Uploaded image for project: 'RH Developer Hub Planning'
  1. RH Developer Hub Planning
  2. RHDHPLAN-873

Seperate image for init-container

Create Doc EPIC from R...Prepare for Z ReleasePrepare Test Plan (Y R...XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      Requested Feature Overview (aka. Goal Summary)

      An elevator pitch (value statement) that describes the desired Feature in a clear,
      concise way.

      – >

      • I have a customer "Raiffeisen Schweiz Genossenschaft" who has requested for a seperate image for init-container and a more secured image for developer hub.
      • The RHDH image is huge and has development tools installed. Not using dev tools and keeping a small attack surface are security best practices.
      • When you are not able to eliminate, as en example Skopeo, at all, it must be kept in the init-container but not in the rhdh container that is accessible from outside of the cluster.
      • What we see as a solution would be to provide an image for the init-container and a more secure one for the running dev hub.
      • The init-container image could copy the plugins and run Python scripts. But those tools should not be in the running dev hub.

      Goals (aka. expected user outcomes)

      The observable functionality that the user would have as a result of receiving
      this feature. Include the anticipated primary user type/persona.

       --> By having a seperate init-container image, the developer hub image in itself will be more secured as the dev packages which are flagged with vulnerabilities will be part of init-container and not developer hub.

      Requirements (aka. Acceptance Criteria):

      A list of specific needs, objectives, or user stories that must be delivered in order
      to be considered complete. 

      • Seperate image for init-container and developer hub.
      • The init-container image could copy the plugins and run Python scripts.
      • Development tools should not be part of RHDH image as its huge.

      Out of Scope (Optional)

      High-level list of items that are out of scope.

      <your text here>

      Customer Considerations (Optional)

      Provide any additional customer-specific considerations that must be made
      when designing and delivering the Feature. 

      --> Customer's inputs on a solution to issue :

      What we see as a solution would be to provide an image for the init-container and a more secure one for the running dev hub.

      The init-container image could copy the plugins and run Python scripts. But those tools should not be in the running dev hub.

       

              Unassigned Unassigned
              rhn-support-slekkad Suhas Lekkad
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: