Project

Profile

Help

Pulp Container Roadmap » History » Sprint/Milestone 34

ipanova@redhat.com, 05/04/2020 02:20 PM

1 32 ipanova@redhat.com
# Pulp Container Roadmap
2 2 ipanova@redhat.com
3
~~~
4 32 ipanova@redhat.com
This is a living document that is moving towards a long term plan to develop Container plugin for Pulp 3.0 and beyond.
5 2 ipanova@redhat.com
~~~
6 1 ipanova@redhat.com
7 18 ipanova@redhat.com
~~~
8 32 ipanova@redhat.com
With Pulp as a Container registry you can:
9 18 ipanova@redhat.com
10
- Mirror container image repositories hosted on Docker-hub, Google Container Registry, Quay.io, etc
11
- Reduce disk use space by mirroring container image repositories using the "on demand" policy. An image is only downloaded once it has been requested by a client.
12 32 ipanova@redhat.com
- Use local filesystem or an object storage store such as S3 to host all the container images TBD
13 18 ipanova@redhat.com
- Curate container images by whitelisting what is mirrored from an external repository.
14
- Curate container images by creating repository versions with a specific set of images.
15
- Create versioned repositories that can be promoted or rolled back with a single operation.
16
17
Pulp also has:
18
- tasking system that can be used to perform a variety of specialized work such as analysis of content. e.g. integration with clair-scanner
19
- a large community of users
20
- a commuity of plugin developers
21
~~~
22
23 1 ipanova@redhat.com
24
25
## Supported Content Types
26
27 34 ipanova@redhat.com
  - Docker Image manifest schema2 and schema1 (conversion on the fly)
28
  - Docker Manifest list
29
  - Docker Blob
30
  - OCI Image manifest schema1
31
  - OCI Image index
32
  - OCI Blob
33
  - Image Tag
34 1 ipanova@redhat.com
35
## Pulp Container Plugin Use Cases
36
37
38
##### Sync
39
40 34 ipanova@redhat.com
  - As a user I can sync container repo from Container registry
41
      * assumes registry is compliant v2 api specs
42
      * with token based auth
43
      * with basic auth
44
      * specify \`feed\` and \`upstream_name\`
45 1 ipanova@redhat.com
46 34 ipanova@redhat.com
  - As a user I can sync a registry by whitelisting tags ( Filtered Sync)
47
     * whitelisting tags supports wildcards
48
  - As a user i can lazily fetch container repo by specifying the download policy
49
  - As a user I can sync a private container repo from Container registry
50
  - As a user I can sync from a container repo published by Pulp ( pulp2pulp3 and pulp3pulp3 sync)
51
  - As a user, I can mirror the content of a remote repository with an additive behaviour, so content is never removed locally.
52
  - As a user, I can exactly mirror the content of a remote repository( mirror on sync)
53 1 ipanova@redhat.com
54
**NOTE**: dropping enable_v1, enable_v2, mask_id options
55 8 ipanova@redhat.com
56 16 ipanova@redhat.com
##### Publish
57 1 ipanova@redhat.com
58 34 ipanova@redhat.com
  - As a user I can distribute container content
59
  - As a user, I can specify base_path that will be used in the Container registry
60
  - As a user I can pull docker content with older client (Pulp will convert on the fly docker image schema2 to schema1)
61
  - As a user I cam pull from Container registry that has auth mechanism  
62 33 ipanova@redhat.com
    \*token auth
63 1 ipanova@redhat.com
64 28 ipanova@redhat.com
As a result the above section should enable clients to perform \`docker/podman pull\`
65 1 ipanova@redhat.com
66
**NOTE** dropping protected option
67
68 21 ipanova@redhat.com
##### Filtering
69 1 ipanova@redhat.com
70 34 ipanova@redhat.com
  - As a user I can filter tags and images by digest, media_type, tag_name
71 21 ipanova@redhat.com
72 22 ipanova@redhat.com
##### Addition of the content to the repo with deps
73 21 ipanova@redhat.com
74 34 ipanova@redhat.com
  - As a user I can add Manifest and all Blobs it references to the destination repo
75
  - As a user I can add Manifest List and all Manifests and Blobs it references to the destination repo
76
  - As a user I can add Tag and all its' associated content it references to the destination repo
77 25 ipanova@redhat.com
78
##### Removal of the content from the repo with deps
79 1 ipanova@redhat.com
80 34 ipanova@redhat.com
  - As a user I can remove Manifest and all Blobs it references from the repo
81
  - As a user I can remove Manifest List and all Manifests and Blobs it references from the repo
82
  - As a user I can remove Tag and all its' associated content it references from the repo
83 21 ipanova@redhat.com
84 1 ipanova@redhat.com
**NOTE** units that are referenced by other units are not removed
85 31 ipanova@redhat.com
86
##### Copy of the content form source repo to the dest repo with deps
87
88 34 ipanova@redhat.com
  - As a user I can copy by digest, media_type Manifest and all Blobs it references from the source repo to the destination repo
89
  -  As a user I can copy by digest , media_type Manifest List and all Manifests and Blobs it references from the source repo to the destination repo
90
  -  As a user I can copy Tag by name and all its' associated content it references from the source repo to the destination repo
91 21 ipanova@redhat.com
92 1 ipanova@redhat.com
##### Adding/removing Tag via pulp api
93 27 ipanova@redhat.com
94 34 ipanova@redhat.com
  - As a user I can Tag an imagine in a repo
95
  - As a user I can Untag an imagine in a repo
96
  - As a user I can point existing Tag to a different image in a repo
97 21 ipanova@redhat.com
98 34 ipanova@redhat.com
##### Enable v2/catalog endpoint
99 25 ipanova@redhat.com
100 34 ipanova@redhat.com
##### As a user I can build OCI images from Containerfiles and serve them from Pulp Registry
101
102
### Post-MVP  ( subject to extension)
103
104 1 ipanova@redhat.com
##### Sync
105
106 32 ipanova@redhat.com
  - As a user, I can sync from a repository with Foreign Layers and save them in pulp for disconnected env.
107 34 ipanova@redhat.com
  - As a user, I can sync from external registry using a pull-secret file
108 1 ipanova@redhat.com
109 34 ipanova@redhat.com
110 1 ipanova@redhat.com
##### Publish
111 32 ipanova@redhat.com
112 1 ipanova@redhat.com
  - As a user I cam pull from Container registry that has auth mechanism  
113
    \*basic auth
114 30 ipanova@redhat.com
115
##### Force removal of the content from the repo with deps
116
117
  - As a user I can remove Manifest and all Blobs it references from the repo
118
  - As a user I can remove Manifest List and all Manifests and Blobs it references from the repo
119
  - As a user I can remove Tag and all its' associated content it references from the repo
120 26 ipanova@redhat.com
121 21 ipanova@redhat.com
##### Export
122 32 ipanova@redhat.com
123 1 ipanova@redhat.com
  - As a user I can distribute Container content using a remote server ( rsync exporter)
124 32 ipanova@redhat.com
125 34 ipanova@redhat.com
##### Import/Export
126
 - As a user I can export a repository and import it in an air-gapped environment
127
128 1 ipanova@redhat.com
##### Docker/podman push
129 10 ipanova@redhat.com
130 13 ipanova@redhat.com
  - As a user, I can 'docker push' to a Pulp repository
131 11 ipanova@redhat.com
  - As a user I can 'docker tag' to a Pulp repository
132 7 ipanova@redhat.com
133 13 ipanova@redhat.com
##### Skopeo copy
134 8 ipanova@redhat.com
135 3 ipanova@redhat.com
  - As a user I can use skopeo pulp transport to push images to Pulp container registry
136 1 ipanova@redhat.com
137 2 ipanova@redhat.com
138 32 ipanova@redhat.com
## What will be dropped in Pulp3
139
140 7 ipanova@redhat.com
  - v1 API support. In Pulp3 we'll have just v2 api registry and corresponding v2 content types
141 32 ipanova@redhat.com
  - v1/search. There is no v2/search so \`docker search\` for v2 content will not work. If upstream docker will add support for v2 docker content search by the time we deliver container plugin for pulp3 we will reconsider and include the endpoint.
142 1 ipanova@redhat.com
  - content protection. In Pulp3 container repos will not support entitlement cert protection. ( option \`protected\` is dropped)
143
  - export content into a tar file. It was possible to do so for v1 content.
144
  - Crane is not longer used as a registry API. Pulp 3's ability to serve custom live APIs has made it possible for Crane's feature set to be incorporated into the pulp_container plugin