XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Medium
Fix Version/s: None
Affects Version/s: OSC 1.8.0
Component/s: cloud-api-adapter
Labels:
None

Epic Name:
Enhanced support to signed container images
Work Type:
Improvement
Blocked:
False
Blocked Reason:
None
Ready:
False
Parent Link:
KATA-3135support signed container images
Color Status:
Not Selected
Epic Status:
To Do
Feature Link:
KATA-3135 - support signed container images
Hierarchy Progress Bar:

0% To Do, 100% In Progress, 0% Done
Intelligence Requested:
Market:

Cost of Delay:
0
WSJF:
0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Epic Goal

Enhance the signed containers images feature delivered in OSC 1.8.0
Leverage the upstream implementation of the feature

Why is this important?

On OSC 1.8.0 it was delivered a downstream-only implementation of signed containers because the feature wasn't fully done upstream and it was important for our relation with Microsoft to deliver it. While the feature works, it brought usability issues. For instance, user is mandatory to create the containers policy in KBS otherwise any pod will break to start. This made the OSC CoCo heavily dependent on KBS and prone to errors.

Scenarios

....

Acceptance Criteria

The Epic is complete when:

Signed container images is fully implemented upstream at cloud-api-adaptor
The upstream feature is consumed on an OSC release
OSC user guide is updated

Additional context:

The issue upstream: https://github.com/confidential-containers/cloud-api-adaptor/issues/1989

is duplicated by

KATA-3425 Ability to customise default kata-agent policy when creating the pod VM image

Closed

Assignee:: Unassigned

Reporter:: Wainer Moschetta

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/11/19 3:47 PM

Updated:: 2025/01/30 1:49 PM