Uploaded image for project: 'OpenShift Over the Air'
  1. OpenShift Over the Air
  2. OTA-916

Expand ClusterVersion spec with an optional slice of signature stores

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Major
    • None
    • None
    • None
    • OTA 242, OTA 243, OTA 244, OTA 245, OTA 246

    Description

      We want some cluster-version operators trying to use the OTA-909 API to retrieve signatures from an update service. We probably don't want all connected clusters doing that frequently, to avoid excessive, inefficient load on Red-Hat-hosted Cincinnati when the canonical signature sources are reachable. Possible approaches include:

      a. Using the existing spec.upstream knob to find an update service domain, and hard-coding the OTA-909 path prefix to find a base-path for signature requests.
      b. Adding a new, optional spec property like signatureStores where admins can declare additional stores, and then folding that into the built-in stores.

      We could probably make (a) work most of the time, and it's less mental overhead for admins setting spec. But it is implicit magic, and (b) makes it an explicit knob. It's currently a wash for me personally, but talking among the team 2023-02-27, (b) seems like the direction we're currently leaning towards. This ticket is about designing the spec pivot, and landing that change in openshift/api.

       

      Definition of Done:

      Merge an enhancement, and add the required API change of the ClusterVersion.

      Attachments

        Activity

          People

            pratikam Pratik Mahajan
            trking W. Trevor King
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: