-
Story
-
Resolution: Done
-
Major
-
None
Acceptance criteria
- As a Quay user I want to be able to define an organization in Quay that acts a cache for a specific upstream registry
- As a Quay user I want to be able to supply credentials to the upstream registry when defining a cache organization so that I can circumvent / extend possible pull-rate limits or access private repositories
- As a Quay admin I want to be able to leverage the storage quota of an organization to limit the cache size so that backend storage consumption remains predictable by discarding images from the cache according to least recently used or pull frequency
- As a user I want to be able to configure a staleness period in order to control when the cache checks for upstream image changes so that I can lower the amount of upstream registry dependency (e.g. in case of pull limits being reached or temporary connectivity issues)
- As a administrator I want to be able to select from caching an entire upstream registry (e.g. cache all of docker.io, i.e. docker.io/library/postgres:latest -> quay.corp/cache/library/postgres:latest) or just a selected namespaces (e.g. just cache docker.io/library, i.e. docker.io/library/postgres:latest -> quay.corp/docker-cache/postgres:latest) so that I can constrain access to potentially untrusted upstream registries
Open questions
- Seems like regular users should be able to create and configure a pull-through proxy org, but only admins should be able to configure storage quota in order to limit the cache size. In this case it makes more sense to limit the cache size by default. An admin could then increase the size or even completely remove a limit. A default cache size could be a global configuration, set via the config yaml.
- blocks
-
PROJQUAY-3030 As a Quay user I want to be able to proxy images through Quay orgs
- Closed