红帽全球峰会此内容没有您所选择的语言版本。
Chapter 2. Technology previews
An overview of the Technology Preview features introduced or updated in this release of Red Hat Trusted Artifact Signer (RHTAS).
Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about Red Hat Technology Preview features support scope, see https://access.redhat.com/support/offerings/techpreview/.
- Trusted Artifact Signer Console
- In this release, we added the RHTAS Console, a user-friendly graphical interface for viewing read-only information such as The Update Framework (TUF) root details and certificates. This improves the user’s quality of life when managing a RTHAS environment. Before this update, security details were distributed across multiple tools, causing a less user-friendly experience. With this release, users have a unified console, with more features being added in later RHTAS releases, such as: functionality for Rekor Search UI, Rekor keys, along with artifact retrieval and verification actions. For deployment instructions, please see the project’s repository on GitHub for more details.
- Added the Sigstore Policy Controller admission controller
- In this update, users can deploy the Sigstore Policy Controller admission controller alongside RHTAS deployments running on Red Hat OpenShift. This integration offers users a method to manage the container images that are permitted to operate on their OpenShift clusters, based on signatures or attestations generated by RHTAS. Users can install and manage the Sigstore Policy Controller admission controller by installing an Operator that reconciles the upstream Helm chart. This Operator ensures that cluster workloads are only allowed if they comply with the specified cluster image policies.
- High availability support added for Trusted Artifact Signer on Red Hat OpenShift
- With this update, users can now configure RHTAS for High Availability (HA) in single cluster deployments, enhancing service reliability and performance. The RHTAS deployment now keeps key components replicated to eliminate single points of failure, provides load balancing, fail over mechanisms, and health checks. This allows the system to manage workloads effectively, ensuring the uptime required for continuous CI/CD pipelines that rely on the Trusted Artifact Signer service, and maintaining operational continuity.
- Support added for signing and verifying AI/ML models
With this release, we introduced a new Model Validation Operator, and a command-line procedure to do pod validation for artificial intelligence (AI) and machine learning (ML) models before running your workloads. The Model Validation Operator integrates a webhook to automatically inject an initialization container to do validation, ensuring that only verified models are used. This validation process works with the RHTAS service to validate the authenticity of the AI/ML models. You can also sign and verify AI/ML models by using the command-line interface, without needing to install a separate binary.
For more information, see the RHTAS Administration Guide.
- New configuration options for scaling Trusted Artifact Signer’s services
-
With this update, we implemented enhanced pod scheduling and resource management for RHTAS. This enhancement provides granular control over scaling, scheduling, and resource allocation through a new
PodRequirementsspecification. This addresses the need for fine-grained deployment options by offering control over Custom Resources (CR) such as: Fulcio, Certificate Transparency log (CTlog), Rekor, Trillian, Timestamp Authority (TSA), and The Update Framework (TUF) Trust Root. Users can now manage pod affinity rules, define a matching toleration for node taints, specify the number of replicas for high availability, and set compute resource requests and limits. These new configuration options are also exposed in the OpenShift console UI for easier management.
- New configuration options for Rekor attestation storage
- In this update, you can now configure external storage for Rekor attestations. This new feature enhances scalability and flexibility when managing Rekor attestations. This allows for the use of many Rekor replicas simultaneously. We expanded Rekor’s Custom Resource Definition (CRD) with a new attestations section. In this section you can specify a storage URL from storage providers such as: Amazon Web Services (AWS) S3, Google Cloud Storage (GCS), or a file-based persistent volume claim (PVC).
- New configuration options for Rekor external search index
- With this update, users can use their own Redis database to serve as the search index for Rekor. This integration enables connection with external, highly-available, and managed database or caching services. For production environments that demand greater scalability, reliability, and the ability to use existing infrastructure is essential. When an external search index is configured, the RHTAS Operator will not deploy the embedded Redis instance. Instead, the Rekor service actively uses the specified external connection configuration, which includes support for TLS-enabled connections. This gives users more flexibility, along with an enterprise-ready deployment of RHTAS, simplifying management and enhancing overall performance.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}