mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chun-Hung Hsiao <chhs...@mesosphere.io>
Subject Re: Review Request 58778: Supported GCE container registry.
Date Sat, 13 May 2017 00:45:06 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58778/
-----------------------------------------------------------

(Updated May 13, 2017, 12:45 a.m.)


Review request for mesos, Gilbert Song, Jie Yu, and Vinod Kone.


Changes
-------

Updated the logic so it is easier to support image secrets. In the future, we would like to
do the following things:
1. Support image secrets: `fetch()` would receive one more `data` argument for secret credentials,
and it would merge the default docker config and the secret credentials and pass the combined
`auths` into `getAuthHeaderBasic()`.
2. Currently the `Basic` credential is constructed in `fetch()` and thus if the token is expired
when downloading the blobs there's no way to get the `Basic` cerdential again. I'd like to
refactor this part so the `Basic` credential could be integrated into the `userinfo` field
in the new `URI` standard to avoid this problem, and the whole docker config should be processed
in the docker registry puller instead of the fetcher plugin.


Bugs: MESOS-7431
    https://issues.apache.org/jira/browse/MESOS-7431


Repository: mesos


Description
-------

Certain registries, such as GCE registry, reply 403 instead of 401 for
unauthorized requests. When fetching image manifests and blobs, instead
of sending out unauthorized requests first and waiting for a possible
401, we should always look up the docker config and send requests with
basic authorization when possible.


Diffs (updated)
-----

  src/uri/fetchers/docker.cpp dbfc1b2f2918ccaf90fa31496a0792f585489397 


Diff: https://reviews.apache.org/r/58778/diff/2/

Changes: https://reviews.apache.org/r/58778/diff/1-2/


Testing
-------

sudo make check (covers all supported public registries)
Manually tested on the following private registries:
1. Local registry (2.0.1, 2.1.1, 2.2.1, ..., 2.6.1)
2. Amazon ECR
3. Google GCR
4. JFrog SaaS
5. Local Nexus registry 3.3.1


Thanks,

Chun-Hung Hsiao


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message