CloudBees CI on modern cloud platforms uses Docker containers to run a cluster of computers within the Kubernetes container management system.
CloudBees CI on modern cloud platforms includes the following Docker containers:
-
cloudbees-cloud-core-oc
: Operations center -
cloudbees-core-mm
: Managed controller
In a standard installation, the CloudBees Helm chart pulls the CloudBees CI cloudbees-cloud-core-oc
and cloudbees-core-mm
images from the public Docker Hub repository.
The CloudBees CI Docker images are signed, so that you can verify their origin and authenticity. Verifying the origin and authenticity of public Docker images is an optional step in the installation process. It can help ensure that you are not the victim of a "man-in-the-middle" attack or other types of image tampering.
You should verify the signatures before you run the Docker images. If you have an internal Docker registry that pulls images to use internally, you can verify the images at that time.
In order to verify the CloudBees CI Docker images, you must download Cosign verification software. Cosign is a component of the Sigstore solution, a collection of projects designed to make software signatures easier.
For versions 2.440.3.7 and earlier, use Cosign 1.x to verify signed Docker images. For all other versions, use either Cosign 1.x or Cosign 2.x.
To verify the authenticity of CloudBees CI Docker images, type one of the following commands:
-
To verify the operations center image for version 2.479.1.3, type:
cosign verify --key https://cdn.cloudbees.com/keyring/cloudbees.pub cloudbees/cloudbees-cloud-core-oc:2.479.1.3
-
To verify the managed controller image for version 2.479.1.3 type:
cosign verify --key https://cdn.cloudbees.com/keyring/cloudbees.pub cloudbees/cloudbees-core-mm:2.479.1.3
Cosign responds with a message that indicates whether the images are validated as authentic. An exit code of 0 indicates that the images are authentic. If the images are not validated as authentic, you should contact CloudBees Support.