When tenants want to use an image from a private registry to deploy a confidential container, the image-rs
module inside the pod needs to pulling the image from this private registry.
Here, a private registry means that the image-rs
module needs credentials to show the privilege of this registry.
Different OCI registry supports different types of authentication, however the upstream crate oci_distribution
of image-rs
only supports the following two types:
Anonymous
: Pulling an image from a public registry without any authentication. In this way, most of the public images can be pulled, except images from private registries. Besides, registries likedockerhub
can limit an image to (~100 IIRC) requests a month.Basic
: Usingusername
andpassword
as a Credential of this registry. In this way, no limitions mentioned occur.
Containers has a well-defined mechinism to distribute Credentials for registries when pulling images. The work process, considerations will be detailed in the following.
The total goal is to support pulling images using authentication information, s.t. credentials of specific registries. Below this, the sub-goals are
- Support
registry authentication file
mechinism when pulling images. - Support to getting
registry authentication file
from the KBS when it is enabled and not found in the specific filesystem path.
This section will clarify the authorization and authentication process of a registry. First let us make some assumptions to help.
- User
Alice
wants to deploy an imagebusybox
inside a confidential VM, s.t. pod. Let's say the host of the confidential VM isBob
, who can represent CSP. - The image is from a private registry
private-registry.org
which needs credential to login. - The image is pulled inside the VM to prevent
Bob
from knowing the credential. Alice
has the credential of this registry, s.t.username:Alice
,password:pswd
- The pod of
Bob
side to deploy confidential container is exclusive byAlice
.
Alice
should first edit an auth.json
following the format. In this story, for example, the auth.json
can be
{
"auths": {
"private-registry.org": {
"auth": "QWxpY2U6cHN3ZAo="
},
}
}
Here QWxpY2U6cHN3ZAo=
is the base64-encoded Alice:pswd
.
All the credentials have a common format that <username>:<password>
.
All above happens on the Alice
's side, so it is exactly safe and unknown to Bob
.
When Alice
wants to deploy the image private-registry.org/busybox
inside the confidential VM of Bob
's side, image-rs
needs to pull the image.
- Firstly, it checks whether there is an file
auth.json
, if yes, do step 3. - Fetch the
auth.json
viaGetResource
gRPC of Attestation Agent inside the same Pod. More details aboutGetResource
and Attestation Agent please refer to get-resource-service and attestation-agent. - The
image-rs
module then match the entries inside theauth.json
using longest prefix match. In this story, it will do:
- Firstly look for the entry
private-registry.org/busybox
, but there is not. - Then search for the entry
private-registry.org
, and the matched value will be"auth": "QWxpY2U6cHN3ZAo="
. In other scenarios, if no entries is matched, useAnonymous
authentication in step 4.
- The
image-rs
module use the credential matched to pull the image.
The same as policy.json
in image security.
We put the file in /run/image-security/auth.json
inside the Pod, because the /run
directory is mounted in tmpfs
, which is located in the encrypted memory protected by HW-TEE.
Every time a pulling operation is performed, check and get auth.json
if not find. This way is lazy and in need.
This way is preferred, because it has low start-up latency of image-rs
.
There are two steps:
-
Step 1 We set a hard-coded
ResourceDescriptor
forauth.json
in the bothimage-rs
side andattestation-agent
side. In this way we can test the ability ofauth.json
. -
Step 2 We provide a configuration for
PullClient
of theimage-rs
crate, which will indicates what theResourceDescriptor
is. In this way, not onlyauth.json
but alsopolicy.json
and other resourcesimage-rs
needs can be customized.
Step 1 is for short term, and in future we will gradually implement Step 2. At that time, this document should be modified.