nixos/docker-registry: add configuration options to support image deletions #37871
Conversation
| script = '' | ||
| ${pkgs.docker-distribution}/bin/registry serve \ | ||
| ${pkgs.docker-distribution.out}/share/go/src/github.com/docker/distribution/cmd/registry/config-example.yml | ||
| environment = cfg.extraConfig; |
There was a problem hiding this comment.
actually we should drop this and merge the extraConfig with the configuration tree
|
|
||
| redisPassword = mkOption { | ||
| type = types.str; | ||
| default = "asecret"; |
There was a problem hiding this comment.
we should not use set a secret as default here
Ma27
force-pushed
the
docker-registry-enhancements
branch
from
1982095
to
3e2e57d
Compare
|
/cc @globin |
|
@fpletz @globin: @ironpinguin and I implemented basic support for garbage collection (including an enhanced testcase, would be cool if you could have a look at it) :) |
| 'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data' | ||
| ); | ||
|
|
||
| $client1->succeed("docker push registry:8080/scratch"); |
There was a problem hiding this comment.
Why are you pushing the image again?
Wouldn't be sufficient to do this test just before starting the garbage collector (around line 40)?
There was a problem hiding this comment.
we wanted to ensure that after running gc and confirming that all blobs were purged that the registry is still functional akd can receive new images
ironpinguin
force-pushed
the
docker-registry-enhancements
branch
from
dd7d408
to
db0d5c7
Compare
|
is there anything that keeps us from merging this patch? |
Ma27
force-pushed
the
docker-registry-enhancements
branch
from
db0d5c7
to
a71c4c1
Compare
|
|
||
| redisUrl = mkOption { | ||
| type = types.str; | ||
| default = "localhost:6479"; |
Ma27
force-pushed
the
docker-registry-enhancements
branch
from
a71c4c1
to
b2b6a1b
Compare
|
@globin good catch - thanks! |
Ma27
force-pushed
the
docker-registry-enhancements
branch
from
b2b6a1b
to
f7f8cd3
Compare
The following changes have been applied: - the property `http.headers.X-Content-Type-Options` must a list of strings rather than a serialized list - instead of `/etc/docker/registry/config.yml` the configuration will be written with `pkgs.writeText` and the store path will be used to run the registry. This reduces the risk of possible impurities by relying on the Nix store only. - cleaned up the property paths to easy readability and reduce the verbosity. - enhanced the testcase to ensure that digests can be deleted as well - the `services.docker-registry.extraConfig` object will be merged with `registryConfig` /cc @ironpinguin
Ma27
force-pushed
the
docker-registry-enhancements
branch
from
f7f8cd3
to
afd3136
Compare
Motivation for this change
The main purpose of this PR originally prepared by @ironpinguin and finished by myself was to allow deletions of image revisions in a docker registry.
The original module used the sample configuration provided by
docker/distributionwhich disabled this feature. We decided to generate a JSON-based config based on a Nix object that can be filled with values from the configuration. Furthermore the testcase ensures now that images can be deleted.Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)