Signing and verifying container images with Cosign and your own PKI In this post we are going to cover how we can sign and verify container images using Cosign and our own PKI. You can learn more on how to build your own PKI with CFSSL in this post. Warning The way we will see to sign and verify images in this post is not the recommended approach. For production usage, you should use ephemeral keys as described here....
Extending a VXLAN across nodes with Wireguard Virtualizing environments is something I do quite often in a day-to-day basis, usually, these environments live in different hypervisors. While I don’t always need these environments to talk to each other, from time to time I need some sort of connectivity between them. Getting the VMs running on these hypervisors routed through the lab network is one of the solutions I have been using for a long time....
Running Vault on Podman This post explains how to run a local Vault deployment on Podman for non-production use. I typically use this setup for my lab environments. This setup was tested with: Podman v4.7.2 Podman-compose v1.0.6 Vault v1.15.2 Prerequisites Install the vault client, you can get the binary for your O.S here. curl -L https://releases.hashicorp.com/vault/1.15.2/vault_1.15.2_linux_amd64.zip -o /tmp/vault.zip unzip /tmp/vault.zip && rm -f /tmp/vault.zip sudo mv vault /usr/local/bin/ Generate folder for storing the configs, data, and certs....
Integrating cert-manager with CFSSL Multirootca In a previous post we saw how we could run our own PKI using the CFSSL tooling. This post assumes you have read the previous one. The starting point is an empty Kubernetes cluster, we want to deploy cert-manager on it and on top of that we want to get it configured to issue certificates with our own PKI infrastructure running Multirootca. I’ll be using a Kubernetes v1....
PKI with CFSSL In this post we will learn how to deploy our own Public Key Infrastructure (PKI) by using the CFSSL tooling. This may be useful if you want to run your own Certificate Authority (CA) in order to issue certificates for your systems and/or users. Introduction to CFSSL CFSSL is a tool set created by Cloudflare and released as Open Source software. Before you continue reading this post I’d suggest reading this introductory post to PKI and CFSSL by Cloudflare....