-
Story
-
Resolution: Done
-
Major
-
None
-
3
-
False
-
-
False
-
Introduces a new Tekton task variant, buildah-ns, which enhances container build security through user namespace isolation. The task is fully compatible with the existing buildah task while offering improved flexibility and test coverage.
-
-
-
Pipelines Sprint Tekshift 31, Pipelines Sprint Tekshift 32
Story (Required)
The goal of this story is to implement a new Tekton task named buildah-ns that supports user namespaces via additional annotations. This task will be a variant of the existing buildah task, enhanced to provide better isolation and security for rootless container builds using user namespaces.
Acceptance Criteria (Mandatory)
- A new Tekton task named buildah-ns is created.
- The task includes additional annotations required to enable user namespace support.
- Task definition follows existing Tekton conventions and standards.
- Includes support for commonly used parameters from the original buildah task.
- Full E2E test coverage is provided for the new task.
INVEST Checklist
Dependencies identified
Blockers noted and expected delivery timelines set
Design is implementable
Acceptance criteria agreed upon
Story estimated
Legend
Unknown
Verified
Unsatisfied
Done Checklist
- Code is completed, reviewed, documented and checked in
- Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
- Continuous Delivery pipeline(s) is able to proceed with new code included
- Customer facing documentation, API docs etc. are produced/updated, reviewed and published
- Acceptance criteria are met
- relates to
-
-
- Closed
-
