In order to ensure the confidentiality and integrity of container images, we need to download all container images from the registry within trusted domains when creating pods. Current solutions have many disadvantages. The pod/container startup time is extremely slow, the pressure on the network and container registry is high, and additional CPU, memory, and disk IO are consumed.

The Nydus Image Service project aims to reduce container startup time and resource consumption through techniques such as lazy loading and data deduplication, which may help to solve the problems of container image management for confidential containers.