-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
1
-
None
-
None
-
Installer Sprint 276, Installer Sprint 277
For internal, red-hat-development usage, I would like to be able to opt out of the sigstore signing requirement so that I can test legitimate release images that have not been signed via sigstore, for example in CI workflows.
As this story is for dev-only usage, this should not go in the install config. Presumably this would be an environment variable (which should be prefixed with OPENSHIFT_INSTALL).
When the environment variable (or whatever) is set, an override will be placed in the CVO manifest, as described in the enhancement:
kind: ClusterImagePolicy
group: config.openshift.io
name: openshift
unmanaged: true
CVO override logic can be found here: https://github.com/openshift/installer/blob/fdd2095b517562f75714a849a169d294bdfe087d/pkg/asset/ignition/bootstrap/cvoignore.go#L96-L106