feat: infer upstream registry from containerd ns= query parameter#1792
Merged
gaius-qi merged 2 commits intodragonflyoss:mainfrom Apr 15, 2026
Merged
feat: infer upstream registry from containerd ns= query parameter#1792gaius-qi merged 2 commits intodragonflyoss:mainfrom
gaius-qi merged 2 commits intodragonflyoss:mainfrom
Conversation
bumarcell
requested review from
BraveY,
CormickKneey,
EvanCley,
gaius-qi,
xujihui1985 and
yyzai384
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1792 +/- ##
==========================================
+ Coverage 43.11% 43.21% +0.10%
==========================================
Files 91 92 +1
Lines 26839 26868 +29
==========================================
+ Hits 11571 11612 +41
+ Misses 15268 15256 -12
🚀 New features to boost your workflow:
|
When containerd uses registry mirrors, it appends a `?ns=<registry>` query parameter to indicate the original upstream registry (e.g., `GET /v2/library/nginx/manifests/latest?ns=docker.io`). This change adds support for extracting the `ns` query parameter as a fallback when the `X-Dragonfly-Registry` header is not present. The fallback order is now: 1. X-Dragonfly-Registry header (explicit override) 2. ns query parameter (set by containerd) 3. Static config (proxy.registry_mirror.addr) This is fully backward compatible — existing header-based and config-based flows are unaffected. Fixes dragonflyoss#1791 Signed-off-by: Jamal Allogie <jamal.allogie@gmail.com>
bumarcell
force-pushed
the
feat/ns-query-param-registry
branch
from
38735b4 to
4f44e35
Compare
Contributor
Author
|
Could a maintainer please add the |
Signed-off-by: Gaius <gaius.qi@gmail.com>
This was referenced Apr 20, 2026
bumarcell
added a commit
to bumarcell/client
that referenced
this pull request
Apr 20, 2026
Add a new dfinit containerd configuration option, proxyAllRegistries (default: true), that writes a catch-all `_default/hosts.toml` under the containerd config_path so registries not explicitly listed in `registries:` are still proxied through dfdaemon. The `_default` fallback omits both the top-level `server` field and the `X-Dragonfly-Registry` header; dfdaemon infers the upstream registry from the `ns=` query parameter that containerd appends when resolving via `_default` (support added in dragonflyoss#1792). Explicitly configured registries keep their own `hosts.toml` and take precedence over the catch-all. Closes dragonflyoss#1791. Signed-off-by: Jamal Allogie <jamal.allogie@gmail.com>
bumarcell
added a commit
to bumarcell/client
that referenced
this pull request
Apr 21, 2026
Add a new dfinit containerd configuration option, proxyAllRegistries (default: true), that writes a catch-all `_default/hosts.toml` under the containerd config_path so registries not explicitly listed in `registries:` are still proxied through dfdaemon. The `_default` fallback omits both the top-level `server` field and the `X-Dragonfly-Registry` header; dfdaemon infers the upstream registry from the `ns=` query parameter that containerd appends when resolving via `_default` (support added in dragonflyoss#1792). Explicitly configured registries keep their own `hosts.toml` and take precedence over the catch-all. Closes dragonflyoss#1791. Signed-off-by: Jamal Allogie <jamal.allogie@gmail.com>
bumarcell
added a commit
to bumarcell/client
that referenced
this pull request
Apr 21, 2026
Add a new dfinit containerd configuration option, proxyAllRegistries (default: true), that writes a catch-all `_default/hosts.toml` under the containerd config_path so registries not explicitly listed in `registries:` are still proxied through dfdaemon. The `_default` fallback omits both the top-level `server` field and the `X-Dragonfly-Registry` header; dfdaemon infers the upstream registry from the `ns=` query parameter that containerd appends when resolving via `_default` (support added in dragonflyoss#1792). Explicitly configured registries keep their own `hosts.toml` and take precedence over the catch-all. Closes dragonflyoss#1791. Signed-off-by: Jamal Allogie <jamal.allogie@gmail.com>
gaius-qi
added a commit
that referenced
this pull request
Apr 22, 2026
) * feat: add proxy_all_registries option to dfinit containerd module Add a new dfinit containerd configuration option, proxyAllRegistries (default: true), that writes a catch-all `_default/hosts.toml` under the containerd config_path so registries not explicitly listed in `registries:` are still proxied through dfdaemon. The `_default` fallback omits both the top-level `server` field and the `X-Dragonfly-Registry` header; dfdaemon infers the upstream registry from the `ns=` query parameter that containerd appends when resolving via `_default` (support added in #1792). Explicitly configured registries keep their own `hosts.toml` and take precedence over the catch-all. Closes #1791. Signed-off-by: Jamal Allogie <jamal.allogie@gmail.com> * fix(containerd): rename add_default_mirror to add_default_registry Signed-off-by: Gaius <gaius.qi@gmail.com> * chore: bump workspace version to 1.3.6 Signed-off-by: Gaius <gaius.qi@gmail.com> --------- Signed-off-by: Jamal Allogie <jamal.allogie@gmail.com> Signed-off-by: Gaius <gaius.qi@gmail.com> Co-authored-by: Gaius <gaius.qi@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When containerd uses registry mirrors, it appends a
?ns=<registry>query parameter to indicate the original upstream registry (e.g.,GET /v2/library/nginx/manifests/latest?ns=docker.io). Currently, the dfdaemon proxy only checks theX-Dragonfly-Registryheader and falls back to the staticproxy.registry_mirror.addrconfig.This PR adds support for extracting the
nsquery parameter as a second fallback, making the registry mirror work correctly with containerd's mirror protocol without requiring theX-Dragonfly-Registryheader to be set.Changes
get_ns_from_query()helper function that extracts thensquery parameter from the request URI and prependshttps://if no scheme is presentmake_registry_mirror_request()to use a three-level fallback:X-Dragonfly-Registryheader (explicit override)nsquery parameter (set by containerd when using registry mirrors)proxy.registry_mirror.addr)header::get_registry()get_ns_from_query()functionBackward Compatibility
This change is fully backward compatible. Existing header-based and config-based flows are unaffected — the
nsparameter is only checked when no header is present.#1791
Signed-off-by: Jamal Allogie jamal.allogie@gmail.com