Uploaded image for project: 'OpenShift Installer'
  1. OpenShift Installer
  2. CORS-3550

Allow opt-out for non-production workloads

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 1
    • None
    • None
    • Installer Sprint 276, Installer Sprint 277

      For internal, red-hat-development usage, I would like to be able to opt out of the sigstore signing requirement so that I can test legitimate release images that have not been signed via sigstore, for example in CI workflows. 

      As this story is for dev-only usage, this should not go in the install config. Presumably this would be an environment variable (which should be prefixed with OPENSHIFT_INSTALL). 

      When the environment variable (or whatever) is set, an override will be placed in the CVO manifest, as described in the enhancement:

      kind: ClusterImagePolicy
      group: config.openshift.io
      name: openshift
      unmanaged: true 

      CVO override logic can be found here: https://github.com/openshift/installer/blob/fdd2095b517562f75714a849a169d294bdfe087d/pkg/asset/ignition/bootstrap/cvoignore.go#L96-L106 

       

       

              rh-ee-thvo Thuan Vo
              padillon Patrick Dillon
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: