Support docker private registry API #14
Comments
ktock
changed the title
|
This is hard to do in a broadly compatible way. OCI is dropping catalog for various reasons. We've discussed replacing it here and here. Might be worth continuing the conversation over there. Using the catalog API seems reasonable for certain registries, but it won't work everywhere 😞 |
bradfitz
added
enhancement
|
I would like help implementing support for other registries. The current support for gcr.io is just because that's what I needed myself and I wanted to do something quickly for a proof of concept. But the filesystem hierarchy was definitely designed to support others in the future. I was just short on time fleshing them all out. |
|
Brad, I would like to help with this project. I have extensive file system development experience starting with AT&T Unix V7. I am a Google GDE Cloud Platform and I know the Google services as a developer very well. I would like to help with supporting IBM's Container Registry (ICR), which I do not know as well as GCR. Seth Vargo (Google) @sethvargo can provide a reference about me. |
|
@jhanley-com, great, thanks! |
|
I will start studying your code and the IBM GCR specs this weekend. What is the best way to work with you? My Twitter is https://twitter.com/NeoPrimeAws I prefer to use email instead of public forums. |
|
Using this bug for discussion and GitHub PRs for code review is the norm. It may not be the best, but it keeps things consistent and everybody else informed about the status and reduces duplication. |
Currently crfs supports GCR and uses GCR-specific API, so we can't use it with docker private registry(especially with local and unsecure(http) one).
Isn't it great to support private registry to make it easy to try crfs?
And also, isn't it good start point to support other OCI(docker) compliant registries, as we can focus on API-related issues and separate the auth-related issues aside?
like:
And I have an idea of patch implementation on my branch, so if possible I'm willing to contribute.
Notice on image path format:
Currently crfs supports only
<owner>/<image>-styled image path format, and this patch also intend to follow the restriction. Supporting any format of image path may be future work.Overview of the ideas is following:
Use OCI-compliant API
Currently, crfs uses GCR specific API for following purposes:
Use OCI(docker)-compliant API instead of GCR specific one for private registry, say:
GETon/v2/_catalog(Filter the response to allow only<owner>/<image>-styled image path format, and then parse it.)GETon/v2/_catalog(Filter the response to allow only<owner>/<image>-styled image path format, and then parse it.)GETon/v2/<owner>/<image>/tags/listfor getting the list of tag names, andHEADon/v2/<owner>/<image>/manifests/<tag name>withAccept: application/vnd.docker.distribution.manifest.v2+jsonheader for getting digests of a V2 manifest(written inDocker-Content-Digestresponse header).Use appropriate schema based on the host name
As used in the current code base of crfs, it is better to select appropriate API schema based on
github.com/google/go-containerregistry/pkg/name.Say, when we request API of localhost's docker private registry, it is good to use http (not https).
The text was updated successfully, but these errors were encountered: