Skip to content
master
Go to file
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
lib
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Trow

Image Management for Kubernetes

We're building an image management solution for Kubernetes (and possibly other orchestrators). At its heart is the Trow Registry, which runs inside the cluster, is simple to set-up and fully integrated with Kubernetes, including support for auditing and RBAC.

Why "Trow"

"Trow" is a word with multiple, divergent meanings. In Shetland folklore a trow is a small, mischievous creature, similar to the Scandanavian troll. In England, it is a old style of cargo boat that transported goods on rivers. Finally, it is an archaic word meaning "to think, believe, or trust". The reader is free to choose which interpretation they like most, but it should be pronounced to rhyme with "brow".

Use Cases

The primary goal for Trow is to create a registry that runs within Kubernetes and provides a secure and fast way to get containers running on the cluster.

A major focus is providing controls for cluster administrators to define which images can run in the cluster. Trow can prevent unauthorised and potentially insecure or malicious images from touching your cluster.

Features include:

  • conforms to the OCI Distribution Specification for registries
  • controls images running inside the cluster via approve/deny lists
  • full auditing and authentication of image access (in progress)
  • distributed architecture for HA and scalability (planned)

Comparison to Other Registries

There is a short article on how Trow compares to other registries, including Harbor.

Install

If you want to quickly try out Trow on a development cluster (either local or remote), follow the quick install instructions.

This screencast shows how quick it is to get started:

asciicast

Normal installations and all production installations should follow the standard installation instructions. The standard install requires a sub-domain that can pointed at the registry. The install is based on Kustomize, making it simple to install and maintain, and ideal for clusters following the GitOps model.

Note that Trow is currently alpha and you can expect to find rough edges.

Architecture and Design

If you're interested in the design of Trow please take a look at the Architecture Guide.

Tests

There is a reasonably large test suite, which can be run with the docker/test.sh script.

User Guide

Work has started on a User Guide. Currently this explains how to persist images and how to list repositories and tags via curl.

Contributing

Please take a look at CONTRIBUTING.md for details on how to help out and DEVELOPING.md for how to get started compiling and running Trow. See also the Architecture Guide.

Code of Conduct

All participants in the Trow project are expected to comply with the code of conduct.

Notes

  • The project currently runs on Rust Nightly.
You can’t perform that action at this time.