weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Additional comments regarding Quay.io

Browse Source 
Signed-off-by: David Noyes <david.noyes@venafi.com>
This commit is contained in:
David Noyes 2024-01-30 10:24:35 +00:00
parent e7f3ff6e49
commit ad2e24d66d
No known key found for this signature in database
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
design/20240122.scarf.md
View File

@ -12,7 +12,16 @@
## Summary
With our focus on CNCF graduation, CNCF aims for its projects to become [vendor-neutral](https://contribute.cncf.io/maintainers/community/vendor-neutrality/) wherever possible. The cert-manager project should uphold this aim. In doing so, it will need to take a further step to move on from its proud Jetstack legacy with a change to remove Jetstack from the container image repository name. Recently partnered with the Linux Foundation, Scarf is a service designed for open-source projects that will allow us to perform this migration seamlessly. In addition, Scarf will provide the benefit of not being tied to a single container image/binary repository vendor, giving us the freedom to change vendors, switch to a more neutral domain (e.g., cert-manager.io) and continue to provide container images seamlessly while still maintaining observability of how the project is downloaded.
With our focus on CNCF graduation, CNCF aims for its projects to become [vendor-neutral](https://contribute.cncf.io/maintainers/community/vendor-neutrality/) wherever possible. The cert-manager project should uphold this aim. In doing so, it will need to take a further step to move on from its proud Jetstack legacy with a change to remove Jetstack from the container image repository name.
In addition, Quay.io, the current container image registry for cert-manager, has limitations on the amount of analytic data it can provide due to the high volume of downloads that cert-manager receives. The cert-manager maintainers have also found that Quay has had several outages during 2023, and they want to manage that situation quickly in the future if required.
Recently partnered with the Linux Foundation, Scarf is a service designed for open-source projects that will allow for a simple migration.
Scarf will provide multiple benefits:
- Not being tied to a single container image/binary repository vendor gives the freedom to change vendors if required.
- Switching to a more neutral domain (e.g., cert-manager.io).
- Continuing to provide container images at significant volume while improving the analytic data of how the project is downloaded.
### What is Scarf?
@ -50,5 +59,4 @@ Going forward, we would encourage users to use the new download paths by specify
Any users downloading from secure environments with limited internet connections through firewall restrictions will need to add "allowed" rules for the Scarf gateway domain in addition to any existing rules for the image repository, such as quay.io. These should be clearly documented.
### Known issues/limitations
- Currently the Scarf service only allows for custom domains and doesn't include custom paths. When speaking with members of the Scarf organisation, this is due to a technical limitation as the path is used in the image identification/verification process. Scarf is investigating a workaround; however, we may need to consider an additional hosting location/service to allow us to remove "jetstack" from the download path. An additional hosting location will increase existing maintenance and deployment process overheads.
- Currently, the Scarf service only allows for custom domains and doesn't include custom paths. When speaking with members of the Scarf organisation, this is due to a technical limitation as the path is used in the image identification/verification process. Scarf is investigating a workaround; however, we may need to consider an additional hosting location/service to allow us to remove "jetstack" from the download path. An additional hosting location will increase existing maintenance and deployment process overheads.