-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.19
-
Quality / Stability / Reliability
-
False
-
None
-
None
-
None
-
No
-
None
-
None
-
Rejected
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
4.19 OpenShift (OCP) uses RHEL 9.6, which has image policy opinions requiring registry.redhat.io and registry.access.redhat.com signatures (OCPBUGS-55106). OCP has (Cluster)ImagePolicy allowing customers to define their own policies. And sometimes OCP has its own opinions. This ticket is asking for some kind of plan or policy around how these opinions will interact. Options include:
- OCP ignores RHEL opinions, and clobbers them as soon as possible after arriving on a boot image.
- OCP respects RHEL opinions, and provides cluster admins and OCP components with a way to append additional restrictions, but no ability to remove RHEL-level opinions.
- OCP respects RHEL opinions by default, and allows cluster admins to both add additional policies and also soften or remove RHEL policies.
- Probably lots more options I'm not thinking of.
Good luck!
Steps to Reproduce, actual results, expected results
See OCPBUGS-55106 for one instance of the current lack-of-policy causing issues.
- clones
-
OCPBUGS-55106 RHCOS 4.19 live iso x86_64 contains restrictive policy.json
-
- ON_QA
-