Creating support for Encrypted Container Images #714
Comments
|
What exactly you mean with
If you mean, if implementing the encryption in the exporter pushes an encrypted image with |
|
Thanks @florianeichin for the reply. That's good to know! I was specifically interested in the behavior of I am curious as to if docker would use the export and push functionalities of buildkit (whether now, or maybe in the near future?). I was glancing at the docker code and did not see a call to an exporter in the push path. |
Current moby integration is a temporary solution because moby does not use containerd storage stack yet, so there are adapters to convert some missing pieces. See moby/moby#38043 . When this completes buildkit and Moby will use the same distribution stack and code reuse is much more seamless. Eventually, for |
|
Thanks @tonistiigi ! That's great to hear, that's what we were hoping for. We will start writing a PR for this once we merge the crypto functionality into containerd! |
@stefanberger, @harche, @estesp and I have been working with @stevvooe, @dmcgowan on Encrypted Container Image capabilities in containerd and OCI (opencontainers/image-spec#747).
We are curious on what the future of building images with (especially w.r.t. docker and buildkit). So that was can figure out where is a good place to write up a POC for building. Right now, we are looking at the OCI exporter to do this - but are not sure if this would be the right place to do it.
If implemented in an exporter, would it be in the build + push path?
The text was updated successfully, but these errors were encountered: