[ADR027] Add Container Image Process #104
Conversation
ADR/0025-container-images.md
Outdated
| ### Scope | ||
| * The scope of this process is limited to the images found in our [quay.io/organization/redhat-appstudio](https://quay.io/organization/redhat-appstudio) repository. | ||
| * Images from dependencies that fall outside of this AppStudio process should follow the ESS SEC-PATCH-REQ-1 and ESS SEC-PATCH-REQ-2 processes. It is up to the component teams to ensure they are adhering to these requirements. | ||
| * Images that are not intended for the staging and/or production environments are out of scope. |
There was a problem hiding this comment.
Can you clarify this? Are you just trying to say something to the effect that EC-based decisions for use in generic workloads are out of scope (like internal productization)?
There was a problem hiding this comment.
For point 3, I was trying to say it's out of scope for dev and test environments. For point 2, we may also pick up images from 3rd party dependencies that are not built using PaC but we should also ensure they are low risk by following the ESS guidelines
ADR/0025-container-images.md
Outdated
| The purpose of this document is to establish container image management practices for AppStudio container images that are deployed in the staging and production environments. The goal is to ensure that AppStudio is continuously maintaining secure operations that are in accordance with the ESS SEC-PATCH-REQ-2 (OS Patching) requirements. | ||
|
|
||
| ### Scope | ||
| * The scope of this process is limited to the images found in our [quay.io/organization/redhat-appstudio](https://quay.io/organization/redhat-appstudio) repository. |
There was a problem hiding this comment.
Images produced via the build platform will not be pushed to this organization by default. How will images get pushed there? Will there be a required release pipeline process for them to follow to get the images mirrored?
There was a problem hiding this comment.
Good point. Instructions have been pretty vague or word of mouth. The only instructions I know of are to follow https://redhat-appstudio.github.io/infra-deployments/docs/deployment/extending-the-service.html, copy over the tekton yamls from some other component which and customize them. I don't know if there are better instructions anywhere else that I can link to.
There was a problem hiding this comment.
Should we get another issue opened so someone can write up instructions that we can link to from this ADR?
There was a problem hiding this comment.
There is a related conversation happening now about this process. Maybe we can combine/unify the two threads.
There was a problem hiding this comment.
I was on PTO when the conversation happened, so I don't know much about what was discussed. We can consider accepting what's currently written and update this ADR when there's more info
kim-tsao
changed the title
Signed-off-by: Kim Tsao <ktsao@redhat.com>
Signed-off-by: Kim Tsao <ktsao@redhat.com>
Signed-off-by: Kim Tsao <ktsao@redhat.com>
Signed-off-by: Kim Tsao <ktsao@redhat.com>
Co-authored-by: Ralph Bean <rbean@redhat.com>
kim-tsao
changed the title
Signed-off-by: Kim Tsao <ktsao@redhat.com>
|
Thank you for the write-up. I recommend publishing these and then updating them as needed. |
Add a new Container Image Process to address https://issues.redhat.com/browse/RHTAP-827