Uploaded image for project: 'OpenShift Node'
  1. OpenShift Node
  2. OCPNODE-2241

Ensure image validation in imageService

    XMLWordPrintable

Details

    • Story
    • Resolution: Unresolved
    • Normal
    • None
    • None
    • None
    • 8
    • OCPNODE Sprint 253 (Blue)

    Description

      Make sure image validation takes place right after pulling the image using imageService. 

      • Have imageService.PullImage always return a digested reference to the result of the pull. Sascha’s PR has code for this.
      • Add an imageService method to verify a signature on a (userSpecifiedImageNameStorageImageID). Exists in Sascha’s PR, actually that PR does rather more than necessary, especially the duplicate StorageImageID lookups must be dropped.
      • Hook that new method into pullImageCandidate on paths where we have a local image with a StorageImageID. Obtain a Kubelet-usable “imageRef”.
      • Make sure the current fallback way to obtain imageRef at the end of Server.pullImage is eliminated; imageRef should come from something that enforces signatures.

      xref : https://issues.redhat.com/browse/RUN-1811?focusedId=23391305&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-23391305

       

      This will help us validate an image right after pulling it for namespaced policies - https://redhat-internal.slack.com/archives/CK1AE4ZCK/p1712763142542329 

      Attachments

        Activity

          People

            harpatil@redhat.com Harshal Patil
            harpatil@redhat.com Harshal Patil
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: