New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/docker-registry: add configuration options to support image deletions #37871
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just found two issues, will fix them and document the breaking change with extraConfig
in the release notes
script = '' | ||
${pkgs.docker-distribution}/bin/registry serve \ | ||
${pkgs.docker-distribution.out}/share/go/src/github.com/docker/distribution/cmd/registry/config-example.yml | ||
environment = cfg.extraConfig; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually we should drop this and merge the extraConfig
with the configuration tree
|
||
redisPassword = mkOption { | ||
type = types.str; | ||
default = "asecret"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should not use set a secret as default here
1982095
to
3e2e57d
Compare
/cc @globin |
@fpletz @globin: @ironpinguin and I implemented basic support for garbage collection (including an enhanced testcase, would be cool if you could have a look at it) :) |
'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data' | ||
); | ||
|
||
$client1->succeed("docker push registry:8080/scratch"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are you pushing the image again?
Wouldn't be sufficient to do this test just before starting the garbage collector (around line 40)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we wanted to ensure that after running gc and confirming that all blobs were purged that the registry is still functional akd can receive new images
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, thanks
dd7d408
to
db0d5c7
Compare
is there anything that keeps us from merging this patch? |
db0d5c7
to
a71c4c1
Compare
|
||
redisUrl = mkOption { | ||
type = types.str; | ||
default = "localhost:6479"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
6379?
a71c4c1
to
b2b6a1b
Compare
@globin good catch - thanks! |
b2b6a1b
to
f7f8cd3
Compare
The following changes have been applied: - the property `http.headers.X-Content-Type-Options` must a list of strings rather than a serialized list - instead of `/etc/docker/registry/config.yml` the configuration will be written with `pkgs.writeText` and the store path will be used to run the registry. This reduces the risk of possible impurities by relying on the Nix store only. - cleaned up the property paths to easy readability and reduce the verbosity. - enhanced the testcase to ensure that digests can be deleted as well - the `services.docker-registry.extraConfig` object will be merged with `registryConfig` /cc @ironpinguin
f7f8cd3
to
afd3136
Compare
Motivation for this change
The main purpose of this PR originally prepared by @ironpinguin and finished by myself was to allow deletions of image revisions in a docker registry.
The original module used the sample configuration provided by
docker/distribution
which disabled this feature. We decided to generate a JSON-based config based on a Nix object that can be filled with values from the configuration. Furthermore the testcase ensures now that images can be deleted.Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)