Uploaded image for project: 'Hybrid Cloud Infrastructure Documentation'
  1. Hybrid Cloud Infrastructure Documentation
  2. HCIDOCS-530

Signed image support for peer pods VM image

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Critical Critical
    • OSC 1.8.0
    • None
    • Sandboxed Containers
    • None
    • HCIDOCS 2024#10, HCIDOCS 2024#11
    • 2

      Add support for signed image support when creating pod VM image.

      Resources

      Update (Oct 29): This task will probably require the following changes:

      • Signing a container image with Cosign (new procedure module).
      • Adding public key to Trustee (update Trustee secret or not?)
      • Adding key to peer pods config map (Update Updating peer pods config map?)
      • Creating attestation policy (update Attestation policies)
      • Adding attestation policy to Trustee (update Trustee config map. (Might be a good idea to move Trustee config map so that it appears after the attestation policies)

      Background

      from parent epic:

      • Document how to sign a container image. I thinkĀ https://docs.sigstore.dev/cosign/signing/signing_with_containers/ has the best information (Jens to find out whether key is stored in Azure vault or elsewhere)
      • Document how to set the public Key used in the signing to Trustee (e.g. to `kbs:///default/cosign-public-key/osc`)
      • Document how to write the policy.json for the customer's use case and how to set it as a resource to `default/security-policy/osc` (or wherever) on trustee
      • OSC 1.8.0 changes

            rhn-support-jowilkin John Wilkins
            apinnick@redhat.com Avital Pinnick
            Julien ROPE
            Victor Voronkov Victor Voronkov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: