Container Images #1685
Comments
|
Hi @mattfarina 👋 This sounds interesting 🙂 @cynthia-sg and I have been discussing this and we have some ideas that could make it work, but we’ll need to experiment a bit with them to be sure. Scaling may be another challenge indeed. However, we are not sure either if container images should be in the Artifact Hub or not. What do you think @caniszczyk? |
|
As long as we are indexing them and not storing the binary artifacts I'm OK
with it.
…On Mon, Nov 15, 2021 at 6:14 AM Sergio C. Arteaga ***@***.***> wrote:
Hi @mattfarina <https://github.com/mattfarina> 👋
This sounds interesting 🙂
@cynthia-sg <https://github.com/cynthia-sg> and I have been discussing
this and we have some ideas that could make it work, but we’ll need to
experiment a bit with them to be sure. Scaling may be another challenge
indeed.
However, we are not sure either if container images should be in the
Artifact Hub or not. What do you think @caniszczyk
<https://github.com/caniszczyk>?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1685 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAPSIPNMAXFK6ZBMI543JLUMD2T3ANCNFSM5H3DSZOA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
Cheers,
Chris Aniszczyk
https://aniszczyk.org
|
|
@tegioz I brought it up with @caniszczyk before I filed the issue here. :) |
|
Hi 👋 There are a couple of points we'd like to discuss a bit before moving on. DiscoverabilityAt the moment the OCI distribution spec does not define a mechanism to list all repositories for a given namespace. There are some interesting conversations going on (opencontainers/distribution-spec#22, opencontainers/distribution-spec#222, OCI Catalog Listing API - Workgroup), but we are not there yet. Some registries have their own APIs for this purpose, but if we were to add a new This limitation may have an impact on the user experience. In Artifact Hub, publishers add repositories that can contain one or more packages. Setting up a repository is a simple process that just takes a minute, and only requires adding the repository name and url. Our initial idea was to map somehow a namespace in an OCI registry to a repository in AH, and each of the images repositories in the registry namespace would become a package in AH, which can have multiple versions (or tags in this case). However with limitations in discoverability this may not be possible unless we consider relying on registries' specific APIs and only support those offering that functionality, which is probably not ideal. Another approach would be to map a repository in a OCI registry to a repository in AH. This would be the easiest way to go, but we think this can lead to a poor user experience. Some organizations have hundreds of repositories published in a registry. Bitnami, for example, has 267 repositories published in the Docker Hub at the time of writing this. Following this approach, they'd need to add the same amount of repositories to AH, each of them having a single package with multiple versions. Metadata and documentationMost of the containers images available in the major public registries don't contain any metadata or documentation embedded. Importing those container images would lead to a poor user experience in the Artifact Hub UI, as we wouldn't have much information to display and search results wouldn't be very accurate without descriptions, categories or keywords. We were thinking that we could require some metadata to be present in the image for it to be indexed. The metadata could be provided in the form of annotations as defined in the OCI image spec. We could leverage the pre-defined annotation keys when they fit, and define AH specific ones when needed. This would require an extra effort from publishers to include this information in their images, but would improve the final user experience in AH. Not all tooling is ready yet to deal with annotations in images, but we could consider supporting labels in the configuration as a fallback mechanism. There are more topics worth discussing, but we can start with these two 🙂 |
|
Hi folks, This is no different than Home Depot, Lowes, Amazon having a broad catalog, where many of the products are "drop shipped' directly from the manufacturer. Within the Syndication API, you might choose to replicate just the catalog info, or the content as well. Through signing, it wouldn't matter where you get the artifact, just as long as it's an artifact from an entity you trust. I wrote about this model here: Separating Identity From Location While the biggest gap today is a standard API to replace the For how to distribute meta-data and documentation, I had played with the idea of shipping the documentation for a repo as just another artifact type. Imagine you push an OCI Artifact with two files:
The artifact might be tagged Publishers of a repo simply upload this artifact. In the We're also exploring the ORAS Artifact reference types to host the regdoc content, specific to an artifact, but that's a bit deeper. For annotations, I'd also really like to see annotations and labels be indexed. Until we have a way to get the annotations out, it's hard to see the broad adoption of annotations. We also have to think about how annotations from the original artifact are added with annotations that would be added after. I captured some notes here, and started thinking about ORAS Artifacts being able to upload just annotations to enhance an existing artifact. I'd suggest a working group is a place to start as there's not enough to use today, so whichever direction we go, we'll need new apis. |
|
Thanks @SteveLasker! All this information will be very useful 🙂 Regarding shipping the documentation as another artifact type: we are also experimenting with something similar by allowing publishers of Helm repos stored in OCI registries to add the repository metadata file, used for features like verified publisher and ownership claim, as an additional artifact using the tag |
|
@tegioz awesome to see the ownership claim. For the OCI usage, this has just been the chicken/egg issue where folks won’t adopt while under experimental. |
|
@tegioz Sorry I was slow to see your comments on this. Great starting analysis. I see that this landed on the OCI mailing list at https://groups.google.com/a/opencontainers.org/g/dev/c/Le0BtdnqS40.
I don't think that all public images need to be indexed by AH. I've created many public images that aren't supported and are basically tests that ended up being abandonware. The extra effort to provide a good UX around images means to be consumed by the general public is ok, IMHO. Those who want their images to be generally used as independent images can put in some of that extra work. This is my opinion and if people want to persuade me of something else, I am open to listening.
I wonder if Bitnami wants all their images to be listed or if they are just a building block of a higher level component (i.e. a chart). This could use some investigation (I'll do it). On the OCI mailing list it was noted:
This conversation may be good to take over there. I can also volunteer to take it there. Docker Hub has been the go to place so people can discover images. If it were more easily possible to discover images without putting them on Docker Hub it would relieve some burden on Docker Hub while providing more publicity for other registries. I can see potential interest in helping this effort. |
|
Thanks @mattfarina, no worries.
Cool, that's agreed then 👍
If we agree that mapping a repository in a OCI registry to a repository in AH is ok, we can go ahead and start working on a prototype for this new
Awesome, thanks! |
|
sounds good. I'm happy to brainstorm or be roped in as needed. |
|
@tegioz I reached out to someone at Bitnami and the response was that they would want to list many of their images. Since registries don't have a method to discover all the images in a namespace, they would be open to another method to provide a list of images such as uploading a list in some format. |
Closes #1685 Signed-off-by: Sergio Castaño Arteaga <tegioz@icloud.com> Signed-off-by: Cintia Sanchez Garcia <cynthiasg@icloud.com> Co-authored-by: Sergio Castaño Arteaga <tegioz@icloud.com> Co-authored-by: Cintia Sanchez Garcia <cynthiasg@icloud.com>
Closes #1685 Signed-off-by: Sergio Castaño Arteaga <tegioz@icloud.com> Signed-off-by: Cintia Sanchez Garcia <cynthiasg@icloud.com> Co-authored-by: Sergio Castaño Arteaga <tegioz@icloud.com> Co-authored-by: Cintia Sanchez Garcia <cynthiasg@icloud.com>
|
Hi 👋 Happy new year to everyone! 🙂 We've just created a PR that adds experimental support for containers images to Artifact Hub. Please see the containers images section in the repositories guide for more information about how it would work. Repositories can be added from the UI control panel as usual:
And this is how packages of kind
Please let us know your thoughts! |
Closes #1685 Signed-off-by: Sergio Castaño Arteaga <tegioz@icloud.com> Signed-off-by: Cintia Sanchez Garcia <cynthiasg@icloud.com> Co-authored-by: Sergio Castaño Arteaga <tegioz@icloud.com> Co-authored-by: Cintia Sanchez Garcia <cynthiasg@icloud.com>
Closes #1685 Signed-off-by: Sergio Castaño Arteaga <tegioz@icloud.com> Signed-off-by: Cintia Sanchez Garcia <cynthiasg@icloud.com> Co-authored-by: Sergio Castaño Arteaga <tegioz@icloud.com> Co-authored-by: Cintia Sanchez Garcia <cynthiasg@icloud.com>
|
Experimental support for containers images has just been deployed 🙂 |
Is your feature request related to a problem? Please describe.
Container images that people would want to consume generally (e.g., PostgreSQL) used to all be in Docker Hub. It was that central store. Things have change and container images are stored all over. That includes those meant to be consumed by the masses and not just company or hobby projects.
This makes discoverability difficult.
Describe the solution you'd like
I would like to have a site to go to where I could search for container images and get a list of them in their distributed locations.
Describe alternatives you've considered
I've considered using a search engine, like Google. Unfortunately, it does a bad job because I'm just looking for container images and it displays all types of pages.
I've considered just relying on Docker Hub search. But, some of the images I need to work with are in other registries. I imagine there are other great images in those other registries I would like to use.
Additional context
Container images are part of the OCI and container projects (e.g., containerd and cri-o) are part of the CNCF. The OCI and CNCF are both part of the Linux Foundation.
I'm not sure container images should be in the Artifact Hub. I would like to discover them in either the Artifact Hub or a system that just does images but is like the Artifact Hub. I'm mostly unsure what this would do for user experience, scaling (e.g. with scanning), and other things.
The text was updated successfully, but these errors were encountered: