stargz-snapshotter icon indicating copy to clipboard operation
stargz-snapshotter copied to clipboard
verified publisher icon containerd

Registry-related configuration for Stargz Store

Open jonathanbeber opened this issue 2 years ago • 6 comments

Currently there are docs related to how to access private registries for the snapshotter with containerd, but I couldn't find any reference on how to achieve the same with the Stargz Store, especially for CRI-O. This issue aims to discuss whether it's possible and whether the project could document that in more details.

jonathanbeber avatar Jan 15 '24 14:01 jonathanbeber

Hello, there,

I want to use the snapshotter with the sysbox runtime and currently it doesn't support containerd. Is it possible? Can we document that too?

I'd gladly test any directions you can point me and open a PR for documenting that and if possible add tests.

Thanks in advance!

jonathanbeber avatar Jan 15 '24 14:01 jonathanbeber

Currently there are docs related to how to access private registries for the snapshotter with containerd, but I couldn't find any reference on how to achieve the same with the Stargz Store, especially for CRI-O. This issue aims to discuss whether it's possible and whether the project could document that in more details.

stargz-store accepts same configuration as stargz-snapshotter(containerd-stargz-grpc) but the default config path of stargz-store is /etc/stargz-store/config.toml. SGTM about improving the documentation for stargz-store (contribution is welcome, of course).

I want to use the snapshotter with the sysbox runtime and currently it doesn't support containerd. Is it possible? Can we document that too? I'd gladly test any directions you can point me and open a PR for documenting that and if possible add tests.

Thanks for testing with sysbox. I haven't tried it but I believe stargz-snapshotter or stargz-store can be used for that project as long as that uses Docker (w/ containerd-snapshotter feathre) or containerd or cri-o/podman, etc. PRs for documentation/tests are welcome.

ktock avatar Jan 15 '24 14:01 ktock

I'm sorry the late reply on this one, things shifted a bit and I'm returning to it at this moment.

I would like some directions. Unfortunately, it seems like atm stargz-store supports exclusively keychain based on kubeconfig. That won't work with EKS or other setups where we depend on credential providers.

I'm guessing our best option is to import @ktock's great work in #323 to stargz-store, what do you think?

jonathanbeber avatar Jun 24 '24 19:06 jonathanbeber

CRI-O will support registry authentication for stargz store since https://github.com/containers/image/pull/2417. That patch was already merged to c/image and I'm waiting for that being downstreamed to CRI-O. If you can wait for the release of CRI-O that contain that patch, #323 is not needed.

ktock avatar Jun 25 '24 00:06 ktock

That's great, thanks, @ktock. Waiting for a new CRI-O release seems the best option indeed.

jonathanbeber avatar Jun 25 '24 13:06 jonathanbeber

hey @ktock what's the status on this? It looks it's been down streamed to CRI-O

rteqs avatar Jul 18 '24 17:07 rteqs