kubearmor-client
kubearmor-client copied to clipboard
Published
20 hours ago •
kubearmor
kubearmor
Replace Docker Client with ORAS to handle interaction with OCI registries like DockerHub
Description
The recommend command is currently responsible for fetching policies from the policy-templates repository and suggesting them according to the workloads present in the cluster. It adjusts selectors and other policy attributes to tailor the recommendations. This process involves interactions with Docker Hub, pulling images, and extracting image details using the Docker client.
Proposed Change
Replace the Docker client with ORAS (OCI Registry as Storage) to handle interaction with OCI registries like DockerHub. ORAS is a tool that supports OCI-compliant registries, providing a more flexible and standard approach. ORAS offers a client library in Go that can be used: https://oras.land/docs/client_libraries/overview
Tasks
- [ ] Identify all locations in code with interaction with OCI registries
- [ ] Update the Scanner struct to use ORAS for registry interactions.
- [ ] Replace the pullImage function to use ORAS for pulling images.
- [ ] Modify the logic to save pulled images to a tar file using ORAS.
