Describe the problem you're trying to solve
Using init containers to prime the inference engine with the model artifacts is a commonly used pattern for running models on a Kubernetes cluster. However, there is currently no trusted, maintained, and secure init container image available that can be easily used by ModelKit users.
Describe the solution you'd like
Create an init container with provenance and signing capabilities. The container should be configurable to unpack specific parts of the ModelKit to designated locations. The container should do signature verification when signatures are available. We should provide a container for each version of the Kit CLI, starting with the current one. Additionally, comprehensive documentation should be available, including examples of how to use the init container effectively.
Describe alternatives you've considered
Manually creating and maintaining custom init containers for each use case.
Using existing third-party init containers that may not meet our security and provenance requirements.
Additional context
For security, we should enable measures such as, a trusted base image, regular updates, vulnerability scanning.
There should be a container with the same tag as the kit CLI version that would make it convenient to select a container with latest pointing to latest kit CLI version.
Describe the problem you're trying to solve Using init containers to prime the inference engine with the model artifacts is a commonly used pattern for running models on a Kubernetes cluster. However, there is currently no trusted, maintained, and secure init container image available that can be easily used by ModelKit users.
Describe the solution you'd like Create an init container with provenance and signing capabilities. The container should be configurable to unpack specific parts of the ModelKit to designated locations. The container should do signature verification when signatures are available. We should provide a container for each version of the Kit CLI, starting with the current one. Additionally, comprehensive documentation should be available, including examples of how to use the init container effectively.
Describe alternatives you've considered
Additional context