Skip to content

Commit

Permalink
Mention the storage level multi-tenancy
Browse files Browse the repository at this point in the history 
Signed-off-by: Roman Hros <[email protected]>
  • Loading branch information
@chess-knight
chess-knight committed Feb 14, 2023
1 parent 09e578a commit aa70de1
Showing 1 changed file with 21 additions and 21 deletions.
42 changes: 21 additions & 21 deletions Decisions/scs-XXXX-v1-requirements-for-container-registry.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ have and also a set of desirable (nice to have) features are defined and evaluat
- Content Trust and Validation
- Verify image authenticity before running - image signing
- Multi-tenancy
- Container registry is able to serve multiple tenants (projects, teams, namespaces)
- Container registry is able to serve multiple tenants (projects, teams, namespaces). It can be implemented also on the storage level, see e.g. [Keppel](https://github.com/sapcc/keppel#overview)
- Backup and restore
- It is important for disaster recovery and data migration scenarios
- Monitoring
Expand Down Expand Up @@ -251,26 +251,26 @@ Refer to the table of evaluated projects with their features. Note that only con
registry implementations that passed the OSS health stage (Harbor, Quay, and Dragonfly)
are evaluated here.

| Features | Harbor | Quay | Dragonfly |
|-------------------------------------|-----------------------------------------------|---------------------------------------------------------------------|--------------------------|
| Audit Logs ||||
| Authentication of system identities | ✓ Robot Accounts | ✓ Robot Accounts ||
| Authentication of users | ✓ Local database, LDAP, OIDC, UAA | ✓ Local database, LDAP, Keystone, JWT | ✓ Local database |
| Authorization ||||
| Automation | ✓ Webhooks | ✓ Webhooks, building images ||
| Vulnerability scanning | ✓ Trivy, Clair | ✓ Clair ||
| Content Trust and Validation | ✓ Notary, Cosign | ✓ Cosign ||
| Multi-tenancy | | | |
| Backup and restore ||||
| Monitoring | ✓ Prometheus metrics | ✓ Prometheus metrics | ✓ Prometheus metrics |
| HA mode ||||
| Registry replication ||||
| Proxy cache || ✓ Feature is in the technology preview stage (non production ready) ||
| Quota management | ✓ Based on storage consumption or image count | ✓ Based on storage consumption ||
| Garbage collection ||||
| Retention policy | ✓ Multiple tag retention rules | ✓ Only tag expiration rules ||
| Additional supported artifacts | ✓ non-OCI Helm charts (ChartMuseum) | ✗ (only OCI artifacts) | ✓ Maven, YUM |
| Integration possibilities | ✓ Dragonfly (P2P), Kraken (P2P) || ✓ Harbor, Nydus, eStargz |
| Features | Harbor | Quay | Dragonfly |
|-------------------------------------|-----------------------------------------------|---------------------------------------------------------------------|------------------------------|
| Audit Logs ||| |
| Authentication of system identities | ✓ Robot Accounts | ✓ Robot Accounts | |
| Authentication of users | ✓ Local database, LDAP, OIDC, UAA | ✓ Local database, LDAP, Keystone, JWT | ✓ Local database |
| Authorization ||| |
| Automation | ✓ Webhooks | ✓ Webhooks, building images | |
| Vulnerability scanning | ✓ Trivy, Clair | ✓ Clair | |
| Content Trust and Validation | ✓ Notary, Cosign | ✓ Cosign | |
| Multi-tenancy |(not on the storage level) |(not on the storage level) |(not on the storage level) |
| Backup and restore ||| |
| Monitoring | ✓ Prometheus metrics | ✓ Prometheus metrics | ✓ Prometheus metrics |
| HA mode ||| |
| Registry replication ||| |
| Proxy cache || ✓ Feature is in the technology preview stage (non production ready) | |
| Quota management | ✓ Based on storage consumption or image count | ✓ Based on storage consumption | |
| Garbage collection ||| |
| Retention policy | ✓ Multiple tag retention rules | ✓ Only tag expiration rules | |
| Additional supported artifacts | ✓ non-OCI Helm charts (ChartMuseum) | ✗ (only OCI artifacts) | ✓ Maven, YUM |
| Integration possibilities | ✓ Dragonfly (P2P), Kraken (P2P) || ✓ Harbor, Nydus, eStargz |

## Conclusion

Expand Down

0 comments on commit aa70de1

Please sign in to comment.