Creates a task page to verify signed control plane container images

Author: PushkarJ

content/en/docs/tasks/administer-cluster/verify-signed-images.md

@@ -20,7 +20,7 @@ For a complete list of images that are signed please refer to [releases](release
 Let's pick one image from this list and verify its signature using `cosign verify` command.
 
 ```shell
-cosign verify us.gcr.io/k8s-artifacts-prod/kube-apiserver:v1.24.0
+COSIGN_EXPERIMENTAL=1 cosign verify k8s.gcr.io/kube-apiserver-amd64:v1.24.0
 ```
 ### All control plane images
 
@@ -33,5 +33,4 @@ while IFS= read -r image
 do
   COSIGN_EXPERIMENTAL=1 cosign verify "$image"
 done < "$input"
-```
-
+```

content/en/examples/admin/signed-images/auto-generated-list-of-all-signed-images.txt

@@ -0,0 +1,25 @@
+k8s.gcr.io/kube-apiserver-amd64:v1.24.0
+k8s.gcr.io/kube-apiserver-arm:v1.24.0
+k8s.gcr.io/kube-apiserver-arm64:v1.24.0
+k8s.gcr.io/kube-apiserver-ppc64le:v1.24.0
+k8s.gcr.io/kube-apiserver-s390x:v1.24.0
+k8s.gcr.io/kube-scheduler-amd64:v1.24.0
+k8s.gcr.io/kube-scheduler-arm:v1.24.0
+k8s.gcr.io/kube-scheduler-arm64:v1.24.0
+k8s.gcr.io/kube-scheduler-ppc64le:v1.24.0
+k8s.gcr.io/kube-scheduler-s390x:v1.24.0
+k8s.gcr.io/kube-controller-manager-amd64:v1.24.0
+k8s.gcr.io/kube-controller-manager-arm:v1.24.0
+k8s.gcr.io/kube-controller-manager-arm64:v1.24.0
+k8s.gcr.io/kube-controller-manager-ppc64le:v1.24.0
+k8s.gcr.io/kube-controller-manager-s390x:v1.24.0
+k8s.gcr.io/kube-proxy-amd64:v1.24.0
+k8s.gcr.io/kube-proxy-arm:v1.24.0
+k8s.gcr.io/kube-proxy-arm64:v1.24.0
+k8s.gcr.io/kube-proxy-ppc64le:v1.24.0
+k8s.gcr.io/kube-proxy-s390x:v1.24.0
+k8s.gcr.io/kube-conformance-amd64:v1.24.0
+k8s.gcr.io/kube-conformance-arm:v1.24.0
+k8s.gcr.io/kube-conformance-arm64:v1.24.0
+k8s.gcr.io/kube-conformance-ppc64le:v1.24.0
+k8s.gcr.io/kube-conformance-s390x:v1.24.0

content/en/examples/admin/signed-images/generate-list-of-all-signed-images.sh

@@ -0,0 +1,2 @@
+#/bin/sh
+go run verify-all-signed-control-plane-images.go > auto-generated-list-of-all-signed-images.txt

content/en/examples/admin/signed-images/list-of-all-signed-images.yaml

@@ -0,0 +1,20 @@
+# This file is input to generate the full list of images that are signed.
+# Please update this file when more images are signed and then run
+# ./content/en/examples/admin/signed-images/generate-list-of-all-signed-images.sh
+# to update content/en/examples/admin/signed-images/auto-generated-list-of-all-signed-images.txt
+domains:
+  - "k8s.gcr.io"
+names:
+  - "kube-apiserver"
+  - "kube-scheduler"
+  - "kube-controller-manager"
+  - "kube-proxy"
+  - "kube-conformance"
+architectures:
+  - "amd64"
+  - "arm"
+  - "arm64"
+  - "ppc64le"
+  - "s390x"
+versions:
+  - "v1.24.0"

content/en/examples/admin/signed-images/verify-all-signed-control-plane-images.go

@@ -0,0 +1,44 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+
+	"gopkg.in/yaml.v3"
+)
+
+func main() {
+
+	data, err := ioutil.ReadFile("list-of-all-signed-images.yaml")
+
+	if err != nil {
+
+		log.Fatal(err)
+	}
+
+	images := make(map[string][]string)
+
+	err2 := yaml.Unmarshal(data, &images)
+
+	if err2 != nil {
+
+		log.Fatal(err2)
+	}
+	domains := images["domains"]
+	names := images["names"]
+	architectures := images["architectures"]
+	versions := images["versions"]
+
+	//anything better than 4 for loops is welcome!
+	for _, d := range domains {
+		for _, n := range names {
+			for _, a := range architectures {
+				for _, v := range versions {
+					image := d + "/" + n + "-" + a + ":" + v
+					fmt.Println(image)
+				}
+			}
+		}
+	}
+}