Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support /etc/containerd/certs.d/<HOST:PORT>/hosts.toml #642

Merged
merged 5 commits into from
Jan 11, 2022
Merged

Support /etc/containerd/certs.d/<HOST:PORT>/hosts.toml #642

merged 5 commits into from
Jan 11, 2022

Conversation

AkihiroSuda
Copy link
Member

@AkihiroSuda AkihiroSuda commented Dec 20, 2021
edited
Loading

@AkihiroSuda AkihiroSuda added enhancement New feature or request impact/major labels Dec 20, 2021
@AkihiroSuda AkihiroSuda force-pushed the hosts-toml branch 8 times, most recently from a1ffe2b to d0942a3 Compare December 23, 2021 12:58
@AkihiroSuda AkihiroSuda added this to the v0.16.0 milestone Dec 23, 2021
@AkihiroSuda AkihiroSuda mentioned this pull request Dec 24, 2021
Merged
@AkihiroSuda AkihiroSuda changed the title [WIP] Support /etc/containerd/certs.d/<HOST:PORT>/hosts.toml Support /etc/containerd/certs.d/<HOST:PORT>/hosts.toml Dec 24, 2021
dmcgowan
dmcgowan reviewed Dec 27, 2021
View reviewed changes
cmd/nerdctl/login.go
if acArg == host {
if auth.RegistryToken != "" {
// Even containerd/CRI does not support RegistryToken as of v1.4.3,
// so, nobody is actually using RegistryToken?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not really necessary and the only use of it I know of was for Docker swarm. It solves the problem of sending unscoped credentials to nodes, however, the tokens end up being long lived and passed directly to registries. The better solution is using scoped refresh tokens. It would be good to support scoping somewhere here, although that does not work well with the docker login approach.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, the current goal is to just emulate Swarm-less docker login

@AkihiroSuda AkihiroSuda mentioned this pull request Jan 5, 2022
Closed
@AkihiroSuda AkihiroSuda linked an issue Jan 5, 2022 that may be closed by this pull request
Add support for mirrors #668
Closed
@AkihiroSuda
tests: split pkg/testutil/nettestutil
517a4b7 
Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda
tests: split pkg/testutil/testregistry
ad0f1fc 
Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda
TestPushInsecureWithLogin: improve coverage
509c7fa 
Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda
Support /etc/containerd/certs.d/<HOST:PORT>/hosts.toml
cefc5d4 
See `docs/registry.md`

Fix issue 639

`nerdctl login` still ignore the hosts dir.
Fixed in the next commit.

Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda
login: use containerd library (support hosts.toml)
2d9569e 
Depends on containerd/containerd PR 6396

Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda AkihiroSuda marked this pull request as ready for review January 7, 2022 06:02
@AkihiroSuda AkihiroSuda requested review from ktock and dmcgowan January 7, 2022 06:03
ktock
ktock approved these changes Jan 11, 2022
View reviewed changes
Copy link
Member

@ktock ktock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@AkihiroSuda AkihiroSuda merged commit 254f4eb into containerd:master Jan 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ktock ktock ktock approved these changes

@dmcgowan dmcgowan Awaiting requested review from dmcgowan

Assignees
No one assigned
Labels
enhancement New feature or request impact/major
Projects
None yet
Milestone
v0.16.0
Development

Successfully merging this pull request may close these issues.

Add support for mirrors Support /etc/containerd/certs.d/<HOST>/hosts.toml (with tests)
3 participants
@AkihiroSuda @dmcgowan @ktock