Skip to content
This repository has been archived by the owner on Nov 20, 2021. It is now read-only.

Add support for resources apart from pods #6

Open
sambhav opened this issue Jun 6, 2021 · 3 comments
Open

Add support for resources apart from pods #6

sambhav opened this issue Jun 6, 2021 · 3 comments

Comments

@sambhav
Copy link

sambhav commented Jun 6, 2021
edited
Loading

It might be possible to add support for verifying that resources other than pods also reference images which are signed. This could possibly be done by providing the controller a configmap that contains the custom resource's gvk and the jsonpath to the field in the resource which makes up the image reference(s) .

For eg.

https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/

The config for the above might look like -

imageFields:
  - apiVersion: batch/v1
    kind: CronJob
    field: ".spec.jobTemplate.spec.template.spec.containers[*].image"
@sambhav
Copy link
Author

sambhav commented Jun 6, 2021
edited
Loading

This would be extremely useful for other operators/custom resources as well.

@sambhav sambhav changed the title Add support for custom resources apart from pods Add support for resources apart from pods Jun 6, 2021
@sambhav
Copy link
Author

sambhav commented Jun 6, 2021
edited
Loading

Although these resources may end up creating pods, this might lead to a better user experience for a k8s user who will get a failure right away as they are submitting the resource as opposed to when the controller tries to create pods for the custom resource.

@sambhav sambhav mentioned this issue Jun 6, 2021
Open
@dlorenc
Copy link
Owner

dlorenc commented Jun 6, 2021

+1!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dlorenc @sambhav