-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an ability to use non-https registries #152
Conversation
bc1119b
to
74b98a4
Compare
@giantswarm/team-turtles what about setting this as a hardcoded string? Meaning adding "http://127.0.0.1" directly underneath the range? That would at least prevent adding more non-https value endpoints. So we basically don't add additional endpoints via https and http. Thoughts? |
Makes sense to me, I can't think of other use cases for using http registries. |
We won't be able to hardcode the port though, would you be ok with something like that: #values
localMirror:
enable: true
port: 33445
|
But with that values structure, I'm a bit uncertain where to put that |
74b98a4
to
489e9a5
Compare
In order to make the "per WC" cache work, we need to use http://127.0.0.1 in a containerd config, because the caching registry is exposed as a node port. It would also be possible to use tls, but then we need to have a cert that is trusted by containerd, and it doesn's sount that easy Issue: https://github.com/giantswarm/giantswarm/issues/30596
489e9a5
to
0ddfbd5
Compare
In order to prevent users from using http registries, I've added a new values entry, that can configure http mirror only for local cache. Issue: https://github.com/giantswarm/giantswarm/issues/30596
df655be
to
4c9457d
Compare
@giantswarm/team-turtles Is it better now? |
@weseven or @njuettner |
LGTM, only nitpicks would be naming of values:
Not sure if .internal it's the right place: I think so, but better wait for @njuettner confirmation on that before merging. |
Agree it makes sense to name them as Daniel suggested to make it more explicit 🙂 Other than that LGTM, feel free merge it once you changed the names |
There were differences in the rendered Helm template, please check! Output
|
This reverts commit d97abd8.
In order to make the "per WC" cache work, we need to use http://127.0.0.1 in a containerd config, because the caching registry is exposed as a node port.
It would also be possible to use tls, but then we need to have a cert that is trusted by containerd, and it doesn's sount that easy
Issue: https://github.com/giantswarm/giantswarm/issues/30596
What does this PR do?
This PR is supposed to let use http registries mirrors, when it's explicitly provided via endpoints
Currently, when I try to set
http://127.0.0.1:5000
as a mirror, I'm getting a config that containshttps://http://127.0.0.1
.What is the effect of this change to users?
It should not affect users.
Any background context you can provide?
It would make
per WC
cache deployment a way easierWhat is needed from the reviewers?
Check, if this change doesn't affect users unless they explicitly want to be affected
Do the docs need to be updated?
I don't think so
Should this change be mentioned in the release notes?
I don't think so