feat: add support for client tls on a per registry basis #708
Conversation
…via key=value style cli switch
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here (e.g. What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
|
I signed it! |
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
darkdragn
changed the title
There was a problem hiding this comment.
@darkdragn Thanks for the PR.
Can you please add some tests?
|
@tejal29 Sorry about the delay, it's been a busy week. I'll try adding some throughout the week, but I'll have some up by this weekend at the latest. Let me know if that time frame doesn't work, if we're trying to make it into a beta/milestone/something, and I'll do what I can to move some work around and get to it earlier. |
|
no worries @darkdragn. Thanks! |
|
@darkdragn thanks for this PR, it's extremely useful and I'd love to see it merged. Would you be able to write the tests? |
|
@bputt do you want to take this up? |
|
@tejal29 I'm not a go dev, but prob could figure it out if I want this to get merged into master ;)....Can confirm it works in prod (test it live!) |
|
@tejal29 @darkdragn this job looks great. I am eager to take this up if needed. It would be too bad to lose it. |
|
@antechrestos feel free, it'd be much appreciated |
|
@bputt to do so I have two scenarios
|
|
@antechrestos I like option 1 |
|
I would like @tejal29 's point of view. Best of all would be @darkdragn 's return 😏 |
|
@tejal29 @bputt in fact I've just tested it against my companies' registry that uses a self-signed certificate and found out that this change does not bring what I was looking for. Looking further, I found out that this change uses an ssl authentication and does not import the registry certificate. I tested to use ssl authentication on gitlab registry and did not succeeded. I am going to submit a new PR that allows user to import a registry certificate. See #1037 |
|
@darkdragn does the change brought by #1037 suits your needs? If so, could you close this PR? |
|
@antechrestos I can test the change once you release a newer version and push it up to dockerhub |
|
@bputt I am not a core contributor. Hence I cannot make a release. However you may checkout the project and run a |
|
@antechrestos you can make a docker image and push it docker hub if you have access to a public registry. All you have to do is run and then you can push the images via docker command. |
|
@bputt #1037 was released in 0.19 and the current version is 0.22. @tejal29 the current change brought by this pull request was to provide a key pair of key to authenticate against a private registry? It seems to be the analogue of protecting the daemon socket Because currently we already have options to provide per registry certificates option. @darkdragn can you confirm us that this pull request can be closed? |
Thanks @antechrestos for the explanation. Will wait for @darkdragn response. |
|
closing due to inactivity |
Added a --registry-tls switch, using key=value style string, supporting keys [registry,cert,key] allowing multiple tls certs.