Loading...

XML

Word

Printable

Type: Feature
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: Security & Compliance
Labels:
- FPC:TODO-Close-ALL-Epics
- FPC:TODO-Create-Delivery-Epics

Activity Type:
Product / Portfolio Work
Parent Link:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Size:
None

Target Version:
None
Release Blocker:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
None
PX Priority Data:
PX Impact Score:
PX Technical Impact:
None
PX Impact Range:
None
PX Scheduling Request:
None
PX Technical Impact Notes:
None

Intelligence Requested:
Market:

As an openshift administrator, I would like a way to ensure image pulls reauthenticate with the registry, even if the image is already present and its image pull policy does not require it to re-pull.

This is to enable multitenant environments where different pull secrets are used for different users, and each user shouldn't have access to the others pull secret. Ensuring the image is pulled forces the user to have valid credentials even if the image is already pulled.

This work is being tracked upstream: https://github.com/kubernetes/enhancements/pull/1608

relates to

RFE-1293 Protect against mis-use of images present on a node

Waiting

links to

kubelet: ensure secret pulled image #114847

Assignee:: Gaurav Singh

Reporter:: Gaurav Singh

Need Info From:: None

Contributors:: Peter Hunt, Sascha Grunert

Architect:: None

QA Contact:: None

Doc Contact:: Matthew Werner

Product Operations Engineering Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2023/08/15 3:26 PM

Updated:: 2025/09/13 2:32 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates