Image Signature Verification Admission Controller V2

In this post I will show you how you can deploy Connaisseur 2.0 to Image Signature Verification into a Kubernetes cluster.

Parst of the K8S Security series

What is Connaisseur?

Connaisseur is an admission controller for Kubernetes that integrates Image Signature Verification into a cluster, as a means to ensure that only valid images are being deployed.


Notary is an open source signing solution for containers based on The Update Framework Notary uses TUFs’ roles and key hierarchy for signing of the images. There are five keys to sign the metadata files which lists all filenames in the collection, their sizes and respective hashes.

apt install notary
docker pull alpine
docker tag alpine:latest devopstales/testimage:unsigned
docker push devopstales/testimage:unsigned
notary -s -d ~/.docker/trust init -p     
Root key found, using: 31579f2a034add499da6e799bc9260d08a15ab1804298218f05f78d97a669f77
Enter passphrase for root key with ID 31579f2: 
Enter passphrase for new targets key with ID 42e49c6: 
Repeat passphrase for new targets key with ID 42e49c6: 
Enter passphrase for new snapshot key with ID 399243c: 
Repeat passphrase for new snapshot key with ID 399243c: 
Enter username: devopstales
Enter password: 
Auto-publishing changes to
Enter username: devopstales
Enter password: 
Successfully published changes for repository

docker tag alpine:latest devopstales/testimage:signed
docker push devopstales/testimage:signed
$ find ~/.docker/trust/ | head
notary -s -d ~/.docker/trust list
NAME     DIGEST                                                              SIZE (BYTES)    ROLE
----     ------                                                              ------------    ----
signed    4661fb57f7890b9145907a1fe2555091d333ff3d28db86c3bb906f6a2be93c87    528             targets/devopstales

Install Connaisseur

# The installer use yq so we need to install it

wget -O /usr/bin/yq &&\
    chmod +x /usr/bin/yq
# generate the public root cert

cd ~/.docker/trust/private
sed '/^role:\sroot$/d' $(grep -iRl "role: root" .) > root-priv.key
openssl ec -in root-priv.key -pubout -out root-pub.pem
git clone
cd connaisseur
nano helm/values.yaml
# static validator that allows each image
- name: allow
  type: static
  approve: true
# pre-configured nv1 validator for public notary from Docker Hub
- name: dockerhub_basics
  type: notaryv1
    # public key for official docker images (
    # !if not needed feel free to remove the key!
  - name: docker_official
    key: |
      -----BEGIN PUBLIC KEY-----
      -----END PUBLIC KEY-----
  # public key securesystemsengineering repo including Connaisseur images
  # !this key is critical for Connaisseur!
  - name: securesystemsengineering_official
    key: |
      -----BEGIN PUBLIC KEY-----
      -----END PUBLIC KEY-----
    # public key securesystemsengineering repo including devopstales images
  - name: devopstales_official
    key: |
      -----BEGIN PUBLIC KEY-----
      -----END PUBLIC KEY-----

- pattern: "*:*"
- pattern: "*:*"
  validator: dockerhub_basics
    trust_root: docker_official
- pattern: "*:*"
  validator: allow
- pattern: "*:*"
  validator: dockerhub_basics
    trust_root: securesystemsengineering_official
- pattern: "*:*"
  validator: dockerhub_basics
    trust_root: devopstales_official

  • the default validator is used if no validator is specified in image policy
  • type: supported validators (e.g. “cosign” or “notaryv1”) notaryv2 is not yet supported
  • host: url of the notary server
  • key: the public part of the root key, for verifying notary’s signatures

Then deploy the helm chart. This can take a few minutes.

helm install connaisseur helm --atomic --create-namespace --namespace connaisseur
kubectl get all -n connaisseur
NAME                                          READY   STATUS    RESTARTS   AGE
pod/connaisseur-deployment-565d45bb74-ktbmb   1/1     Running   0          71s
pod/connaisseur-deployment-565d45bb74-pfghx   1/1     Running   0          71s
pod/connaisseur-deployment-565d45bb74-rcj44   1/1     Running   0          71s

NAME                      TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
service/connaisseur-svc   ClusterIP   <none>        443/TCP   71s

NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/connaisseur-deployment   3/3     3            3           71s

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/connaisseur-deployment-565d45bb74   3         3         3       71s

Test the Image Signature Verification

kubens default

kubectl run unsigned
Error from server: admission webhook "connaisseur-svc.connaisseur.svc" denied the request: Unable to find signed digest for image

kubectl run signed
pod/signed created

kubectl get po

Final words

Connaisseur is a grate tool and with the 2.0 it solved all of the 1.0’s shortcomings:

  • There is no option to whitelist images in a specific namespace.
  • Connaisseur supports only one Notary server
  • Connaisseur supports only one public key