Christoph Hamsen
Christoph Hamsen
**Describe the feature** Automatic Child Approval (ACA) is exposed as an experimental feature. It should be extended by a ttl or cache to allow ACA for a limited amount of...
Currently the `get-public-root-key` utility does not allow to provide authentication credentials. This is discussed in the GitHub Discussion mentioned below: ### Discussed in https://github.com/sse-secure-systems/connaisseur/discussions/252 Originally posted by **apopaa** August 10,...
**Describe the feature** Improve log output e.g. for 'automatic child approval'. Logs should provide sufficient information to understand why an image was accepted or denied and by which validator. Dedicated...
**Describe the feature** The validator name is used at multiple points throughout the helm charts, e.g. to create volumns and volumn mounts. In order to avoid unwanted complications or malicious...
**Describe the feature** Currently, Connaisseur generates a self-signed certificate for communication. This should be made configurable via `helm/values.yaml` to e.g. provide a cert or reference a corresponding secret. **Optional: Is...
**Describe the bug** Admission requests timeout after 30s. The http requests of connaisseur using aiohttp apply the default timeout of 300s: https://docs.aiohttp.org/en/stable/client_quickstart.html#timeouts As a consequence, requests that fail due to...
Fixes no issue ## Description - helm values, Chart, and templates are refactored/improved to provide more native helm support and improve usability - helm and app versioning are properly seperated...
Fixes #201 ## Description - support of rsa public keys for cosign validator is added :warning: WIP notes: - check if can be extended to notary v1 as well -...
**Describe the feature** Pod Security Admission (PSA) was introduced in k8s v1.22 as a replacement for Pod Security Policies (PSP). Secure defaults should be introduced to Connaisseur. More information is...
**Describe the feature** Connaisseur works as a mutating admission controller and thus replaces tags by signed digest. This also means that requests are modified. A validation only mode would simply...