This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 277
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
injector: enforce using configured images (#4131)
This change enforces that images configured by the user or install time defaults are always used at the time of sidecar injection. Previously, default images were encoded in the configurator which posed a security risk of not using configured images in case those values are unavailable in MeshConfig and the user overrides the defaults. It's common practice for users to use their own images from secure registries of their choice, so OSM must enforce that. This problem is made worse by the fact that OSM could silently use defaults that the user is unaware of without raising any warnings or approval from the user, which can compromise their security requirements. This change is also required to address #3715 where default image digests will be encoded in the CLI as a part of the release workflow without needing to rebuild the control plane binaries. Signed-off-by: Shashank Ram <[email protected]>
- Loading branch information
1 parent
2bb06c0
commit 60a9754
Showing
6 changed files
with
131 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters