In some deployment scenarios we may want to allow running only those workflows which use vetted authorised container images.

(This is similar to how we allow to run only certain vetted Jupyter notebook images by users, see interactive_sessions.environments.jupyter.recommended Helm value and the necessary changes to REANA components reanahub/reana-workflow-controller#569.)

To address these deployment scenarios, it would be useful to:

• allow REANA cluster administrators to specify which images can be used by users in their runtime workflows;
• enrich reana-client info to report to users which images are authorised;
• amend reana-client validate to report any troubles early in case a user tries to use an unauthorised image;
• make strong check on the REANA server side not to accept user workflows if the workflow uses an unauthorised image for some of its steps.

The implementation could be similar to how we handle Jupyter images, i.e. via a Helm value. However, the list of authorised images may grow, so we may have to be ready to handle potentially large number of allowed items in the vetted container image list.