Mike Brown
Mike Brown
Needs rebase.. and needs changes to pick up the merged pr from https://github.com/kubernetes/kubernetes/pull/111384
agree with Brian that we could do this prior to 2.0 as a larger refactor of the auth config...
@adrianreber needs rebase
> Given the various scenarios we're seeing, and knowing there will be more scenarios in the future, perhaps instead of being prescriptive in exactly what fields are defined and we...
> My phrasing is that container runtimes trying to execute/process it makes it a container image. It's not restricting what runtimes can do, it's defining whether it's a container image...
artifacts are a grey space wrt. whether they can be considered a part of or augmentation to layers/config/index, guidance, filtering mechanisms, additional image config, even possibly a key store, alg,...
I like the high level definition here: https://github.com/opencontainers/image-spec/blob/main/spec.md#overview > At a high level the image manifest contains metadata about the contents and dependencies of the image including the content-addressable identity...
> An issue attempting to be solved in this PR is runtimes picking container images from a mixed index with artifacts included in the manifest list. The artifact entries could...
nod subject refers may be limited to local sha wrt. the referrers api (as is).. but we can use a different mechanism for base image manifest ref in a new...
>> Also, I have not backported this for the sbserver (do we want that?). yes, I think so