Comments (16)
I'm currently finishing up a basic test set. Having this in place is a prerequisite for adding new features. Once that is done, pattern based mapping and filtering is the first feature on my list. I have a few ideas for that, but really can't say when I'll get this done. I hope I get some time over the holidays.
from dregsy.
There is an alpha implementation available now in branch filter
. To try it out, first have a look at the design document, which gives an overview of the approach and a few examples. There's also a Docker image xelalex/dregsy:filter
over at DockerHub. But remember, it's still alpha and I'm sure it will need a bit more work. Nevertheless, basic functionality is there.
from dregsy.
That's currently not possible, but would be really useful. I'll look into it.
from dregsy.
@fredgate it's interesting, though how would you suggest the to & tags fields to work in that context?
from dregsy.
Hi folks,
Any updates on this by any chance? I was looking at https://github.com/bdudelsack/docker-registry-mirror which allows passing a regex to match tags in the source. It can be a little clunky but it can allow for some really powerful stuff.
from dregsy.
I trying to test xelalex/dregsy:filter but unfortunately my CA bundle is not available when regex is unable (only with regex)
X509 certificate signed by unknown authority
I tried to add my AC with update-certificates without more success
from regex:test/* -> ko
from test/docker -> ok
relay:docker
from dregsy.
Same with skip-tls-verify: true and skopeo
For information I'm using proxy, but source and target are in NO_PROXY env value and works well without regex
EDIT: same with proxy removed from system/docker
from dregsy.
Could you post your config?
from dregsy.
relay: skopeo
skopeo:
# path to the skopeo binary; defaults to 'skopeo', in which case it needs to
# be in PATH
binary: skopeo
# directory under which to look for client certs & keys, as well as CA certs
# (see note below)
certs-dir: /etc/docker/certs.d
docker:
# Docker host to use as the relay
dockerhost: unix:///var/run/docker.sock
# Docker API version to use, defaults to 1.24
api-version: 1.24
tasks:
- name: task1
interval: 60
source:
registry: a.fr
auth: xxxxxxxxxxxxxx
skip-tls-verify: true
target:
registry: b.fr
auth: xxxxxxxxxxxxxx
skip-tls-verify: true
mappings:
- from: regex:images/.*
to: images/internet/
tag: latest
# works
# - from: images/docker
# to: images/internet/docker
# tag: latest
# - from: images/traefik
# to: images/internet/traefik
# tag: latest
from dregsy.
Can you also post a log, with the task set to verbose, and env var LOG_LEVEL=debug
? Also, does the registry you're using support the v2/_catalog
API? That's the default lister, and is being used here since you're not specifying a different lister in source
.
from dregsy.
I think I may have found the problem. The catalog
lister was not minding the skip-tls-verify
property of the source. This is fixed. I pushed an update to the filter
image.
Edit: Above is of course only a solution if you can live with skip-tls-verify
. To use proper TLS verification with custom CAs not covered by the bundle present in the dregsy container, update-certificates
is not the right path. Have a look at section Repository Validation & Client Authentication with TLS in the README.
from dregsy.
Ok I will test soon, I'm out of office
I missed the syntax about lister in documentation ?
I just try to add lister in block ?
source:
registry: a.fr/
lister: v2/_catalog
Yes about the CA, I just tried with update-certificates also, I added the CA in /etc/docker/certs.d but without more success, maybe there is something wrong because I just want make a quick test with skip-tls-verify
from dregsy.
Since this is still an alpha feature not yet merged into master
, there is no documentation in the top level README. Please have a look at the design document. This gives detailed explanation & examples on how to use image matching.
Re custom CAs, please make sure you're creating proper sub-folders underneath /etc/docker/certs.d/
for Docker relay, and /etc/skopeo/certs.d
for Skopeo relay. The top level README has detailed info on that. There are a few subtleties to watch out for, such as sub-folder name and cert file ending.
from dregsy.
I'm using latest clair image, v2 api is enabled
I will check and debug
from dregsy.
Could you share your email please ? I will send to you more informations about my tests
numsys - @ - free - fr
from dregsy.
merged as alpha-feature into master
from dregsy.
Related Issues (20)
- Publish binaries as part of the release HOT 2
- Regular expression does not work if the name contains the symbol '_' HOT 9
- Make dregsy crash when the registry is unreachable HOT 4
- Allow use of IRSA for uses of dregsy in a Kubernetes (Cron)Job HOT 2
- Add option to specify destination tag
- Failing to sync between artifactory and ecr HOT 8
- support multiple destination path HOT 7
- question about the `keep` keyword HOT 9
- dregsy stopped working sometimes by giving "exec format error" HOT 6
- Artifacts migration between two internal Nexus Registry HOT 2
- Arch Issue with Image syncing HOT 10
- option to pass registry auth token using k8s secret HOT 5
- GCP auth per target and source HOT 2
- [feat req/debate] adding support for image digests with the skopeo relay HOT 8
- exit status 1 when pushing to GAR HOT 3
- platform architecture destination tag labeling HOT 1
- 1 to many target mapping? HOT 1
- Split config and credentials/secrets HOT 2
- add latest count limit to tag pruning HOT 1
- automatic restart on config file change HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dregsy.