Support OCI images in addition to git #2300
Labels
area/pkg
enhancement
New feature or request
triaged
Issue has been triaged by adding an `area/` label
Milestone
Comments
frankfarzan
added
triaged
|
@phanimarupaka @droot @mengqiy bumping this up since we got a customer request on for non-git package sources. |
|
could be good to fit this into a larger roadmap and reference this request, I know that the work to do non-git upstream and support resource-merge is not trivial. |
|
Yet another example where this would be useful: |
|
We will eventually want to support signing and verification. |
|
Another example: https://kustomizer.dev/ |
|
Is there some kind of ETA for this feature? |
|
+1 on ETA for this feature please. Our environment is very restrictive and does not allow pull from github in our pipelines. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Support for OCI images would facilitate automated generation and serving of kpt package versions, particularly in production environments. Every Kubernetes cluster must have an OCI registry accessible. OCI registries have more standardized APIs and authentication methods than git providers. OCI images have standardized metadata and file formats. They can be versioned similarly to git, with digests and tags. We would just need a sequential versioning convention.
It's increasingly common for all types of packages to be stored using OCI. Configuration/policy-related examples:
https://github.com/oras-project/oras
https://carvel.dev/imgpkg/
helm/helm#6068
open-policy-agent/opa#1413
https://github.com/tektoncd/community/blob/main/teps/0005-tekton-oci-bundles.md
https://github.com/cnabio/cnab-spec/blob/main/201-representing-CNAB-in-OCI.md
https://crossplane.io/docs/v1.2/concepts/packages.html
https://werf.io/documentation/v1.2/advanced/bundles.html
The text was updated successfully, but these errors were encountered: