Is there a build/compile flag for kubernetes v1.14 to only build for signature verification and not signing? I have an embedded system acting as a kubelet that justs needs to verify a signature. I'm getting error saying, kubelet[289]: remote_image.go:113] PullImage "quay.registry/reponame/podman-test:latest" from image service failed: rpc error: code = Unknown desc = Source image rejected: Invalid crypto engine which indicates that kubernetes is missing external dependencies for signing.
I've tried adding: -tags "containers_image_openpgp " similar to related issue here: https://github.com/containers/skopeo/issues/660
My current build command is make generated_files KUBE_BUILD_PLATFORMS="${HOST_GOOS}/${BUILD_GOARCH}"; make cross KUBE_BUILD_PLATFORMS=${GOOS}/${GOARCH}
The error is coming from GPG. Make sure your device has gpg or gpgv command in PATH and that signature verification with gpg command works. gpgv is a stripped-down verification-only command that you could use, and Kubernetes supports it. Also, GPG has a ton of compile-time parameters to enable/disable parts of it, you can strip it down once you get it working. If you find GPG too bloated or have a hard time getting it to work, you can try using https://sequoia-pgp.org/ which compiles to a statically linked binary without external dependencies. You will have to translate calls to gpg command into calls to sqv, but their CLI interfaces are really similar so it should be easy to do with a shell script, or whatever language your embedded platform supports.