Follow-up from the kars-upgrade-flow review (commit on fix/kars-upgrade-flow).
Problem: The Helm chart + agentmesh manifest reference :latest (the upgrade path now pins :<version> tags, which fixed rollback). Tags are still mutable; cosign/Sigstore signatures are over digests, so pinning a tag never asserts which signed digest is trusted. A retag can swap running bits under a 'verified' banner.
Proposed: Resolve the digest at az acr import time (az acr manifest show/import output) and set image.repository@sha256:... in the chart. Makes helm upgrade self-sufficient (no rolling-restart needed to refresh), rollback trivially correct, and cosign verification meaningful.
Note: supply-chain posture change + release-pipeline contract change — needs security-architecture sign-off.
Severity: P0 (architecture), deferred from the immediate upgrade-flow fix.
Follow-up from the kars-upgrade-flow review (commit on fix/kars-upgrade-flow).
Problem: The Helm chart + agentmesh manifest reference
:latest(the upgrade path now pins:<version>tags, which fixed rollback). Tags are still mutable; cosign/Sigstore signatures are over digests, so pinning a tag never asserts which signed digest is trusted. A retag can swap running bits under a 'verified' banner.Proposed: Resolve the digest at
az acr importtime (az acr manifest show/import output) and setimage.repository@sha256:...in the chart. Makeshelm upgradeself-sufficient (no rolling-restart needed to refresh), rollback trivially correct, and cosign verification meaningful.Note: supply-chain posture change + release-pipeline contract change — needs security-architecture sign-off.
Severity: P0 (architecture), deferred from the immediate upgrade-flow fix.