:22 Enforce Usage Of Signed Container Images With Kyverno 09:47 Sign Container Images With Sigstore Cosign 11:51 It's Not Only About Container Images