Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support insecure registries in non-daemon case #524

Closed
Tracked by #246
jromero opened this issue Feb 9, 2021 · 10 comments
Closed
Tracked by #246

Support insecure registries in non-daemon case #524

jromero opened this issue Feb 9, 2021 · 10 comments
Assignees
@natalieparellano
Labels
status/ready type/enhancement New feature or request
Milestone
lifecycle 0.19.0

Comments

@jromero
Copy link
Member

jromero commented Feb 9, 2021

Summary

As a developer, I'd like to be able to publish app images to an "insecure" registry in the non-daemon case.

(NOTE: I mention non-daemon case because the daemon case is controlled/configured via Docker Desktop.)

Currently, this partly works in some local setups because GGCR attempts to detect protocol.

In my current development environment, it doesn't work because I'm routing to the registry from inside a container and thereby referencing it as host.docker.internal which doesn't match GGCR's logic.

A potential solution may be to go to GGCR and request that host.docker.internal be added to their detection logic BUT it seems like this may be desirable in other scenarios. (See prior art).

Proposed Solution

Since there are multiple images at play sometimes, instead of a single global flag --insecure (like kaniko) add a variadic flag + matching character separated env var for insecure registries.

For example:

analyzer --insecure-registry=my-registry.com/here/  --insecure-registry=host.docker.internal
CNB_INSECURE_REGISTRIES="my-registry.com/here/;host.docker.internal"
analyzer ...

Prior Art
@jromero jromero mentioned this issue Feb 9, 2021
Open
@jabrown85
Copy link
Contributor

Discussion on Feb 11 - Attendees agree and an RFC will be produced to capture details.

@natalieparellano natalieparellano added the type/enhancement New feature or request label Apr 14, 2021
@aemengo aemengo mentioned this issue Apr 19, 2021
Closed
@jromero jromero mentioned this issue Jun 17, 2021
Open
@jromero
Copy link
Member Author

jromero commented Jun 17, 2021

Another platform specific use case (Tekton) where this feature would be useful: buildpacks/tekton-integration#31 (comment)

@tpiperatgod tpiperatgod mentioned this issue Mar 28, 2022
Open
@wanjunlei
Copy link

Any progress on this? Or is there a definite plan? Is there anything I can do?

@natalieparellano
Copy link
Member

Thank you, @wanjunlei - at this point, I believe what we'd need to move forward is an RFC defining the user interface to the lifecycle (it could build off of @jromero's proposal above or be something different). Would you be interested in helping with that? If so, I'd be happy to help guide you through the process. You can find me as narellano in CNCF Slack for real-time conversation.

@wanjunlei
Copy link

I had created an RFC buildpacks/rfcs#229 @natalieparellano .

@enrichman enrichman mentioned this issue Nov 18, 2022
Closed
@wanjunlei
Copy link

Hi @natalieparellano , the RFC had merged, what do I need to do next, start coding or update the platform API?

@jjbustamante jjbustamante mentioned this issue Dec 6, 2022
Open
7 tasks
@jjbustamante
Copy link
Member

Hi @wanjunlei, the final implementation requires several updates in different repositories. the following tracking issue was created to follow up that work.

The issues there are marked as to be done, so in my opinion you can start working on the lifecycle implementation, later we can work on creating and filling the issues on the other repositories. Also, you can create a draft PR in the spec repository and start collecting feedback there, once the issue is created in the spec repo you can link the PR to it.

@wanjunlei
Copy link

Hi @wanjunlei, the final implementation requires several updates in different repositories. the following tracking issue was created to follow up that work.

The issues there are marked as to be done, so in my opinion you can start working on the lifecycle implementation, later we can work on creating and filling the issues on the other repositories. Also, you can create a draft PR in the spec repository and start collecting feedback there, once the issue is created in the spec repo you can link the PR to it.

OK, I will start working on the lifecycle implementation first.

@motoki317 motoki317 mentioned this issue Apr 28, 2023
Closed
@cmoulliard cmoulliard mentioned this issue May 2, 2023
Closed
@natalieparellano natalieparellano mentioned this issue May 2, 2023
Open
@natalieparellano natalieparellano added this to the lifecycle 0.18.0 milestone Jun 21, 2023
@jjbustamante jjbustamante mentioned this issue Nov 2, 2023
Merged
@natalieparellano
Copy link
Member

Most of the work was already done in #1140 - but, we need to expose this functionality by declaring the lifecycle supports Platform 0.13

@natalieparellano natalieparellano self-assigned this Feb 7, 2024
@natalieparellano
Copy link
Member

I'm going to close this one out as #1287 will likely add 0.13 to the list of supported Platform APIs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@natalieparellano natalieparellano

Labels
status/ready type/enhancement New feature or request
Projects
None yet
Milestone
lifecycle 0.19.0
Development

No branches or pull requests
5 participants
@jromero @jabrown85 @jjbustamante @natalieparellano @wanjunlei