Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-3135

support signed container images

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: High High
    • OSC 1.8.0
    • OSC 1.7.0
    • None
    • None
    • BU Product Work
    • False
    • None
    • False
    • KATA-2603protection for data in-use (CoCo)
    • Not Selected
    • 50% To Do, 50% In Progress, 0% Done
    • Hide
      .Container image signature verification

      {cc} supports container image signature verification. You can sign container images using tools such as link:https://developers.redhat.com/products/trusted-artifact-signer/overview[Red Hat Trusted Artifact Signer] and then create container image signature verification policies. The Key Broker Service on the Trustee cluster verifies the signatures, ensuring that only trusted and authenticated container images are deployed in your environment.
      Show
      .Container image signature verification {cc} supports container image signature verification. You can sign container images using tools such as link: https://developers.redhat.com/products/trusted-artifact-signer/overview [Red Hat Trusted Artifact Signer] and then create container image signature verification policies. The Key Broker Service on the Trustee cluster verifies the signatures, ensuring that only trusted and authenticated container images are deployed in your environment.
    • Technology Preview
    • Rejected
    • Yes
    • 0
    • 0

      End users of coco prefers to provide either an encrypted container image or a signed container image for their workload.
      CoCo on ARO should be able to deploy workload with encrypted or signed container images.

      This feature focuses on the signed image support.

      Part of it requires guest-side components for image validation. We also need to make sure there is no limitation from the node side when creating a container with a signed image. 

              jrope Julien ROPE
              jfreiman Jens Freimann
              Victor Voronkov
              Victor Voronkov Victor Voronkov
              John Wilkins John Wilkins
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: