Git Product home page Git Product logo

coredns-oci's Introduction

oci

Name

oci - pull OCI artifacts from repositories

Description

oci pulls an OCI artifact into the site using the oras Go SDK. This makes it possible to deploy your zones with a simple oci pull.

The oci plugin starts a service routine that runs during the lifetime of the server. When the service starts, it pulls the artifacts from the repository.

If a pull fails, the service will retry up to three time. Each request will additionally try 3 times if certain response are returned by the repository.

NOTE: This plugin makes use of oras' retry client and will attempt additional retries for each attempt. See oras/registry/remote/retry for the default retry policy.

If the pull was not successful by then, it won't try again until the next interval.

This plugin is inspired by MiekG's git plugin and borrows some syntax and logic.

Syntax

oci REPO [PATH]

  • REPO is the URL to the repository

  • PATH is the path, relative to site root, to pull the artifacts into; default is site root

This simplified syntax pulls the latest tag every 3600 seconds (1 hour) and only works for public repositories.

For more control or to use a private repository, use the following syntax:

oci [REPO PATH] {
  repo              REPO
  path              PATH
  username      USERNAME
  password      PASSWORD
  interval         INTERVAL
}

  • REPO is the URL to the repository; only HTTP/S URLs (http(s):// must be ommitted) are supported.

  • PATH is the path to pull the artifacts into; default is site root (if set). It can be absolute or relative (to site root). See the root plugin.

  • INTERVAl is the number of seconds between pulls; default is 3600 (1 hour), minimum 5.

  • USERNAME is the username to log into the remote repository.

  • PASSWORD is the password to log into the remote repository`

  • IMSECURE if set to "true" connects to the repository with plain HTTP

Examples

Public repository pulled into site root every hour:

example.org {
    root /etc/zones
    oci registry-1.docker.io/ganawaj/demo:0.0.2
}

Private repository pulled into "example.org" directory or /etc/zones/example.org

example.org {
    root /etc/zones
    oci registry-1.docker.io/ganawaj/demo:0.0.2 {
      path example.org
      username ganawaj
      password dckr_pat_THISISANEXAMPLE
      interval 10
    }
}

Local private repository with no authentication using plain HTTP. Tag latest is assummed.

example.org {
    root /etc/zones
    oci localhost:5000/ganawaj/demo {
      path example.org
      insecure true
    }
}

Full example using file plugin assuming demo pulls a db.example.org artifact

example.org {
    root /etc/zones

    oci registry-1.docker.io/ganawaj/demo:0.0.2 {
      path example.org
      username ganawaj
      password dckr_pat_THISISANEXAMPLE
      interval 10
    }

    file example.org/db.example.org
}

Also See

The root plugin for setting the root.

The git plugin for inspiration for this plugin.

The auto or file plugin for reading zone files from disk.

coredns-oci's People

Contributors

ganawaj avatar

Watchers

avatar

coredns-oci's Issues

Only accept certain OCI mediaTypes or disallow mediaTypes

There are currently no restrictions on the type of OCI artifacts that can be pulled - it's technically possible to pull a Helm Chart, an OCI container layer or any OCI file which could potentially cause issues.

Ideally, I'd like to add a standard oci spec compliant media type to prevent accidents, like:

application/vnd.oci.zones.v1+json

Additionally, add a parameter block, with defaults, to verify:

oci registry-1.docker.io/ganawaj/test:0.0.2 {
...
  verify {
    media_type application/vnd.oci.zones.v1+json
  }
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.