-
Epic
-
Resolution: Unresolved
-
Major
-
None
-
None
-
Create the image inspection library for integrating multiple Registry integrations
-
False
-
None
-
False
-
To Do
-
SECFLOWOTL-124 - Image Updater: Decouple registry and image inspection functionality from updating functionality
-
14% To Do, 14% In Progress, 71% Done
-
-
Epic Goal
Image Updater provides some functionality that can be reused by other projects, most notably the feature to inspect OCI and Docker registries' contents and pick an image based on some constraints.
However, Image Updater is tightly coupled with Argo CD right now and requires consumers to pull in Argo CD as a dependency.
Some key features that the library should support could be:
- Registry Integration
- Plugin supports several OCI-compliant registries, such as Docker Hub, Amazon ECR, Google Container Registry (GCR), Azure Container Registry (ACR), Harbor, and many others.
- It can authenticate and connect to these registries using various methods, including anonymous access, username/password, token-based authentication, or cloud-specific mechanisms (like IAM roles for AWS ECR).
- Image Discovery and Inspection:
- Image List Retrieval: The tool connects to the specified registry and retrieves a list of available images and their tags. This is done by interacting with the registry's HTTP API, typically using the Docker Registry HTTP API v2 or the OCI Distribution Specification.
- Manifest and Tag Inspection: For each image, Plugin fetches its manifest, which includes information about image layers, configurations, the digest (unique identifier), creation date, and more.
- Semantic Versioning and Update Policies: The tool can be configured to inspect image tags based on semantic versioning rules (e.g., picking the latest version that matches 1.x), regular expressions, or a specific tag policy (like latest).
- Policy-Driven Updates:
-
- Plugin can be configured with specific update policies for each image, such as:
- Latest Patch or Minor Version: Automatically update to the latest patch or minor version within a major version series.
- Wildcard Matching: Use regular expressions or wildcard patterns to match image tags.
- Specific Tags: Only update to specific tags that match a certain pattern (e.g., release-*).
- The plugin supports configuring these policies through annotations in the Kubernetes manifests or a configuration file.
- Plugin can be configured with specific update policies for each image, such as:
Why is this important?
Image Updater provides some functionality that can be reused by other projects, most notably the feature to inspect OCI and Docker registries' contents and pick an image based on some constraints.
However, Image Updater is tightly coupled with Argo CD right now and requires consumers to pull in Argo CD as a dependency.
Acceptance Criteria:
- Replicate the image inspection code to the new plugin repo <> from the https://github.com/argoproj-labs/argocd-image-updater
- Some packages that need to be moved are:
- pkg/image
- pkg/registry
- pkg/tag
- pkg/version
- Some packages that need to be moved are:
- Add any unit tests if not already available
- Add all the documentation to the new repository <>.
- Set up github actions for the repository for executing tests for every PR and every merge.{}
- is depended on by
-
GITOPS-5556 Integrate the Image Inspection Library with ArgoCD Image Updater
- New