Allow Actions to be pulled from any registry

[jacobweinstock]

Allowing Actions to be pulled from any registry has been brought up many times in community meetings, in slack, and through GitHub issues (#469, #303, tinkerbell/playground#45). I would like to document, discuss, and capture the context and touchpoints for this change.

CC @abhinavmpandey08

Context

Current State

Currently, only a single container registry can be used in the Tinkerbell stack (for tink-worker and Actions image downloading). This registry must-have auth enabled (I believe this to be the case, but I'm only about 85% sure) as well.

Desired State

Any combination of registries, with or without auth, is supported in Actions and for the tink-worker download.

Touchpoints in the stack

Tink worker

Tink worker is what ultimately crafts the registry's URL and then performs the pulling down of a container image. A single registry is passed to the tink-worker at its runtime. See here). Then that registry is prepended to all image names (image names defined in each action). See here.

Boots

Boots, at runtime, requires the following environment variables: DOCKER_REGISTRY,REGISTRY_USERNAME, REGISTRY_PASSWORD. These variables get passed on to the in-memory operating system (Hook) as kernel command-line parameters. See here.

Hook

Hook is responsible for starting up the tink-worker. See here. As a part of the tink-worker start-up process, Hook parses its kernel command-line parameters in order to get the container registry and auth. See here. Hook then uses the parsed values as environment variables in the container start-up of tink-worker. See here.

[jacobweinstock]

If anyone knows other touchpoints, please do comment. thank you!

[abhay-krishna]

Hey @jacobweinstock, can you cc Abhinav from our team, who is leading the efforts on this? Thanks!

[jacobweinstock]

Ah, so sorry about that @abhay-krishna!

CC @abhinavmpandey08

[abhay-krishna]

I am not part of the main efforts but can definitely contribute with thoughts and touchpoints.