Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-12506

operators use tag for containerImage reference instead of digest

XMLWordPrintable

    • 1
    • % %
    • Hide 
      $ oc get packagemanifest/dv-operator -n openshift-marketplace -o=jsonpath='{.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}'
dv-operator 	dv-operator.v7.5.0t fuse7-tech-preview/dv-rhel7-operator
      Show
      $ oc get packagemanifest/dv-operator -n openshift-marketplace -o=jsonpath='{.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}' dv-operator dv-operator.v7.5.0t fuse7-tech-preview/dv-rhel7-operator
    • DV Sprint 57

      In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag.

      See:
      http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html

              rhn-engineering-rareddy Ramesh Reddy
              rhn-support-jshepher Jason Shepherd
              Andrej Smigala Andrej Smigala
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours
                  2h