Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1608

Make mirror-by-digest-only option configurable through ImageContentSourcePolicy

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Critical
    • openshift-4.13
    • None
    • Node
    • False
    • False
    • 0
    • 0% 0%
    • Undefined

    Description

      Description of problem:

      When working with disconnected environments, sometimes you need to define multiple ImageContentSourcePolicies, some of them are used by apps/manifests that don't use digests when pulling the images.

      Currently, all configurations are added with the mirror-by-digest-only property set to true. It will be nice if this property could be configured using the ImageContentSourcePolicy.

      The ability to use mirror registries is also required when customers are looking to utilize their own registries as a transparent pull-through cache, see PROJQUAY-465. This is done for performance reasons as well as in the light of recent policy changes in DockerHub which introduced pull-request rate limiting for public community content. This is an extremely popular use case for developer driven workflows that often rely on upstream content.

      Version-Release number of selected component (if applicable):

      4.6.X but I believe it affects any 4.X release which supports ICSPs.

      How reproducible:

      Always.

      Steps to Reproduce:
      1. Create an ICSP
      2. In the OCP nodes check the file /etc/containers/registries.conf
      3. Registries will be configured with "mirror-by-digest-only = true"

      Actual results:

      Workloads using image tags rather than image digests will not pull the images from the mirror.

      Expected results:

      Workloads using image tags whose their mirror has been configured with "mirror-by-digest-only = false" should be able to pull the image from that mirror.

      Additional info:

      https://github.com/openshift/api/issues/636

       

       

      Bug id : https://bugzilla.redhat.com/show_bug.cgi?id=1921049 
       

      Attachments

        Issue Links

          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. PROJQUAY-465 Quay as a cache proxy / pull-through cache for other registries

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. OCPNODE-521 Allow mirroring images by tags

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Spike - Represents a research-related task. OCPNODE-717 Upgrade from ICSP to new CRD (issue to track for all components)

          • Undefined - Priority not specified.
          • Closed
          links to

          Web Link 4.13 release note

          Web Link Bug 1957337 - Test mirror-by-digest=false configuration in /etc/containers/registries.conf.d

          Web Link KCS: Supportability for ImageContentSourcePolicy resource to use tags in Openshift 4

          GitHub openshift/enhancements#690: Add mirror-by-digest-only to ImageContentSourcePolicy

          Activity

            People

              gausingh@redhat.com Gaurav Singh
              gausingh@redhat.com Gaurav Singh
              Votes:
              9 Vote for this issue
              Watchers:
              63 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: