[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Container signing

On Thu, Jun 21, 2018 at 8:13 PM, Nick Pilch <Nick Pilch bluescape com> wrote:

Hello. We have the need to implement container signature verification in our OpenShift Origin deployment on CentOS. It seems that such support starts in version 3.6. The documents describe using the atomic CLI to configure OpenShift for such support. Does that imply requiring

storing signature metadata in the openshift registry was been there since 3.6 (and possibly earlier).  Verifying/validating signatures was introduced, I believe, in 3.7.


running OpenShift on the Atomic OS? The docker repositories we use are hosted by Artifactory and Nexus instances. Looks like Artifactory supports the docker notary service, but maybe not Nexus. However, this post seems to indicate that this support can be delegated.

Any and all pointers solicited and welcome and thanks for your attention.

Docs on the openshift image signature architecture + usage are here:


Nick Pilch
Cloud Operations
O: 650.567.4560
M: 510.381.6777
E: nick pilch bluescape com
999 Skyway Rd, Suite 145, San Carlos, CA 94070
Notice of Confidentiality: This message and any attachments are confidential. If you are not the intended recipient, please do not read or distribute. Alert the sender by reply email and delete this message immediately.

users mailing list
users lists openshift redhat com

Ben Parees | OpenShift

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]