Skip to content

feat: support custom exec-based credential helper in proxy mode #4438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 5, 2024
Merged

feat: support custom exec-based credential helper in proxy mode #4438

merged 1 commit into from
Nov 5, 2024

Conversation

chhsia0
Copy link
Contributor

@chhsia0 chhsia0 commented Aug 17, 2024

This change allows users to run the registry as a pull-through cache that can use a credential helper to authenticate against the upstream registry.

Example config:

proxy:
  remoteurl: https://gcr.io/
  exec:
    command: docker-credential-gcloud
    lifetime: 1h
  ttl: 168h

Example partial container specs to deploy the registry proxy in GKE with workload identity:

initContainers:
- name: prepare-bin
  image: distribution/distribution
  command: ["cp", "/bin/registry", "/data/bin/"]
  volumeMounts:
  - name: data
    mountPath: /data/bin
    subPath: bin
containers:
- name: registry
  image: google/cloud-sdk:slim
  command: ["registry", "serve", "/etc/distribution/config.yml"]
  volumeMounts:
  - name: config
    mountPath: /etc/distribution/config.yml
    subPath: config.yml
  - name: data
    mountPath: /bin/registry
    subPath: bin/registry

@chhsia0
feat: support custom exec-based credential helper in proxy mode
eed9400 
This change allows users to run the registry as a pull-through cache
that can use a credential helper to authenticate against the upstream
registry.

Signed-off-by: Chun-Hung Hsiao <chhsiao@google.com>
@github-actions github-actions bot added area/config Related to registry config area/proxy Related to registry as a pull-through cache dependencies Pull requests that update a dependency file area/docs labels Aug 17, 2024
@chhsia0
Copy link
Contributor Author

chhsia0 commented Aug 19, 2024

Not sure how to request a review in this repository. @milosgajdos would you mind helping me find appropriate reviewers for this PR, or point me to the proper procedure to request reviews? Thanks!

milosgajdos
milosgajdos approved these changes Aug 19, 2024
View reviewed changes
Copy link
Member

@milosgajdos milosgajdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like a reasonable addition. @thaJeztah mind batting an eye on this?

@milosgajdos milosgajdos requested a review from Jamstah August 29, 2024 16:30
@milosgajdos
Copy link
Member

Ping @thaJeztah

Jamstah
Jamstah approved these changes Nov 5, 2024
View reviewed changes
Copy link
Collaborator

@Jamstah Jamstah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, seems like a sensible addition.

@milosgajdos milosgajdos merged commit f7236ab into distribution:main Nov 5, 2024
16 checks passed
@milosgajdos milosgajdos mentioned this pull request Nov 6, 2024
Open
@dimitar-kostadinov dimitar-kostadinov mentioned this pull request Nov 15, 2024
Open
@milosgajdos milosgajdos mentioned this pull request Nov 18, 2024
Closed
@milosgajdos milosgajdos mentioned this pull request Dec 17, 2024
Open
@ialidzhikov ialidzhikov mentioned this pull request Jan 16, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jamstah Jamstah Jamstah approved these changes

@milosgajdos milosgajdos milosgajdos approved these changes

@thaJeztah thaJeztah Awaiting requested review from thaJeztah

@corhere corhere Awaiting requested review from corhere

Assignees
No one assigned
Labels
area/config Related to registry config area/docs area/proxy Related to registry as a pull-through cache dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chhsia0 @milosgajdos @Jamstah