Prerequisites

Below are all the things you need to get started with the Carbide Secured Registry (CSR). As we improve and streamline the process, this list could evolve.

Registry Disclaimer: The Carbide Secured Registry (rgcrprod.azurecr.us) is not intended to be used as the primary registry for running Kubernetes clusters. It is only intended as the acquisition point to obtain the Carbide images. Customers should seed their own private registries, and use that registry for their Kubernetes clusters.

Required Tooling

K8s Package Management: Helm

Example installation steps:

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
sudo chmod 755 get_helm.sh && sudo ./get_helm.sh

For more options, visit the Helm install docs.

Supply Chain Verification: Cosign

Example installation steps:

curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64"
sudo mv cosign-linux-amd64 /usr/local/bin/cosign
sudo chmod 755 /usr/local/bin/cosign

For more options, visit the Cosign install docs.

Recommended Tooling

Packaging/Airgapping: Hauler

Example installation steps:

curl -sfL https://get.hauler.dev | bash

For more options, visit the Hauler install docs.

Required Artifacts

Carbide Public Key

Download the public key for Carbide.

curl -sfOL https://raw.githubusercontent.com/rancherfederal/carbide-releases/main/carbide-key.pub

View the public key for Carbide.

cat carbide-key.pub

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5zlXeLmRxBHbVmDRZpnCFdzKhyKO
tCAZva7CLlk/6gxvCM0QkIKznfaGTRMMYTaHMdQSau6yulDLlpokA++i8Q==
-----END PUBLIC KEY-----

Log In to CSR

Using Hauler (recommended):

hauler login -u <redacted> -p <redacted> rgcrprod.azurecr.us

Using Docker:

docker login -u <redacted> -p <redacted> rgcrprod.azurecr.us

Required Tooling​

Recommended Tooling​

Required Artifacts​

Log In to CSR​

Required Tooling

Recommended Tooling

Required Artifacts

Log In to CSR