Added info about cosigned and why we need cosign in experimental mode

Updates based on PR review

Apply suggestions from code review

Co-authored-by: Tim Bannister <[email protected]>

Author: PushkarJ

content/en/docs/tasks/administer-cluster/verify-signed-images.md

@@ -1,30 +1,43 @@
 ---
 title: Verify Signed Container Images
-
-reviewers:
-  - TBD
-
-content_type: task
+content_type: task 
 min-kubernetes-server-version: v1.24
 ---
 
 <!-- overview -->
 
 {{< feature-state state="alpha" for_k8s_version="v1.24" >}}
-## Pre-requisites
-- [cosign](https://docs.sigstore.dev/cosign/installation/)
+
+## {{% heading "prerequisites" %}}
+
+These instructions are for Kubernetes {{< skew currentVersion >}}. If you want to check the
+integrity of components for a different version of Kubernetes, check the documentation for
+that Kubernetes release.
+
+You will need to have the following tools installed:
+- `cosign` ([install guide](https://docs.sigstore.dev/cosign/installation/))
+- Go compiler ([install guide](https://go.dev/doc/install)
+- `curl` (often provided by your operating system)
 
 ## Verifying image signatures
-For a complete list of images that are signed please refer to [releases](/releases/download/) page.
+For a complete list of images that are signed please refer to [Releases](/releases/download/).
 
-Let's pick one image from this list and verify its signature using `cosign verify` command.
+Let's pick one image from this list and verify its signature
+using `cosign verify` command:
 
 ```shell
 COSIGN_EXPERIMENTAL=1 cosign verify k8s.gcr.io/kube-apiserver-amd64:v1.24.0
 ```
-### All control plane images
 
-To verify all signed control plane images, please run this command
+{{% alert title="Note" %}}
+`COSIGN_EXPERIMENTAL=1` is used to allow verification of images signed
+in `KEYLESS` mode. To learn more about keyless signing, please refer to
+[Keyless Signatures](https://github.com/sigstore/cosign/blob/main/KEYLESS.md#keyless-signatures).
+{{% /alert %}}
+
+### Verifying images for all control plane components
+
+To verify all signed control plane images, please run this command:
 
 ```shell
 curl https://kubernetes.io/examples/admin/signed-images/auto-generated-list-of-all-signed-images.txt --output auto-generated-list-of-all-signed-images.txt
@@ -33,4 +46,14 @@ while IFS= read -r image
 do
   COSIGN_EXPERIMENTAL=1 cosign verify "$image"
 done < "$input"
-```
+```
+
+## Verifying Image Signatures with Admission Controller
+
+For non-control plane images (e.g. kube-conformance), image signatures can also
+be verified, at deploy time using 
+[cosigned](https://docs.sigstore.dev/cosign/kubernetes/#cosigned-admission-controller)
+admission controller. To get started on `cosigned` here are a few helpful resources:
+
+* [Installation](https://github.com/sigstore/helm-charts/tree/main/charts/cosigned)
+* [Configuration Options](https://github.com/sigstore/cosign/tree/main/config)

content/en/releases/download.md

@@ -3,7 +3,7 @@ title: Download Kubernetes
 type: docs
 ---
 
-## Core Kubernetes components
+# Core Kubernetes components
 
 Kubernetes ships binaries for each component as well as a standard set of client
 applications to bootstrap or interact with a cluster. Components like the
@@ -74,8 +74,9 @@ those derivations are signed in the same way as the multi-architecture manifest
 
 Full list of images that are signed can be found [here](/examples/admin/signed-images/auto-generated-list-of-all-signed-images.txt)
 
-To verify signed container images within a Kubernetes cluster, please refer to
+To manually verify signed container images of Kubernetes core components, please refer to
 [the corresponding cluster administration documentation](/docs/tasks/administer-cluster/verify-signed-images).
+Once verified, please use the same image digest of verified images to spin up your Kubernetes cluster.
 
 ## Binaries