Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add non-core project "imgcrypt" to containerd organization #37

Closed
11 of 13 tasks
estesp opened this issue Oct 18, 2019 · 14 comments
Closed
11 of 13 tasks

Add non-core project "imgcrypt" to containerd organization #37

estesp opened this issue Oct 18, 2019 · 14 comments

Comments

@estesp
Copy link
Member

estesp commented Oct 18, 2019
edited
Loading

Over the past year there were many PRs and discussions about the encrypted container image support proposed across OCI, Kubernetes, and the runtimes including containerd. We finally agreed on the stream processor implementation, available in the 1.3 release, to allow media types to have an external processor binary which can handle actions on that stream of bytes on behalf of containerd. This allows containerd's core to not include special case code or implementation details for this and any future special media types, modes of compression, and so on.

@stefanberger and @lumjjb have prepared the stefanberger/imgcrypt repository for migration to the containerd organization.

This is specifically proposed as a non-core project per the recent project modes we added to containerd's governance. The maintainers of the repository will be Stefan Berger and Brandon Lum.

For a broader view of this work across many projects and repositories, a recent comment by @lumjjb is extremely helpful to see the full scope and status of the work: opencontainers/image-spec#775 (comment)

Having this repository as part of the containerd organization is valuable as it allows users/operators to assemble and deliver the required stream processors which can handle the encrypted layer media types as part of the containerd project umbrella. This repository currently includes features for ctr which were not accepted in the containerd core, but are extremely helpful for those trying to handle the current "chicken and egg" issue of not having a tool to test the encryption and decryption of layers. As this work matures and these capabilities are available across tools like buildkit and various other container build pipelines, it will be less necessary to have a special ctr tool for testing.

9 maintainer's LGTM required (2/3)
@AkihiroSuda
Copy link
Member

LGTM

2 similar comments
@mxpv
Copy link
Member

mxpv commented Oct 18, 2019

LGTM

@mlaventure
Copy link
Contributor

LGTM

@jterry75
Copy link
Contributor

LGTM!

@fuweid
Copy link
Member

fuweid commented Oct 22, 2019

LGTM

2 similar comments
@crosbymichael
Copy link
Member

LGTM

@Random-Liu
Copy link
Member

LGTM

@mikebrow
Copy link
Member

SGTM

@yujuhong
Copy link
Member

LGTM

@dchen1107
Copy link

LGTM and thanks!

@estesp
Copy link
Member Author

estesp commented Oct 24, 2019

11/13 LGTMs (2 more than required)

@crosbymichael can you work with @stefanberger on the mechanics of the transfer? Thanks!

@crosbymichael
Copy link
Member

@estesp @stefanberger yep

@crosbymichael
Copy link
Member

done

https://github.com/containerd/imgcrypt

@lumjjb
Copy link

lumjjb commented Oct 24, 2019

Thanks @crosbymichael ! 🍾

@crosbymichael crosbymichael mentioned this issue Nov 12, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests