Skip to content

Add custom capabilities setting to registry config #6077

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add custom capabilities setting to registry config #6077

wants to merge 1 commit into from
+93 −2

Conversation

wjordan
Copy link

@wjordan wjordan commented Jul 10, 2025

Allows a registry mirror to be configured with the "push" capability which can be helpful in some proxy use-cases.

tonistiigi
tonistiigi reviewed Jul 11, 2025
View reviewed changes
util/resolver/resolver_test.go Outdated
description: "http_mirror",
scheme: "http",
path: defaultPath,
capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this missing "push" if it should use default?

Copy link
Author

@wjordan wjordan Jul 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default capabilities for a registry mirror are ["pull", "resolve"], this PR doesn't change that:

buildkit/util/resolver/resolver.go

Line 180 in 0506df9

Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,

that http_mirror test just adds missing coverage for the existing (unchanged) behavior.

For more context on why this default is the way it is, see the capabilities field section in the containerd registry configuration documentation:

For example, pushing is a capability which should only be performed on an upstream
source, not a mirror.

Registry Type Pull Resolve Push
Public Registry yes yes yes
Private Registry yes yes yes
Public Mirror yes no no
Private Mirror yes yes no

This PR just enables 'push' to be added to a mirror for the narrow kind of use-case where it is actually useful to push to a mirror host, such as a local proxy (that will cache the content locally before forwarding it back upstream).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But we don't have a separate config for mirror parameters. If this is happening because the test is always accessing through docker.io then add another testcase that tests accessing yourmirror.local directly and check that then it does have push cap.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I've reworked the test around to add an extra test case showing this behavior.

@wjordan wjordan force-pushed the registryconfig-capabilities branch from 92cdb05 to aaaf978 Compare July 11, 2025 04:25
@wjordan
Add custom capabilities setting to registry config
caadce7 
Allows a registry mirror to be configured with the "push"
capability which can be helpful in some proxy use-cases.

Signed-off-by: Will Jordan <[email protected]>
@wjordan wjordan force-pushed the registryconfig-capabilities branch from aaaf978 to caadce7 Compare July 11, 2025 06:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi tonistiigi left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@wjordan wjordan

Labels
area/testing area/util
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wjordan @tonistiigi