community icon indicating copy to clipboard operation
community copied to clipboard
verified publisher icon helm

Enhance HIP 15 for Helm image annotations with conditions and tags support

Open Boojapho opened this issue 3 years ago • 1 comments

When implementing image annotations similar to the current HIP 15 draft, we quickly noticed that images were dependent on feature flags. In our case, we had one of three images that would be selected depending on the cloud environment you were using.

To create an accurate SBOM, we propose we enhance HIP 15 to include optional conditions and tags, just like dependencies.

This would allow a more accurate list of images for a deployment by using the Helm values. Of course, you could also simply ignore the conditions/tags to produce a comprehensive list of all possible images that may be used by the chart.

Boojapho avatar Nov 09 '22 15:11 Boojapho

Just adding my 2 pennies as folks potentially consider this - I agree with the above as having conditions also helps with bringing more precisely what you need to disconnected environments - Zarf (a project for disconnected cloud deployments) implements some optional conditions on these annotations already: https://github.com/defenseunicorns/zarf/blob/95777d038bc59963b3ae33aaa244ad1fd014fd82/src/internal/packager/helm/images.go#L78

Racer159 avatar May 15 '23 21:05 Racer159