MAJOR REALEASE PLANNED: Multi-Key, Multi-Notary, Multi-Validator

[xopham]

Connaisseur 2.0 is coming! 🥳

We are planning a new major release that will introduce breaking changes to the configuration, more specifically the helm/values.yaml. Via #84, #82, #96, #107 and the general work new signing schemes and solutions, we became aware that - while do currently provide wide compatibility with different registries and (managed) k8s solutions - there is an increased demand for more complex infrastructures that require:

• multiple keys
• multiple notaries
• multiple validators (or modular validation)

Ultimately, we hope to enable a central Kubernetes cluster to pull and validate images from all kinds of different registries using different signing solutions and keys. Making the multi-validator support extensible, will facilitate integrating different signing/validation solutions.

Introducing each of these changes will cause breaking changes to the configuration via helm/values.yaml and we therefore plan to put these into one major release: v2.0.0. We also plan to cleanup our README and setup guides to reflect the changes and extend by some neat convenience features that become accessible with the planned changes, like pre-provisioned keys for common registries with trusted images such as Docker Official Images (you can obviously disallow these as well).
In case you want to learn more details about the planned architectural changes, we are using Architecture Decision Records (ADR) and the upcoming features are documented in the following records:

• ADR-3: Multi-Notary Configuration
• ADR-4: Modular Validation

Since these are major changes, we expect it to take a bit of time to get everything to work together neatly, so stay tuned and feel free to share your thoughts ✍️