Details
-
Feature
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
False
-
-
False
-
0
-
0%
-
0
-
0
Description
Feature Overview (aka. Goal Summary)
Add sigstore signatures to core OCP payload and enable CVO to verify these
An elevator pitch (value statement) that describes the Feature in a clear, concise way. Complete during New status.
OpenShift Release Engineering can leverage a mature signing and signature verification stack instead of relying on simple signing
<your text here>
Goals (aka. expected user outcomes)
Customers can leverage OpenShift to create trust relationships for running OCP core container images
Specifically, customers can trust signed images from a Red Hat registry and CVO can verify those signatures
The observable functionality that the user now has as a result of receiving this feature. Include the anticipated primary user type/persona and which existing features, if any, will be expanded. Complete during New status.
<your text here>
Requirements (aka. Acceptance Criteria):
A list of specific needs or objectives that a feature must deliver in order to be considered complete. Be sure to include nonfunctional requirements such as security, reliability, performance, maintainability, scalability, usability, etc. Initial completion during Refinement status.
<enter general Feature acceptance here>
– CVO to verify RH images & release payload sigstore signatures
– ART will add sigstore signatures to core OCP images
Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed. Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.
These acceptance criteria are for all deployment flavors of OpenShift.
Deployment considerations | List applicable specific needs (N/A = not applicable) | |
Self-managed, managed, or both | ||
Classic (standalone cluster) | ||
Hosted control planes | ||
Multi node, Compact (three node), or Single node (SNO), or all | ||
Connected / Restricted Network | ||
Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x) | ||
Operator compatibility | ||
Backport needed (list applicable versions) | Not Applicable | |
UI need (e.g. OpenShift Console, dynamic plugin, OCM) | ||
Other (please specify) |
Use Cases (Optional):
Include use case diagrams, main success scenarios, alternative flow scenarios. Initial completion during Refinement status.
<your text here>
Questions to Answer (Optional):
Include a list of refinement / architectural questions that may need to be answered before coding can begin. Initial completion during Refinement status.
<your text here>
Out of Scope
High-level list of items that are out of scope. Initial completion during Refinement status.
<your text here>
Background
Provide any additional context is needed to frame the feature. Initial completion during Refinement status.
<your text here>
Customer Considerations
Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.
<your text here>
Documentation Considerations
Provide information that needs to be considered and planned so that documentation will meet customer needs. If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.
<your text here>
Interoperability Considerations
Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.
<your text here>
Attachments
Issue Links
- is related to
-
OTA-1267 Cincinnati compatibility with Cosign / Sigstore signatures
- To Do