Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-830

Allow Admin to Ensure Images Are Reverified Even if Already Pulled

    XMLWordPrintable

Details

    • Feature
    • Resolution: Unresolved
    • Normal
    • None
    • None
    • Security & Compliance
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • 50
    • 50% 50%
    • 0
    • 0

    Description

      As an openshift administrator, I would like a way to ensure image pulls reauthenticate with the registry, even if the image is already present and its image pull policy does not require it to re-pull.

      This is to enable multitenant environments where different pull secrets are used for different users, and each user shouldn't have access to the others pull secret. Ensuring the image is pulled forces the user to have valid credentials even if the image is already pulled.

      This work is being tracked upstream: https://github.com/kubernetes/enhancements/pull/1608 

      Attachments

        Issue Links

          relates to

          Feature Request - Feature requests from customers and/or users RFE-1293 Protect against mis-use of images present on a node

          • Undefined - Priority not specified.
          • Deferred
          links to

          Web Link kubelet: ensure secret pulled image #114847

          Activity

            People

              gausingh@redhat.com Gaurav Singh
              gausingh@redhat.com Gaurav Singh
              Peter Hunt, Sascha Grunert
              Matthew Werner Matthew Werner
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: