OCI registry support
Kubewarden policies are distributed as OCI Artifacts using regular Open Container Initiative (OCI) registries.
Policies are stored alongside container images. They don't require extra setup or maintenance other than that needed for regular container images.
note
You can add a registry that works with Kubewarden or correct any registry inaccuracies with a pull request against this document to fix it.
Projects implementing OCI registries​
- Harbor.
- Distribution (>= 2.7.0).
- Quay: Supported, but disabled by default in v3.6.
Hosted OCI registries​
- GitHub Container Registry. See here.
- Quay.io. See projects list above.
- Amazon ECR: See here.
- Google Artifact Registry. See here.
- Azure Container Registry. See here.
- Bundle Bar. See here.
- Docker Hub. See here.
- IBM Cloud Container Registry. See here.
- JFrog Artifactory. See here.
Tools that work with OCI registries​
We recommend:
Known issues​
Docker Hub​
Currently, Docker Hub doesn't support OCI artifacts so can't be used to store Kubewarden policies. Docker Inc. has announced that Docker Hub will support OCI artifacts in the future.
JFrog​
Although JFrog supports OCI artifacts, it's only partially possible to push to it, when following their specification. Read more here.