Brendan Burns
Brendan Burns
@qzed I just saw this. Send mail to bburns [at] microsoft [dot] com and I'll see if I can connect you with the surface hardware team... No promises, it's a...
I looked into this and I believe that this is actually a bug in the `az.cmd` command. The reason for this is that the single quotes in `--value 'foo|whoami'` are...
Here are the three use cases as I see it: 1) User doesn't care at all about name delegation, they use an existing registry for all images (e.g. `gcr.io/brendanburns/foo`, `gcr.io/brendanburns/bar`,...
@stevvooe the name of the image is still `my-company.com/bar/foo` just like if you visit `www.company.com` and it CNAME's to `storage.googleapis.com` your browser still shows `www.my-company.com` in the URL bar.
@stevvooe put another way, this all happens in the DNS subsystem, so the client code pulling the image doesn't even notice. They just see `my-company.com` resolve to `1.2.3.4` which happens...
It seems to me that TLS should be fine, as long as the thing you are delegating to holds the cert for the original registry. I think there are two...
@stevvooe I'm not dismissing TLS. The CNAME option would involve a user defining a whole subdomain (e.g. `registry.mycompany.com`) creating a new different cert just for that subdomain, and storing that...
@stevvooe In my mind, hosting keys isn't really a challenge for most cloud providers, since they already have to do it in order to terminate SSL for their load balancers....
@stevvooe CNAME is one way of decoupling naming from location. It's a way of saying: "for this location, the canonical (that's the 'C') location is this other location over there"...
Yeah, I can definitely see introducing the ability to customize the 'FROM' makes a ton of sense. Want to do the PR?