Container registries, implementing the OCI distribution-spec, provide reliable, highly scalable, secured storage services for container images. Customers use cloud provider implementations, vendor implementations, and instances of the open source implementation of docker distribution. They configure security and networking to assure the images in the registry are locked down and accessible by the resources required. Cloud providers and vendors often provide additional value atop their registry implementations from security to productivity features.
Applications and services typically require additional artifacts to deploy and manage container images, including helm charts for deployment and Open Policy Agent (OPA) bundles for policy enforcement.
Utilizing the OCI manifest and OCI index definitions, new artifact types can be stored and served using the OCI distribution-spec without changing the actual distribution spec. This repository will provide a reference for artifact authors and registry implementors for supporting these new artifact types themselves with the existing implementations of distribution.
By providing support for OCI artifact types over OCI distributions, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution (YASS).
Under the github.com/opencontainers organization:
- Create a new artifacts repository, named github.com/opencontainers/artifacts
- Update the OCI distribution-spec to generically reference OCI manifest and OCI index, with OCI Image as one of many artifact types it can store.
- Update the OCI image-spec to reference images as an implementation of artifacts, using OCI manifest and OCI index
The repository will serve 3 primary goals:
- artifact authors - guidance for authoring new artifact types. Including a clearing house for well known artifact types.
- registry operators and vendors - guidance for how operators and vendors can support new artifact types, including how they can opt-in or out of well known artifact types. Registry operators that already implement
media-typefiltering will not have to change. The artifact repo will provide context on how newmedia-types can be used, and howmedia-types can be associated with a type of artifact. - clearing house for well known artifacts - artifact authors can submit their artifact definitions, providing registry operators a list by which they can easily support.
- Proposals for new artifact types should be opened as pull requests on the artifact repository
- The artifact project maintainers will review new proposals, ask clarifying questions, and choose or not to accept the suggested artifact type
- Acceptance requires at least 2 +1s from the maintainers (currently 3 maintainers)
- Where the submitter disagrees strongly with the decision they can bring to the issue to the TOB for a vote, under the current voting rules.
Initial maintainers of the artifacts project would be :
- Steve Lasker [email protected] (@stevelasker)
- Derek McGowan [email protected] (@derekmcgowan)
- Mike Brown [email protected] (@mikebrow)
- Stephen Day [email protected] (@stevvooe)
This project would incorporate (by reference) the OCI Code of Conduct.
This project would further incorporate the Governance and Releases processes from the OCI project template: github.com/opencontainers/project-template.
This project would continue to use existing channels in use by the OCI developer community for communication
This repository will not be versioned, but will be continuously updated with a list of versioned types with historical references. This repository will not have releases.
Artifacts will reference specific OCI distribution, OCI index and OCI manifest versions in its examples and references for capabilities.
Q: Does this change the OCI Charter or Scope Table?
A: No. Artifacts are a prescriptive means of storing OCI index and OCI manifest within OCI distribution implementations.