Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-7750

Support for upstream proxy registries for disconnected environments

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • openshift-4.17.z
    • Windows Containers
    • None
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      1. Proposed title of this feature request

      Support for upstream proxy registries for disconnected environments

      2. What is the nature and description of the request?

      Starting from OCP 4.16, we support pulling images from disconnected registries using  ImageDigestMirrorSet or  ImageTagMirrorSet. As a part of this feature, we support optional_namespaces in the registry say for example 

      mirror.registry.com/<optional_namespaces>/oss/kubernetes/pause:3.9

      Most of the modern containers registries can be configured as proxy cache for upstream registries. This allows a OCP admin not to pre-sync the images in an optional_namespace in the registry. When a new request comes for an image mcr.microsoft.com/oss/kubernetes/pause:3.9,  the  pull request can be re-written as mirror.registry.com/mcr.microsoft.com/oss/kubernetes/pause:3.9 and the image is pulled through the container registry as it acts as a proxy

      With latest WMCO updates(OCPBUGS-47696), optional_namespace issues were addressed but it does not support the usecase of upstream cache proxies

      When they try to configure "docker.packages.redhat.com/mcr.microsoft.com/oss/kubernetes/pause" as the source for mcr.microsoft.com/oss/kubernetes/pause:3.9, generated hosts.toml is shown as below. Here the optional_namespace is "mcr.microsoft.com". Due to the way how we are slicing the url, we will end up having host.toml as shown below resulting in pull failures

      server = "https://docker.packages.redhat.com/v2"
      override_path = true
      [host."https://docker.packages.redhat.com/v2"]
        capabilities = ["pull"]
        override_path = true

      3. Why does the customer need this? (List the business requirements here)

      To make use of advanced proxy feature in their Container registry(example artifactory or Quay)

      4. List any affected packages or component

      WMCO

              rhn-support-dhardie Duncan Hardie
              rhn-support-rrajaram Ranjith Rajaram
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                None
                None