podman icon indicating copy to clipboard operation
podman copied to clipboard

Published 20 hours ago verified publisher icon containers

Allow setting a default registry mirror

Open wrouesnel opened this issue 1 year ago • 5 comments

Feature request description

I'd like to be able to set a default registry mirror to be used when I have a pull-through registry mirror somewhere on my network. So all requests would by default attempt the default mirror first.

Suggest potential solution

I'd like to set a parameter like default-mirror = hostname.of.my.mirror in registry.conf and have this act as though I've done a configuration like that for every possible registry.

The behavior should otherwise be the same - try the mirror first, then try the real registry.

Have you considered any alternatives?

Currently it seems like it is necessary to do this manually. I did attempt to use prefix = "*" but it doesn't provide the functionality.

Additional context

The use case is when using an application like https://github.com/mcronce/oci-registry which provides pull-through registry support on a local network.

If this feature is currently possible then the existing documentation isn't making it clear how it can be achieved.

wrouesnel avatar Aug 21 '24 08:08 wrouesnel

@vrothberg @mtrmac PTAL

rhatdan avatar Aug 21 '24 10:08 rhatdan

A plausible c/image RFE. Probably an extension of the matching mechanism, not an entirely new top-level option, so that we can continue to use all existing mirror-related options without duplication.

mtrmac avatar Aug 21 '24 17:08 mtrmac

As far as I can tell, this might just need support of a pure wildcard prefix = "*" setting.

If my read of the documentation is accurate (i.e. an implementation change was consistent), then it would lead to a configuration like:

[[registry]]
prefix = "*"
[[registry.mirror]]
location = "registry-mirror.localnetwork"

then a pull of blah.example.com/foo/myimage:latest would lead to an underlying mirror request of registry-mirror.localnetwork/blah.example.com/foo/myimage:latest (which is the format oci-registry needs as well as being the common way I've seen orgs configure upstream mirrors).

wrouesnel avatar Aug 21 '24 23:08 wrouesnel

For wildcard matches we currently match the whole host name, i.e. no part of the host name is ever appended to location.

That doesn’t necessarily prevent us from doing something else for a new to-be-defined syntax, I suppose.

mtrmac avatar Aug 21 '24 23:08 mtrmac

A friendly reminder that this issue had no activity for 30 days.

github-actions[bot] avatar Sep 21 '24 00:09 github-actions[bot]