Loading...

XML

Word

Printable

Type: Feature
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: Security & Compliance
Labels:
- FPC:TODO-Close-ALL-Epics
- FPC:TODO-Create-Delivery-Epics

Work Type:
BU Product Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Hierarchy Progress Bar:

50% To Do, 0% In Progress, 50% Done

Risk Score:
0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

PX Priority Data:
PX Impact Score:

Intelligence Requested:
Market:

As an openshift administrator, I would like a way to ensure image pulls reauthenticate with the registry, even if the image is already present and its image pull policy does not require it to re-pull.

This is to enable multitenant environments where different pull secrets are used for different users, and each user shouldn't have access to the others pull secret. Ensuring the image is pulled forces the user to have valid credentials even if the image is already pulled.

This work is being tracked upstream: https://github.com/kubernetes/enhancements/pull/1608

relates to

RFE-1293 Protect against mis-use of images present on a node

Deferred

links to

kubelet: ensure secret pulled image #114847

Assignee:: Gaurav Singh

Reporter:: Gaurav Singh

Contributors:: Peter Hunt, Sascha Grunert

Doc Contact:: Matthew Werner

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2023/08/15 3:26 PM

Updated:: 2024/09/04 8:22 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates