Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-877

Onboard shared resource driver image to Konflux


    • 3
    • False
    • None
    • False
    • SECFLOWOTL-27 - Shared Resource CSI Driver GA
    • Release Note Not Required
    • Done
    • 3
    • Builds Sprint #2261, Builds Sprint #3, Builds Sprint #4

      User Story

      As a cluster admin trying to install the Shared Resource CSI driver, I want all images to come from the Red Hat container catalog so that I run fully supported and secured installations of the CSI driver.


      Akin to BUILD-109.

      We have decided to onboard Builds for OpenShift to Konflux for v1.1 (instead of CPaaS)

      Out of Scope

      • Re-productizing the webhook for the csi driver
      • Re-productizing the must-gather image for the csi driver
      • Driving CI through Konflux. We have CI infrastructure via OpenShift CI today, we don't need to disable this right now.

      Approach (Required)

      • Onboard openshift/csi-driver-shared-resource to Konflux.
      • Enable SDL required tasks (ClamAV, Snyk scan, SBOM).
      • (maybe?) Update openshift/release so we run OpenShift CI checks against the respective release branch.


      • Konflux workspace for the Builds for OpenShift product
      • Konflux GitHub app installed in the openshift org

      Acceptance Criteria (Required)

      • CSI driver image is built on Konflux
      • SDL tasks are enabled for csi driver image (ClamAV, Snyk, SBOM)
      • CI via openshift-ci continues to function

      Open Questions

      • Declaring a "release branch" - do we need permission to create our own branch for "builds-1.1"? Or do we continue with the default branch ("master")?
      • Who do we reach out to when enabling the Konflux GitHub app for the openshift GitHub org?

      INVEST Checklist

      • Dependencies identified
      • Blockers noted and expected delivery timelines set
      • Design is implementable
      • Acceptance criteria agreed upon
      • Story estimated


      • Unknown
      • Verified
      • Unsatisfied

      Done Checklist

      • Code is completed, reviewed, documented and checked in
      • Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
      • Continuous Delivery pipeline(s) is able to proceed with new code included
      • Customer facing documentation, API docs etc. are produced/updated, reviewed and published
      • Acceptance criteria are met

            avinkuma@redhat.com Avinal Kumar
            gmontero@redhat.com Gabe Montero
            0 Vote for this issue
            3 Start watching this issue


                Original Estimate - 2 weeks
                Remaining Estimate - 2 weeks
                Time Spent - Not Specified
                Not Specified