Verify Container Signatures Without Admission Controller
In a recent blog post from the Kubernetes blog , the author wrote about an exciting update that will change how we handle container security. Today, many platform engineers deploy an admission controller to verify the signature of a container. Now, with the release of CRI-O version 1.28 it is possible to do the signature verification directly in the container runtime. No more relying solely on admission controllers to prevent unsigned images from being deployed in your Kubernetes cluster....