Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-12506

operators use tag for containerImage reference instead of digest

XMLWordPrintable

    • 1
    • % %
    • Hide 
      $ oc get packagemanifest/dv-operator -n openshift-marketplace -o=jsonpath='{.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}'
dv-operator 	dv-operator.v7.5.0t fuse7-tech-preview/dv-rhel7-operator
      Show
      $ oc get packagemanifest/dv-operator -n openshift-marketplace -o=jsonpath='{.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}' dv-operator dv-operator.v7.5.0t fuse7-tech-preview/dv-rhel7-operator
    • DV Sprint 57

      In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag.

      See:
      http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html

            rhn-engineering-rareddy Ramesh Reddy
            rhn-support-jshepher Jason Shepherd
            Andrej Smigala Andrej Smigala
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours
                2h