Loading...

Type: Epic
Resolution: Done
Priority: Critical
Fix Version/s: quay-v3.6.0
Affects Version/s: None
Component/s: quay
Labels:

Epic Name:
Pluggable OCI mime-types
Epic Status:
To Do
Feature Link:
OCPPLAN-6840 - Support SigStore toolchain to sign and verify signed artifacts
Parent Link:
OCPPLAN-6840Support SigStore toolchain to sign and verify signed artifacts
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done
Git Pull Request:
https://github.com/quay/quay/pull/803

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Customer Problem: As a Quay administrator I want to allow my clients to store more than runnable container images. Given OCI artifact spec I want to be free to choose what kind of content can be stored on and served by Quay.

Goal: Make adopting OCI artifacts straightforward with quay.

User Story: As an admin of Quay, I'd like to be able to enable pre-defined and custom OCI mime-types so that I can store this content in Quay.

Default types we need to support: We need several additional OCI types to increase adoption of Quay in evolving areas such as artifact signing, helm and alternate compression schemes:

application/vnd.oci.image.config.v1+json
application/vnd.cncf.helm.chart.config.v1+json
application/vnd.dev.cosign.simplesigning.v1+json
application/vnd.oci.image.layer.v1.tar+zstd

The above should be generated by all our default configs and the config editor.

Background:

The specification for creating additional media types is complete https://github.com/opencontainers/image-spec/blob/master/media-types.md

As cloud-native tooling picks up support for those mime-types, particularly helm and cosign, Quay should start accepting those types as a basis for more first-class treatment later.

Lastly, this also helps enabling experimental usage of Quay (new client-side compression algorithms) or allowing workarounds for broken clients (that send invalid mime types).

Out of scope:

Any special treatment of these types of images, Quay should simply not reject them

Open Questions:

how does Clair supposed to treat custom OCI mimetypes?

Prioritized deliverables:

Quay by default accepts the above defined defined OCI artifact types with push / pull Operations
Quay allows to register custom OCI media type that a customer might have but does not treat them in a special way

Acceptance / Test Criteria:

a user is able to use helm CLI to store and retrieve charts as OCI images from Quay
a user is able to use cosign CLI to sign an existing image in Quay and validate the image subsequently
a user is able to push an image with zstd compression using podman (https://github.com/containers/skopeo/pull/1111)