Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 4. Known issues


Resolved known issues for this release of Red Hat Trusted Artifact Signer (RHTAS):

A list of known issues found in this release RHTAS:

Rekor Search UI does not show records after upgrade

After upgrading the RHTAS operator to the latest version (1.0.1), the existing Rekor data is not found when searching by email address. The backfill-redis CronJob, which ensures that Rekor Search UI can query the transparency log only runs once per day, at midnight. To workaround this issue, you can trigger the backfill-redis job manually, instead of waiting until midnight.

To trigger the backfill-redis job from the command-line interface, run the following command:

oc create job --from=cronjob/backfill-redis backfill-redis -n trusted-artifact-signer

Doing this adds the missing data back to the Rekor Search UI.

The Trusted Artifact Signer operator does not apply configuration changes

We found a potential issue with the RHTAS operator logic that can cause an unexpected state when redeploying. This inconsistent state can happen if removing configurations from RHTAS resources and the operator tries to redeploy those resources. To workaround this potential issue, you can delete the specific resource, and then re-create that resource by using the previous instance’s configuration, such as keys, and persistent volumes. The RHTAS resources are: Securesign, Fulcio, The Update Framework (TUF), Rekor, Certificate Transparency (CT) log, or Trillian.

For example, to delete the Securesign resource:

$ oc delete Securesign securesing-sample

For example, to re-create the Securesign resource from a configuration file:

$ oc create -f ./securesign-sample.yaml

Operator does not update the component status after doing a restore to a different OpenShift cluster

When restoring the RHTAS signer data from a backup to a new OpenShift cluster, the component status links do not update as expected. Currently, you have to manually delete the securesign-sample-trillian-db-tls resource, and manually update the component status links. The RHTAS operator will automatically recreate an updated securesign-sample-trillian-db-tls resource, after it has been removed.

After the backup procedure starts, and the secrets restored, delete the securesign-sample-trillian-db-tls resource:

Example

$ oc delete secret securesign-sample-trillian-db-tls

Once all the pods start, then update the status files for Securesign, and TimestampAuthority:

Example

$ oc edit --subresource=status Securesign securesign-sample
$ oc edit --subresource=status TimestampAuthority securesign-sample

Trusted Artifact Signer requires cosign 2.2 or later

Because of recent changes to how we generate The Update Framework (TUF) repository, and making use of different checksum algorithms, we require the use of cosign version 2.2 or later. With this release of RHTAS, you can download cosign version 2.4 for use with Trusted Artifact Signer.

Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.