From 01cc5c9b57f70663549cf3b0ab7479921bd10d4c Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Wed, 24 Jul 2019 17:16:01 -0700 Subject: [PATCH 1/4] Add artifacts proposal Signed-off-by: stevenlasker@hotmail.com Signed-off-by: Steve Lasker --- proposals/artifacts.md | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 proposals/artifacts.md diff --git a/proposals/artifacts.md b/proposals/artifacts.md new file mode 100644 index 0000000..963df1d --- /dev/null +++ b/proposals/artifacts.md @@ -0,0 +1,56 @@ +# OCI artifact project proposal + +## Abstract +Container registries, implementing the [distribution-spec][distribtuion-spec], provide reliable, highly scalable, secured storage services for container images. Customers either use a cloud provider implementation, vendor implementations, or instance the open source implementation of distribution. They configure security and networking to assure the images in the registry are locked down and accessible by the resources required. Cloud providers and vendors often provide additional values atop their registry implementations from security to productivity features. + +Applications and services typically require additional artifacts to deploy and manage, including [helm](https://helm.sh) for deployment and [Open Policy Agent (OPA)](https://github.com/open-policy-agent/opa/issues/1413) for policy enforcement. + +Utilizing the [manifest][image-manifest] and [index][image-index] definitions, new artifacts can be stored and served using the [distribution-spec][distribution-spec] without changing the actual distribution spec. This repository will provide a reference for artifact authors and registry implementors for supporting new artifact types with the existing implementations of distribution. + +By providing an OCI artifact definition, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution (yass). + +## Proposal +Under the http://github.com/opencontainers organization: + +- Create a new **artifacts** repository, named http://github.com/opencontainers/artifacts +- Update [distribution][distribution-spec] to generically reference [manifest][image-manifest] and [index][image-index], with image as one of many artifact types it can store. + +## Contents + +The repository will serve 2 primary goals: + +1. **artifact authors** - guidance for authoring new artifact types. Including a clearing house for well known artifact types. +1. **registry operators and vendors** - guidance for how they can support new artifact types, including how they can opt-in or out of well known artifact types. + +### Initial Maintainers +Initial maintainers of the artifacts project would be : +* Steve Lasker (@stevelasker) +* Derek McGowan @derekmcgowan +* Mike Brown @mikebrow + +### Code of Conduct +This project would incorporate (by reference) the OCI [Code of Conduct][code-of-conduct]. + +### Governance and Releases +This project would incorporate the Governance and Releases processes from the OCI project template: https://github.com/opencontainers/project-template. + +### Project Communications +Both of the proposed projects would continue to use existing channels in use by the OCI developer community for communication including: +* GitHub for issues and pull requests +* The dev@opencontainers.org email list +* The weekly OCI developer community conference call +* The #OpenContainers IRC channel + +### Versioning / Roadmap +Artifacts will reference specific [distribution][distribution-spec], [index][image-index] and [manifest][image-manifest] versions in its examples, identifying any dependencies required. + +## Frequenty Asked Questions (FAQ) + +**Q: Does this change the OCI Charter or Scope Table?** + +A: No. Artifacts are a prescriptive means of storing [index][image-index] and [manifest][image-manifest] within [distribution][distribution-spec] implementations. + +[distribution-spec]: https://github.com/opencontainers/distribution-spec/ +[code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md +[image-manifest]: https://github.com/opencontainers/image-spec/blob/master/manifest.md +[image-index]: https://github.com/opencontainers/image-spec/blob/master/image-index.md \ No newline at end of file From ecbb37858f3e96b681a5c664567e8647c59d60d7 Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Tue, 6 Aug 2019 11:17:34 -0700 Subject: [PATCH 2/4] incorporate versioning feedback, resolve typos Signed-off-by: Steve Lasker --- proposals/artifacts.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/proposals/artifacts.md b/proposals/artifacts.md index 963df1d..504ae23 100644 --- a/proposals/artifacts.md +++ b/proposals/artifacts.md @@ -1,13 +1,13 @@ # OCI artifact project proposal ## Abstract -Container registries, implementing the [distribution-spec][distribtuion-spec], provide reliable, highly scalable, secured storage services for container images. Customers either use a cloud provider implementation, vendor implementations, or instance the open source implementation of distribution. They configure security and networking to assure the images in the registry are locked down and accessible by the resources required. Cloud providers and vendors often provide additional values atop their registry implementations from security to productivity features. +Container registries, implementing the [distribution-spec][distribution-spec], provide reliable, highly scalable, secured storage services for container images. Customers either use a cloud provider implementation, vendor implementations, or instance the open source implementation of distribution. They configure security and networking to assure the images in the registry are locked down and accessible by the resources required. Cloud providers and vendors often provide additional values atop their registry implementations from security to productivity features. Applications and services typically require additional artifacts to deploy and manage, including [helm](https://helm.sh) for deployment and [Open Policy Agent (OPA)](https://github.com/open-policy-agent/opa/issues/1413) for policy enforcement. Utilizing the [manifest][image-manifest] and [index][image-index] definitions, new artifacts can be stored and served using the [distribution-spec][distribution-spec] without changing the actual distribution spec. This repository will provide a reference for artifact authors and registry implementors for supporting new artifact types with the existing implementations of distribution. -By providing an OCI artifact definition, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution (yass). +By providing an OCI artifact definition, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution (YASS). ## Proposal Under the http://github.com/opencontainers organization: @@ -42,9 +42,11 @@ Both of the proposed projects would continue to use existing channels in use by * The #OpenContainers IRC channel ### Versioning / Roadmap -Artifacts will reference specific [distribution][distribution-spec], [index][image-index] and [manifest][image-manifest] versions in its examples, identifying any dependencies required. +This repository will not be versioned, but will be continuously updated with a list of versioned types with historical references. This repository will not have releases. -## Frequenty Asked Questions (FAQ) +Artifacts will reference specific [distribution][distribution-spec], [index][image-index] and [manifest][image-manifest] versions in its examples and references for capabilities. + +## Frequently Asked Questions (FAQ) **Q: Does this change the OCI Charter or Scope Table?** From 6b0f4d9ab96e19e9f59a6225cd513a57af4666f4 Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Wed, 7 Aug 2019 14:47:34 -0700 Subject: [PATCH 3/4] Add clarity for media-type filtering Signed-off-by: Steve Lasker --- proposals/artifacts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/artifacts.md b/proposals/artifacts.md index 504ae23..fb9118f 100644 --- a/proposals/artifacts.md +++ b/proposals/artifacts.md @@ -20,7 +20,7 @@ Under the http://github.com/opencontainers organization: The repository will serve 2 primary goals: 1. **artifact authors** - guidance for authoring new artifact types. Including a clearing house for well known artifact types. -1. **registry operators and vendors** - guidance for how they can support new artifact types, including how they can opt-in or out of well known artifact types. +1. **registry operators and vendors** - guidance for how operators and vendors can support new artifact types, including how they can opt-in or out of well known artifact types. Registry operators that already implement `media-type` filtering will not have to change. The artifact repo will provide context on how new `media-type`s can be used, and how `media-type`s can be associated with a type of artifact. ### Initial Maintainers Initial maintainers of the artifacts project would be : From 41b78f6c6425ca9461a472a01eb7aa40887a3bb6 Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Fri, 9 Aug 2019 10:46:49 -0700 Subject: [PATCH 4/4] Add stevvooe as maintainer Signed-off-by: Steve Lasker --- proposals/artifacts.md | 59 ++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/proposals/artifacts.md b/proposals/artifacts.md index fb9118f..5f57218 100644 --- a/proposals/artifacts.md +++ b/proposals/artifacts.md @@ -1,58 +1,73 @@ -# OCI artifact project proposal +# OCI Artifacts Project Proposal ## Abstract -Container registries, implementing the [distribution-spec][distribution-spec], provide reliable, highly scalable, secured storage services for container images. Customers either use a cloud provider implementation, vendor implementations, or instance the open source implementation of distribution. They configure security and networking to assure the images in the registry are locked down and accessible by the resources required. Cloud providers and vendors often provide additional values atop their registry implementations from security to productivity features. -Applications and services typically require additional artifacts to deploy and manage, including [helm](https://helm.sh) for deployment and [Open Policy Agent (OPA)](https://github.com/open-policy-agent/opa/issues/1413) for policy enforcement. +Container registries, implementing the [OCI distribution-spec][distribution-spec], provide reliable, highly scalable, secured storage services for container images. Customers use cloud provider implementations, vendor implementations, and instances of the open source implementation of docker distribution. They configure security and networking to assure the images in the registry are locked down and accessible by the resources required. Cloud providers and vendors often provide additional value atop their registry implementations from security to productivity features. -Utilizing the [manifest][image-manifest] and [index][image-index] definitions, new artifacts can be stored and served using the [distribution-spec][distribution-spec] without changing the actual distribution spec. This repository will provide a reference for artifact authors and registry implementors for supporting new artifact types with the existing implementations of distribution. +Applications and services typically require additional artifacts to deploy and manage container images, including [helm](https://helm.sh) charts for deployment and [Open Policy Agent (OPA) bundles](https://github.com/open-policy-agent/opa/issues/1413) for policy enforcement. -By providing an OCI artifact definition, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution (YASS). +Utilizing the [OCI manifest][image-manifest] and [OCI index][image-index] definitions, new artifact types can be stored and served using the [OCI distribution-spec][distribution-spec] without changing the actual distribution spec. This repository will provide a reference for artifact authors and registry implementors for supporting these new artifact types themselves with the existing implementations of distribution. + +By providing support for OCI artifact types over OCI distributions, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution (YASS). ## Proposal -Under the http://github.com/opencontainers organization: -- Create a new **artifacts** repository, named http://github.com/opencontainers/artifacts -- Update [distribution][distribution-spec] to generically reference [manifest][image-manifest] and [index][image-index], with image as one of many artifact types it can store. +Under the [github.com/opencontainers](http://github.com/opencontainers) organization: + +- Create a new **artifacts** repository, named [github.com/opencontainers/artifacts](http://github.com/opencontainers/artifacts) +- Update the [OCI distribution-spec][distribution-spec] to generically reference [OCI manifest][image-manifest] and [OCI index][image-index], with [OCI Image][image-spec] as one of many artifact types it can store. +- Update the [OCI image-spec][image-spec] to reference images as an implementation of artifacts, using [OCI manifest][image-manifest] and [OCI index][image-index] ## Contents -The repository will serve 2 primary goals: +The repository will serve 3 primary goals: 1. **artifact authors** - guidance for authoring new artifact types. Including a clearing house for well known artifact types. 1. **registry operators and vendors** - guidance for how operators and vendors can support new artifact types, including how they can opt-in or out of well known artifact types. Registry operators that already implement `media-type` filtering will not have to change. The artifact repo will provide context on how new `media-type`s can be used, and how `media-type`s can be associated with a type of artifact. +1. **clearing house for well known artifacts** - artifact authors can submit their artifact definitions, providing registry operators a list by which they can easily support. + +### Process for Approving New Artifact Definitions + +1. Proposals for new artifact types should be opened as pull requests on the artifact repository +1. The artifact project maintainers will review new proposals, ask clarifying questions, and choose or not to accept the suggested artifact type +1. Acceptance requires at least 2 +1s from the maintainers (currently 3 maintainers) +1. Where the submitter disagrees strongly with the decision they can bring to the issue to the TOB for a vote, under the current voting rules. ### Initial Maintainers + Initial maintainers of the artifacts project would be : -* Steve Lasker (@stevelasker) -* Derek McGowan @derekmcgowan -* Mike Brown @mikebrow + +- Steve Lasker (@stevelasker) +- Derek McGowan (@derekmcgowan) +- Mike Brown (@mikebrow) +- Stephen Day (@stevvooe) ### Code of Conduct -This project would incorporate (by reference) the OCI [Code of Conduct][code-of-conduct]. + +This project would incorporate (by reference) the [OCI Code of Conduct][code-of-conduct]. ### Governance and Releases -This project would incorporate the Governance and Releases processes from the OCI project template: https://github.com/opencontainers/project-template. + +This project would further incorporate the Governance and Releases processes from the OCI project template: [github.com/opencontainers/project-template](https://github.com/opencontainers/project-template). ### Project Communications -Both of the proposed projects would continue to use existing channels in use by the OCI developer community for communication including: -* GitHub for issues and pull requests -* The dev@opencontainers.org email list -* The weekly OCI developer community conference call -* The #OpenContainers IRC channel + +This project would continue to use existing channels in use by the [OCI developer community for communication](https://github.com/opencontainers/org#communications) ### Versioning / Roadmap + This repository will not be versioned, but will be continuously updated with a list of versioned types with historical references. This repository will not have releases. -Artifacts will reference specific [distribution][distribution-spec], [index][image-index] and [manifest][image-manifest] versions in its examples and references for capabilities. +Artifacts will reference specific [OCI distribution][distribution-spec], [OCI index][image-index] and [OCI manifest][image-manifest] versions in its examples and references for capabilities. ## Frequently Asked Questions (FAQ) **Q: Does this change the OCI Charter or Scope Table?** -A: No. Artifacts are a prescriptive means of storing [index][image-index] and [manifest][image-manifest] within [distribution][distribution-spec] implementations. +A: No. Artifacts are a prescriptive means of storing [OCI index][image-index] and [OCI manifest][image-manifest] within [OCI distribution][distribution-spec] implementations. [distribution-spec]: https://github.com/opencontainers/distribution-spec/ +[image-spec]: https://github.com/opencontainers/image-spec/ [code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md [image-manifest]: https://github.com/opencontainers/image-spec/blob/master/manifest.md -[image-index]: https://github.com/opencontainers/image-spec/blob/master/image-index.md \ No newline at end of file +[image-index]: https://github.com/opencontainers/image-spec/blob/master/image-index.md