Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-563

operators use tag for containerImage reference instead of digest

    XMLWordPrintable

Details

    • Hide

      $ oc get packagemanifest/codeready-workspaces -o=jsonpath='

      {.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}

      '
      codeready-workspaces crwoperator.v2.0.0 registry.redhat.io/codeready-workspaces/server-operator-rhel8:2.0
      crwoperator.v1.2.2 registry.redhat.io/codeready-workspaces/server-operator-rhel8:1.2

      Show
      $ oc get packagemanifest/codeready-workspaces -o=jsonpath=' {.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end} ' codeready-workspaces crwoperator.v2.0.0 registry.redhat.io/codeready-workspaces/server-operator-rhel8:2.0 crwoperator.v1.2.2 registry.redhat.io/codeready-workspaces/server-operator-rhel8:1.2

    Description

      In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag.

      See:
      http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html

      Attachments

        Issue Links

          causes

          Task - Represents a small unit of work that is not end-user facing. CRW-733 Rebuild registries and operator metadata images for all new quay.io builds

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. CRW-668 Provide orchestration job to trigger all CRW images

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is blocked by

          Task - Represents a small unit of work that is not end-user facing. CRW-214 Create jenkins job to build CRW containers outside Brew (with sed transforms) and push to Quay directly

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. CRW-914 Push OSBS jobs to Quay broken (cannot rpm update skopeo to >=0.1.40)

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          links to

          Web Link RFE: Freshmaker needs to know that when container A is respun, containers B, C, and D also need to respin (arbitrary relationship defined in container.yaml?)

          Web Link RFE: Freshmaker needs to know that when operand container A is respun, operator-metadata container B also need to respin (operator metadata upversion and relatedImages section automatic update)

          Web Link Support OpenShift 4.2 Airgap mode (use image digests)

          Activity

            People

              dfestal David Festal
              rhn-support-jshepher Jason Shepherd
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: