Add non-core project "imgcrypt" to containerd organizationΒ #37
Description
Over the past year there were many PRs and discussions about the encrypted container image support proposed across OCI, Kubernetes, and the runtimes including containerd. We finally agreed on the stream processor implementation, available in the 1.3 release, to allow media types to have an external processor binary which can handle actions on that stream of bytes on behalf of containerd. This allows containerd's core to not include special case code or implementation details for this and any future special media types, modes of compression, and so on.
@stefanberger and @lumjjb have prepared the stefanberger/imgcrypt repository for migration to the containerd organization.
This is specifically proposed as a non-core project per the recent project modes we added to containerd's governance. The maintainers of the repository will be Stefan Berger and Brandon Lum.
For a broader view of this work across many projects and repositories, a recent comment by @lumjjb is extremely helpful to see the full scope and status of the work: opencontainers/image-spec#775 (comment)
Having this repository as part of the containerd organization is valuable as it allows users/operators to assemble and deliver the required stream processors which can handle the encrypted layer media types as part of the containerd project umbrella. This repository currently includes features for ctr which were not accepted in the containerd core, but are extremely helpful for those trying to handle the current "chicken and egg" issue of not having a tool to test the encryption and decryption of layers. As this work matures and these capabilities are available across tools like buildkit and various other container build pipelines, it will be less necessary to have a special ctr tool for testing.
9 maintainer's LGTM required (2/3)