Page MenuHomeVyOS Platform
Create Task
Maniphest T7092

Add Container Registry Mirror
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Summary

Add container registry mirorr.

Use case

  1. not able to connect to docker official registry, but need to pull images
  2. local mirror for either download accelerating or as private repo.

Additional information

My local config

# cat /etc/containers/registries.conf.d/mirror.conf
[[registry]]
location = "192.168.50.40:8088"
insecure = true
prefix = "docker.io"

I'll submit PR when I find best way managing mirrors.

UPDATE:

PR: https://github.com/vyos/vyos-1x/pull/4321

Details

Version
-
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects

Event Timeline

sskaje created this task.Jan 26 2025, 8:01 PM
sskaje claimed this task.
sskaje added a comment.EditedJan 26 2025, 8:49 PM

Background infomation

  • docker.io blocked in China.
  • 192.168.50.40:8088 is a docker registry mirror set up by nexus, http only
  • mirror.conf above is disabled.

Tests

vyos@vyos# show container registry
 registry 192.168.50.40:8088 {
 }
[edit]
root@vyos:/home/vyos# add container image metacubex/mihomo:latest
Resolving "metacubex/mihomo" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull 192.168.50.40:8088/metacubex/mihomo:latest...
Error: initializing source docker://192.168.50.40:8088/metacubex/mihomo:latest: pinging container registry 192.168.50.40:8088: Get "https://192.168.50.40:8088/v2/": http: server gave HTTP response to HTTPS client

Simple working mirror config

[[registry]]
location = "192.168.50.40:8088"
insecure = true
# podman image pull metacubex/mihomo:latest
Resolving "metacubex/mihomo" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull 192.168.50.40:8088/metacubex/mihomo:latest...
Getting image source signatures
Copying blob f6bf395454d4 done   |
...

hello-world is in /etc/containers/registries.conf.d/shortnames.conf

root@vyos:/etc/containers/registries.conf.d# grep hello shortnames.conf
  "hello-world" = "docker.io/library/hello-world"


root@vyos:/etc/containers/registries.conf.d# podman image pull hello-world
Resolved "hello-world" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
Trying to pull docker.io/library/hello-world:latest...
^C

Two possible configuration tree under /container/registry:

  1. simple way, users need to set up mirrors but those in aliases cannot use mirror.

tree

/container
  /registry
    /192.168.50.40:8088
      /insecure: true/false, default to false, or valueless

generated config:

unqualified-search-registries = ['192.168.50.40:8088']

[[registry]]
location = "192.168.50.40:8088" <= registry node
insecure = true
  1. mirror setting for all entry

tree

/container
  /registry
    /docker.io
      /mirror: 192.168.50.40:8088, optional
      /insecure: true/false, default to false, or valueless

generated config:

unqualified-search-registries = ['docker.io']

[[registry]]
location = "192.168.50.40:8088"  <= location is required. if mirror not set, set as registry node name
insecure = true
prefix = "docker.io" <= registry node name

I'll do the second.

dmbaturin triaged this task as Normal priority.Jan 27 2025, 12:09 PM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
pasik subscribed.Jan 27 2025, 6:52 PM
sskaje updated the task description. (Show Details)Jan 28 2025, 9:10 AM
sskaje mentioned this in rVYOSONEX1dc3e8e87fd6: T7092: Add Container Registry Mirror.Mar 11 2025, 4:22 PM
sskaje mentioned this in rVYOSONEXf0d67d3a56ae: T7092: Regex for registry location.
sskaje mentioned this in rVYOSONEX24ed4567dc3d: T7092: Update help message.
sskaje mentioned this in rVYOSONEX77b53f1ab2c2: T7092: Update interface-definitions/container.xml.in.
sskaje mentioned this in rVYOSONEXa8e0f015ea91: T7092: Change validators: regex to host-name|address + port + path.
Restricted Repository Identity mentioned this in rVYOSONEX2b0b323f6ebe: Merge pull request #4321 from sskaje/T7092.Mar 11 2025, 4:22 PM
Viacheslav changed the task status from Open to Needs testing.Mar 11 2025, 7:22 PM
Viacheslav closed this task as Resolved.Mar 12 2025, 2:33 PM
Viacheslav moved this task from Need Triage to Completed on the VyOS Rolling board.
dmbaturin added projects: VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.3).Mar 25 2025, 10:18 PM
dmbaturin moved this task from Open to Finished on the VyOS 1.5 Circinus board.