Open phillebaba opened 1 year ago
bittrance
commented
4 months ago Maybe I don't know enough about OCI, but isn't it supposed to be cryptographically hard to mutate the manifests and layers of an image? Wouldn't containerd refuse a manifest that spegel annotated in-transit?
phillebaba
commented
4 months ago After some discussion with @bittrance we came up with the idea to just implement event tracking in memory for now. This feature would be opt in for debugging purposes. The goal will be to create some sort of Web UI running on each node which would visualize the images that have been pulled through Spegel and the origins of all the layers for the images. This will run on its own port and will require users to port-forward to it. It is not meant to be a day to day visualization tool rather a debugging tool to allow end users to better understand what is going on without having to grok the logs.
Knowing if Spegel is working or not may be a bit difficult as images fall back to the original registry. For debugging purposes it may be nice to after an image is pulled inspect if it was fetched through Spegel or not. One option could be to annotate or label the image to indicate when it is fetched with Spegel.