Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document using Spegel with pull through registries #277

Open
phillebaba opened this issue Nov 29, 2023 · 9 comments
Open

Document using Spegel with pull through registries #277

phillebaba opened this issue Nov 29, 2023 · 9 comments
Labels
documentation Improvements or additions to documentation

Comments

@phillebaba
Copy link
Member

After carefully reviewing the following containerd-related errors, I deleted the configurations related to "mirror" in /etc/rancher/k3s/registries.yaml and /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl. Now, spegel is working properly.

time="2023-11-20T23:28:55.907708354+08:00" level=warning msg="failed to load plugin io.containerd.grpc.v1.cri" error="invalid plugin config: `mirrors` cannot be set when `config_path` is provided"

That's a bit unfortunate since the docs state:

Spegel does not aim to replace projects like Harbor or Zot but instead complements them.

I was hoping to use spegel in my cluster and zot as a pull thru cache deployed elsewhere. For what it's worth this is my current containerd mirrors:

mirrors:
  docker.io:
    endpoint:
      - https://zot.domain.tld/v2/docker.io
  ghcr.io:
    endpoint:
      - https://zot.domain.tld/v2/ghcr.io
  quay.io:
    endpoint:
      - https://zot.domain.tld/v2/quay.io
  gcr.io:
    endpoint:
      - https://zot.domain.tld/v2/gcr.io
  registry.k8s.io:
    endpoint:
      - https://zot.domain.tld/v2/registry.k8s.io
  public.ecr.aws:
    endpoint:
      - https://zot.domain.tld/v2/public.ecr.aws

I don't see a way to have spegel take over this responsibility it seems like you either have spegel or a pull thru cache, maybe this can be a feature request?

Originally posted by @onedr0p in #212 (comment)
@phillebaba
Copy link
Member Author

@onedr0p I created a new issue for this as it is not realted to k3s, and can be fixed with more documentation.

@onedr0p
Copy link
Contributor

onedr0p commented Nov 29, 2023

Thanks @phillebaba, in the meantime do you have any tips on how to get that working? I don't mind contributing to the docs if I can get it working on my end.

@phillebaba
Copy link
Member Author

Could you check the docs added to #280 and see if this is enough?

@phillebaba phillebaba mentioned this issue Nov 29, 2023
Merged
@onedr0p
Copy link
Contributor

onedr0p commented Nov 29, 2023
edited
Loading

@phillebaba I thought about doing it that way to begin with but how does spegel know how to fetch the container from my zot paths as defined in my containerd config above which tells containerd to use (e.g.) https://zot.domain.tld/v2/docker.io if the mirror is for docker.io

The config I have for zot looks like this which was crafted by using their docs on setting up a mirroring.

@onedr0p
Copy link
Contributor

onedr0p commented Nov 29, 2023
edited
Loading

To explain a bit further, I am using a zot as a transparent proxy with that containerd config, so to expand a bit I am unsure about the following being set in the additionalMirrorRegistries

spegel:
  additionalMirrorRegistries:
    # not sure if this works since zot is configured via paths to handle the individual registries
    - https://zot.example.com
    # how would spegel know to pull on dockerhub images from here?
    - https://zot.example.com/v2/docker.io
    # how would spegel know to pull on ghcr images from here?
    - https://zot.example.com/v2/ghcr.io

@phillebaba
Copy link
Member Author

phillebaba commented Nov 30, 2023
edited
Loading

Zot seems to manage pull through caches in a similar way to Harbor. I have never been a fan of this solution as it changes the original registry endpoint. The mirror configuration component of Spegel is not a critical component of this project and is more of a helper to simplify setup of Spegel. You could in theory disable this and create your own mirror configuration.

This is probably a challenge for most people using a pull through cache no matte the flavor, so it needs to be fixed. I will have to think about the best configuration option here as I do not want to redo it in another 6 months.

My idea is to add a boolean called rewritePath or something similar which would setup a mirror configuration the way Zot wants it for these additional registries.

@ChristianCiach
Copy link

@phillebaba I don't know if this is related, but I just want to point out how K3s' fork of Containerd handles these cases. They especially added support for regristry rewrites that we are using for exactly this use case, so that we can use our Harbor instance as a pull-through cache for docker hub. See the documentation here: https://docs.k3s.io/installation/private-registry#rewrites

Unfortunately they never managed to get this merged upstream at Containerd.

@onedr0p
Copy link
Contributor

onedr0p commented Dec 3, 2023
edited
Loading

@ChristianCiach it looks like spegel might be baked into k3s as a optional feature which probably covers that use-case (for k3s anyways).

See: k3s-io/k3s#8977

@phillebaba phillebaba added the documentation Improvements or additions to documentation label Jan 4, 2024
@1337andre
Copy link

Hey folks, any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@onedr0p @phillebaba @ChristianCiach @1337andre