-
Bug
-
Resolution: Won't Do
-
Major
-
1.1.0.GA, 1.2.0.GA
-
None
Today, we reference ubi8-minimal, sso, and postgres images like this:
DefaultPvcJobsImage = "registry.access.redhat.com/ubi8-minimal:8.0-127" DefaultPostgresImage = "registry.access.redhat.com/rhscl/postgresql-96-rhel7:1-40" DefaultKeycloakImage = "registry.access.redhat.com/redhat-sso-7/sso73-openshift:1.0-11"
And we use PullPolicy = IfNotPresent:
ImagePullPolicy: corev1.PullIfNotPresent
ImagePullPolicy: corev1.PullIfNotPresent
But in future, we might want to pull the latest images for a given branch, rather than specific ones, to ensure CVE fixes are rolled out more quickly (to avoid CRW-283):
DefaultPvcJobsImage = "registry.access.redhat.com/ubi8-minimal:8.0" DefaultPostgresImage = "registry.access.redhat.com/rhscl/postgresql-96-rhel7:1" DefaultKeycloakImage = "registry.access.redhat.com/redhat-sso-7/sso73-openshift:1.0"
or even just latest images overall:
DefaultPvcJobsImage = "registry.access.redhat.com/ubi8-minimal" DefaultPostgresImage = "registry.access.redhat.com/rhscl/postgresql-96-rhel7" DefaultKeycloakImage = "registry.access.redhat.com/redhat-sso-7/sso73-openshift"
In either case, we should consider switching the PullPolicy to Always so that registries are pinged on startup of a container to ensure the latest is loaded.