You are viewing docs for an older version of Buoyant Enterprise for Linkerd.
You may want the latest documentation instead.
Verifying signed artifacts
To verify the authenticity of BEL Docker images and Helm charts, use the following commands.
Prerequisites
Verify Docker images
for component in controller extension-init policy-controller proxy proxy-init; do
for suffix in "" -fips; do
image=ghcr.io/buoyantio/$component:enterprise-2.16.5$suffix
cosign verify $image \
--certificate-identity=https://github.com/BuoyantIO/enterprise-linkerd/.github/workflows/actions.yml@refs/tags/enterprise-2.16.5 \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
digest=$(crane digest $image)
cosign verify $image@$digest \
--certificate-identity=https://github.com/BuoyantIO/enterprise-linkerd/.github/workflows/actions.yml@refs/tags/enterprise-2.16.5 \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
done
done
Verify Helm charts
gpg --keyring ./bel.pubring.kbx --no-default-keyring \
--keyserver hkps://keys.openpgp.org \
--receive-keys '54A1FEAE3864F855F6724F03F09B21EC0428D8B8'
gpg --keyring ./bel.pubring.kbx --no-default-keyring \
--export --output ./bel.pubring.gpg \
'[email protected]'
helm repo add linkerd-buoyant https://helm.buoyant.cloud
helm repo update
helm pull --verify --keyring ./bel.pubring.gpg linkerd-buoyant/linkerd-enterprise-crds
helm pull --verify --keyring ./bel.pubring.gpg linkerd-buoyant/linkerd-enterprise-control-plane
helm pull --verify --keyring ./bel.pubring.gpg linkerd-buoyant/linkerd-enterprise-multicluster