docker-registry-proxy
docker-registry-proxy copied to clipboard
Published
20 hours ago •
rpardini
rpardini
Failure to follow changed netloc while maintaining redir's path during interleaved recursive redirections
Relevant docker-registry-proxy log:
{"access_time":"07/Nov/2022:15:39:51 +0000","upstream_cache_status":"MISS","method":"GET","uri":"/v2/kube-state-metrics/kube-state-metrics/blobs/sha256:ec6e2d871c544073e0d0a2448b23f98a1aa47b7c60ae9d79ac5d94d92ea45949","request_type":"blob-by-digest","status":"302","bytes_sent":"836","upstream_response_time":"0.100 : 3.340","host":"registry.k8s.io","proxy_host":"europe-north1-docker.pkg.dev","upstream":"34.107.244.51:443 : 74.125.200.82:443"}
{"access_time":"07/Nov/2022:15:39:52 +0000","upstream_cache_status":"","method":"GET","uri":"/artifacts-downloads/namespaces/k8s-artifacts-prod/repositories/images/downloads/<token>","request_type":"unknown","status":"404","bytes_sent":"19","upstream_response_time":"0.100","host":"registry.k8s.io","proxy_host":"registry.k8s.io","upstream":"34.107.244.51:443"}
However, it seems that proxy_host (?) isn't properly updated, in this case to europe-north1-docker.pkg.dev, upon netloc redirection, based on provided output of curl -vsL https://registry.k8s.io/v2/kube-state-metrics/kube-state-metrics/blobs/sha256:ec6e2d871c544073e0d0a2448b23f98a1aa47b7c60ae9d79ac5d94d92ea45949 >/dev/null, causing the 404 seen above, as it's following only the path set out by the 302, but not the new netloc/hostname.
This behavior can be deterministically replicated using registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.6.0.
