Can we support Enabling signature verification for container registries in ROSA ?
Environment
- Red Hat OpenShift Service on AWS
- 4.10
Issue
- You want to enable the signature verification only for your private container registries in ROSA.
- The configutaion is in Enabling signature verification for Red Hat Container Registries.
Resolution
- Unfortunately, it's not supported currently due to architectural limitation in ROSA. The configuration will also impact all workloads in infra nodes due to sharing one MCP with worker and infra nodes.
- Since Red Hat OpenShift Service on AWS service definition - Compute indicates that the infra nodes are strictly for Red Hat, implementing the signature verification would counter our service definition, so it's not appropriate for customers to use it.
- There is potential risk to impact the monitoring workloads due to this changes, and it means no longer functioning SRE's alerts and managements together.
- In addition, another all SRE's workloads(ingress, backup and so on) in infra nodes can also be affected due to this changes currently.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments