Linux, Containers and Open Source

Signing and verifying container images with Cosign and your own PKI

Signing and verifying container images with Cosign and your own PKI In this post we are going to cover how we can sign and verify container images using Cosign and our own PKI. You can learn more on how to build your own PKI with CFSSL in this post. Warning The way we will see to sign and verify images in this post is not the recommended approach. For production usage, you should use ephemeral keys as described here....

Published on April 25, 2024 · Last updated on May 3, 2024 · 9 min · Mario

Extending a VXLAN across nodes with Wireguard

Extending a VXLAN across nodes with Wireguard Virtualizing environments is something I do quite often in a day-to-day basis, usually, these environments live in different hypervisors. While I don’t always need these environments to talk to each other, from time to time I need some sort of connectivity between them. Getting the VMs running on these hypervisors routed through the lab network is one of the solutions I have been using for a long time....

Published on December 19, 2023 · Last updated on December 19, 2023 · 11 min · Mario

Running Vault on Podman

Running Vault on Podman This post explains how to run a local Vault deployment on Podman for non-production use. I typically use this setup for my lab environments. This setup was tested with: Podman v4.7.2 Podman-compose v1.0.6 Vault v1.15.2 Prerequisites Install the vault client, you can get the binary for your O.S here. curl -L https://releases.hashicorp.com/vault/1.15.2/vault_1.15.2_linux_amd64.zip -o /tmp/vault.zip unzip /tmp/vault.zip && rm -f /tmp/vault.zip sudo mv vault /usr/local/bin/ Generate folder for storing the configs, data, and certs....

Published on November 14, 2023 · Last updated on November 14, 2023 · 3 min · Mario

Integrating cert-manager with CFSSL Multirootca

Integrating cert-manager with CFSSL Multirootca In a previous post we saw how we could run our own PKI using the CFSSL tooling. This post assumes you have read the previous one. The starting point is an empty Kubernetes cluster, we want to deploy cert-manager on it and on top of that we want to get it configured to issue certificates with our own PKI infrastructure running Multirootca. I’ll be using a Kubernetes v1....

Published on August 10, 2023 · Last updated on August 10, 2023 · 4 min · Mario

PKI with CFSSL

PKI with CFSSL In this post we will learn how to deploy our own Public Key Infrastructure (PKI) by using the CFSSL tooling. This may be useful if you want to run your own Certificate Authority (CA) in order to issue certificates for your systems and/or users. Introduction to CFSSL CFSSL is a tool set created by Cloudflare and released as Open Source software. Before you continue reading this post I’d suggest reading this introductory post to PKI and CFSSL by Cloudflare....

Published on August 9, 2023 · Last updated on August 9, 2023 · 9 min · Mario