-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
openshift-4.17.z
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
1. Proposed title of this feature request
Support for upstream proxy registries for disconnected environments
2. What is the nature and description of the request?
Starting from OCP 4.16, we support pulling images from disconnected registries using ImageDigestMirrorSet or ImageTagMirrorSet. As a part of this feature, we support optional_namespaces in the registry say for example
mirror.registry.com/<optional_namespaces>/oss/kubernetes/pause:3.9
Most of the modern containers registries can be configured as proxy cache for upstream registries. This allows a OCP admin not to pre-sync the images in an optional_namespace in the registry. When a new request comes for an image mcr.microsoft.com/oss/kubernetes/pause:3.9, the pull request can be re-written as mirror.registry.com/mcr.microsoft.com/oss/kubernetes/pause:3.9 and the image is pulled through the container registry as it acts as a proxy
With latest WMCO updates(OCPBUGS-47696), optional_namespace issues were addressed but it does not support the usecase of upstream cache proxies
When they try to configure "docker.packages.redhat.com/mcr.microsoft.com/oss/kubernetes/pause" as the source for mcr.microsoft.com/oss/kubernetes/pause:3.9, generated hosts.toml is shown as below. Here the optional_namespace is "mcr.microsoft.com". Due to the way how we are slicing the url, we will end up having host.toml as shown below resulting in pull failures
server = "https://docker.packages.redhat.com/v2"
override_path = true
[host."https://docker.packages.redhat.com/v2"]
capabilities = ["pull"]
override_path = true
3. Why does the customer need this? (List the business requirements here)
To make use of advanced proxy feature in their Container registry(example artifactory or Quay)
4. List any affected packages or component
WMCO