[Additional Layer Store] Add authentication helper by ktock · Pull Request #1674 · containerd/stargz-snapshotter (original) (raw)

Needs containers/image#2417

This commit adds a helper binary required by c/image for registry authentication of Additional Layer Store. This helper binary is registered to c/image using registries.conf with the following field (stargz-store-helper can be any command name of the helper binary). It receives registry creds via stdin and Additional Layer Store can use that creds for registry authentication.

additional-layer-store-auth-helper = "stargz-store-helper"

This binary is executed by c/image and recieves the registry creds from stdin and shares them to stargz-store daemon via an unix socket. c/image passes DockerAuthConfig structure keyed with the image reference.
When pulling the specified image, stargz-store uses the corresponding creds for registry authentication.

{ "image-reference": { "username": "username", "password": "password", "identitytoken": "identitytoken" } }