Comments (11)
Ordinarily for help wanted
issues the author would probably help guide contributors, but I am going on vacation for a few weeks and will be relatively unavailable until sometime after July 25th.
@ameukam
and @dims
are repo approvers / admins and should be able to help in the meantime.
See also https://kubernetes.slack.com/archives/CCK68P2Q2/p1656629484801139?thread_ts=1656626472.238269&cid=CCK68P2Q2 in Kubernetes slack.
from registry.k8s.io.
AIUI cloud-run services are regional, we have configured a loadbalancer in front of N regional services.
So we should be able to do this without any code changes actually, just setting UPSTREAM_REGISTRY
env per each service / region.
from registry.k8s.io.
just setting UPSTREAM_REGISTRY env per each service / region.
The current HCL code handling the cloud-run services don't really allow to do that. There is only one HCL construct to handle all the cloud-run services:
We need to split between one construct per continent or construct per region.
from registry.k8s.io.
ACK -- that's fine, the point is that it's technically feasible and actually doesn't even require additional complexity in the runtime code, it will definitely add a touch to the deployment config.
from registry.k8s.io.
actually to clarify: it will need code change, because the API v2 endpoint is at us.gcr.io/v2 even though the registry is us.gcr.io/k8s-artifacts-prod
we will have to remap the URLs more intelligently than just substituting the base URL.
/assign
from registry.k8s.io.
#78 solves the auth problem with remapping registry.k8s.io/foo => us.gcr.io/k8s-artifacts-prod/foo
fairly minor code tweaks can inject the "k8s-artifacts-prod" aspect when needed.
I've hacked this up to prove that this issue is a viable approach, but I'll need to follow up with a clean PR.
so far I broke off the auth fix the other day, I'll follow up with the URL rewriting O(soon).
from registry.k8s.io.
The regions for AR will be:
- asia-east1 (Taiwan)
- asia-northeast1 (Tokyo)
- us-central1 (Iowa)
- us-east1 (South Carolina)
- us-east4 (West Virginia)
- europe-north1 (Finland)
- europe-west1 (Belgium)
- europe-west4 (Netherlands)
from registry.k8s.io.
Thanks.
We should start by redirecting to the 3 backing GCR, so we immediately unlock the option to point k8s.gcr.io at the oci-proxy as soon as that's running.
Then later when/if we have the artifact registries up, we can flip to those in the deployment config at any time.
from registry.k8s.io.
I'm thinking about doing the following:
-
registry.k8s.io
- Merge kubernetes/k8s.io#3904
- Apply 3904 to the prod project and modify each cloud run instance's
UPSTREAM_REGISTRY
to point to the closestgcr.io/k8s-artifacts-prod
registry - Observe and see what is happening
-
registry-sandbox.k8s.io
- Agree on what the AR repo name should be, it needs to be fixed name.
- Merge kubernetes/k8s.io#3904
- Create 3 AR Docker Repositories in the k8s-artifacts-prod project at us-central1, europe-west1 and asia-east1 and backfill it with gcrane. We can create more and backfill them later. This one needs a longer conversation but we spin up very large VMs in that project and run gcrane on it.
- Modify the oci-proxy sandbox deployment to run in us-central1, europe-west1, asia-east1
How does that sound?
Also, I examined the requests flow and it looks interesting:
# Ben, do we need to cut out the k8s.gcr.io hop and go to GCR directly?
mahamed@knative-e2e:~$ gcrane pull registry.k8s.io/kubernetes/pause:3.3 -v pause
2022/06/27 21:29:18 --> GET https://registry.k8s.io/v2/
2022/06/27 21:29:18 GET /v2/ HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept-Encoding: gzip
2022/06/27 21:29:18 <-- 308 https://registry.k8s.io/v2/ (25.157859ms)
2022/06/27 21:29:18 HTTP/2.0 308 Permanent Redirect
Content-Length: 58
Age: 465
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:21:33 GMT
Location: https://k8s.gcr.io/v2/
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: 50e1610fa16e4a1b420c22eaadb197bd
<a href="https://k8s.gcr.io/v2/">Permanent Redirect</a>.
2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/
2022/06/27 21:29:18 GET /v2/ HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://registry.k8s.io/v2/
Accept-Encoding: gzip
2022/06/27 21:29:18 <-- 401 https://k8s.gcr.io/v2/ (9.88756ms)
2022/06/27 21:29:18 HTTP/2.0 401 Unauthorized
Cache-Control: private
Content-Type: application/json
Date: Mon, 27 Jun 2022 21:29:18 GMT
Docker-Distribution-Api-Version: registry/2.0
Server: Docker Registry
Www-Authenticate: Bearer realm="https://k8s.gcr.io/v2/token",service="k8s.gcr.io"
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
{"errors":[{"code":"UNAUTHORIZED","message":"Unauthorized access."}]}
2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/token?scope=repository%3Akubernetes%2Fpause%3Apull&service=k8s.gcr.io [body redacted: basic token response contains credentials]
2022/06/27 21:29:18 GET /v2/token?scope=repository%3Akubernetes%2Fpause%3Apull&service=k8s.gcr.io HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept-Encoding: gzip
2022/06/27 21:29:18 <-- 200 https://k8s.gcr.io/v2/token?scope=repository%3Akubernetes%2Fpause%3Apull&service=k8s.gcr.io (12.756299ms) [body redacted: basic token response contains credentials]
2022/06/27 21:29:18 HTTP/2.0 200 OK
Cache-Control: private
Content-Type: application/json
Date: Mon, 27 Jun 2022 21:29:18 GMT
Docker-Distribution-Api-Version: registry/2.0
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
2022/06/27 21:29:18 --> GET https://registry.k8s.io/v2/kubernetes/pause/manifests/3.3
2022/06/27 21:29:18 GET /v2/kubernetes/pause/manifests/3.3 HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept: application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json
Authorization: <redacted>
Accept-Encoding: gzip
2022/06/27 21:29:18 <-- 308 https://registry.k8s.io/v2/kubernetes/pause/manifests/3.3 (12.978989ms)
2022/06/27 21:29:18 HTTP/2.0 308 Permanent Redirect
Content-Length: 88
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:29:18 GMT
Location: https://k8s.gcr.io/v2/kubernetes/pause/manifests/3.3
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: cc5bcde3ca85c4a0c98c12a830361c73
<a href="https://k8s.gcr.io/v2/kubernetes/pause/manifests/3.3">Permanent Redirect</a>.
2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/kubernetes/pause/manifests/3.3
2022/06/27 21:29:18 GET /v2/kubernetes/pause/manifests/3.3 HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept: application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json
Referer: https://registry.k8s.io/v2/kubernetes/pause/manifests/3.3
Accept-Encoding: gzip
2022/06/27 21:29:18 <-- 200 https://k8s.gcr.io/v2/kubernetes/pause/manifests/3.3 (42.748748ms)
2022/06/27 21:29:18 HTTP/2.0 200 OK
Content-Length: 1694
Content-Type: application/vnd.docker.distribution.manifest.list.v2+json
Date: Mon, 27 Jun 2022 21:29:18 GMT
Docker-Content-Digest: sha256:a319ac2280eb7e3a59e252e54b76327cb4a33cf8389053b0d78277f22bbca2fa
Docker-Distribution-Api-Version: registry/2.0
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"manifests": [
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 526,
"digest": "sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b",
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 526,
"digest": "sha256:a0171a0d58c0ae1a277bff097f8d38e0985b4343f396d2fa8810d3d59fbdf872",
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v7"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 526,
"digest": "sha256:9c4504dfea56cb8ce6e32432c5fd47afd3ce0f3c317165baa39f60eff4a7af24",
"platform": {
"architecture": "arm64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 526,
"digest": "sha256:972339de7b2584efd6c8b7e78cc7a769b445febf4c150ade780fbbcdc5308c60",
"platform": {
"architecture": "ppc64le",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 526,
"digest": "sha256:91403ca32837caf28cc20fa087f4065eb6f66681302d9b583d071ba65b2b462a",
"platform": {
"architecture": "s390x",
"os": "linux"
}
}
]
}
2022/06/27 21:29:18 --> GET https://registry.k8s.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
2022/06/27 21:29:18 GET /v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept: application/vnd.docker.distribution.manifest.v2+json
Authorization: <redacted>
Accept-Encoding: gzip
2022/06/27 21:29:18 <-- 308 https://registry.k8s.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b (12.397418ms)
2022/06/27 21:29:18 HTTP/2.0 308 Permanent Redirect
Content-Length: 156
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:29:18 GMT
Location: https://k8s.gcr.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: baf28dfc0bad5de970106a2ddabf4954
<a href="https://k8s.gcr.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b">Permanent Redirect</a>.
2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
2022/06/27 21:29:18 GET /v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept: application/vnd.docker.distribution.manifest.v2+json
Referer: https://registry.k8s.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
Accept-Encoding: gzip
2022/06/27 21:29:18 <-- 200 https://k8s.gcr.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b (36.574657ms)
2022/06/27 21:29:18 HTTP/2.0 200 OK
Content-Length: 526
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Date: Mon, 27 Jun 2022 21:29:18 GMT
Docker-Content-Digest: sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
Docker-Distribution-Api-Version: registry/2.0
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 743,
"digest": "sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 296517,
"digest": "sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b"
}
]
}
2022/06/27 21:29:18 --> GET https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
2022/06/27 21:29:18 GET /v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Authorization: <redacted>
Accept-Encoding: gzip
2022/06/27 21:29:18 <-- 308 https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da (13.546569ms)
2022/06/27 21:29:18 HTTP/2.0 308 Permanent Redirect
Content-Length: 152
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:29:18 GMT
Location: https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: f6df5afb7f2c510f0249a677865ab484
<a href="https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da">Permanent Redirect</a>.
2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
2022/06/27 21:29:18 GET /v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
Accept-Encoding: gzip
2022/06/27 21:29:19 <-- 302 https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da (73.829694ms)
2022/06/27 21:29:19 HTTP/2.0 302 Found
Cache-Control: private
Content-Type: application/json
Date: Mon, 27 Jun 2022 21:29:19 GMT
Docker-Distribution-Api-Version: registry/2.0
Location: https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
{"errors":[]}
2022/06/27 21:29:19 --> GET https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
2022/06/27 21:29:19 GET /us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da HTTP/1.1
Host: storage.googleapis.com
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
Accept-Encoding: gzip
2022/06/27 21:29:19 <-- 200 https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da (7.60083ms)
2022/06/27 21:29:19 HTTP/2.0 200 OK
Content-Length: 743
Accept-Ranges: bytes
Age: 3061
Cache-Control: public, max-age=3600
Content-Type: application/octet-stream
Date: Mon, 27 Jun 2022 20:38:18 GMT
Etag: "0359b2e0a8a16431d492e25acbc96060"
Expires: Mon, 27 Jun 2022 21:38:18 GMT
Last-Modified: Sat, 02 May 2020 11:30:26 GMT
Server: UploadServer
X-Goog-Generation: 1588419026716444
X-Goog-Hash: crc32c=Ro1FHw==
X-Goog-Hash: md5=A1my4KihZDHUkuJay8lgYA==
X-Goog-Metageneration: 1
X-Goog-Storage-Class: STANDARD
X-Goog-Stored-Content-Encoding: identity
X-Goog-Stored-Content-Length: 743
X-Guploader-Uploadid: ADPycdtsD0_exXDAB2sWgElZUOTRKxqoD1liy0roZ2-dxlYi8g18Bjgw_EIf0F1pwXLCQ3-226gG7tqYBDtfkcOTYiEnSQ
{"architecture":"amd64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Entrypoint":["/pause"],"WorkingDir":"/","OnBuild":null},"created":"2020-05-02T09:46:29.068489061Z","history":[{"created":"2020-05-02T09:46:29.068489061Z","created_by":"ARG ARCH","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2020-05-02T09:46:29.068489061Z","created_by":"ADD bin/pause-amd64 /pause # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2020-05-02T09:46:29.068489061Z","created_by":"ENTRYPOINT [\"/pause\"]","comment":"buildkit.dockerfile.v0","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:48a5e87615149095fad57d5db80f2cd9728b5562900eccb32842a45e8e8a61ae"]}}
2022/06/27 21:29:19 --> GET https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 GET /v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Authorization: <redacted>
Accept-Encoding: gzip
2022/06/27 21:29:19 <-- 308 https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b (14.525489ms) [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 HTTP/2.0 308 Permanent Redirect
Content-Length: 152
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:29:19 GMT
Location: https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: 1d288977a3d555348d511c3d7c38abc9
2022/06/27 21:29:19 --> GET https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 GET /v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b
Accept-Encoding: gzip
2022/06/27 21:29:19 <-- 302 https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b (32.950498ms) [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 HTTP/2.0 302 Found
Cache-Control: private
Content-Type: application/json
Date: Mon, 27 Jun 2022 21:29:19 GMT
Docker-Distribution-Api-Version: registry/2.0
Location: https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
2022/06/27 21:29:19 --> GET https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 GET /us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b HTTP/1.1
Host: storage.googleapis.com
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b
Accept-Encoding: gzip
2022/06/27 21:29:19 <-- 200 https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b (2.5075ms) [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 HTTP/2.0 200 OK
Content-Length: 296517
Accept-Ranges: bytes
Age: 3061
Cache-Control: public, max-age=3600
Content-Type: application/octet-stream
Date: Mon, 27 Jun 2022 20:38:18 GMT
Etag: "50d939767981cbef447a2d64207b6855"
Expires: Mon, 27 Jun 2022 21:38:18 GMT
Last-Modified: Sat, 02 May 2020 11:30:26 GMT
Server: UploadServer
X-Goog-Generation: 1588419026785955
X-Goog-Hash: crc32c=QPo/bA==
X-Goog-Hash: md5=UNk5dnmBy+9Eei1kIHtoVQ==
X-Goog-Metageneration: 1
X-Goog-Storage-Class: STANDARD
X-Goog-Stored-Content-Encoding: identity
X-Goog-Stored-Content-Length: 296517
X-Guploader-Uploadid: ADPycduHp5CWisIdIPMXWnQ7dK9z5JKyJHy6I7u0iy7UxyCkkemd4FFuum5isOVnT-M2apNKDm4E-25RCnneyX4BZBBlIw
from registry.k8s.io.
Apply 3904 to the prod project and modify each cloud run instance's UPSTREAM_REGISTRY to point to the closest gcr.io/k8s-artifacts-prod registry
We can't do that without another small change first, because of #77 (comment)
Ben, do we need to cut out the k8s.gcr.io hop and go to GCR directly?
yep, the goal is to remove the k8s.gcr.io hop so we have the option to redirect it to registry.k8s.io.
and that works with some small changes. I split off the 200 OK piece, need to go back and split off the other part, should get it this week, just at an event right now.
I think we should move AR discussion to a follow-up issue, and keep this one to not depending on the k8s.gcr.io regionalizing.
I think that's the most pressing step, and a prerequesite for switching to AR.
AR also needs discussion with release / image promoter tools owners.
from registry.k8s.io.
/assign
from registry.k8s.io.
Related Issues (20)
- Can't pull images from k8s.io in eu-west region over IPv6 HOT 10
- Not able to install K8s Cluster using kubeadm init command due to x509: certificate signed by unknown authority. HOT 3
- Unable to download docker images from registry.k8s.io due to x509: certificate is not valid for any names, but wanted to match prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com HOT 2
- Unable to download docker images from registry.k8s.io due to x509: certificate is not valid for any names, but wanted to match prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com HOT 1
- kubeadm init clone project to local compilation error HOT 11
- TLS handshake timeout pulling registry.k8s.io/kube-apiserver:v1.25.4 HOT 8
- Unable to pull registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.2 HOT 5
- Error response from daemon: Head "https://europe-west3-docker.pkg.dev/v2/k8s-artifacts-prod/images/sig-storage/csi-provisioner/manifests/v4.0.0": Forbidden HOT 3
- regional outage due to GCP us-west1 incident HOT 17
- Consider blocking some invalid requests at the edge HOT 1
- enable outlier detection HOT 5
- K8's registry block server IP HOT 4
- investigate switching to signed URLs HOT 4
- how to configure kubernetes registry to pull images i am getting image pull back issue HOT 1
- PULL REQUEST FAIL WHEN TRYING TO PULL IMAGE FROM registry.k8s.io HOT 4
- Disconnected Environments and "mirroring to a location you control" HOT 1
- Unable to access the registry when a specific User-Agent header is set HOT 13
- Handle missing referrers API HOT 4
- switch to aws-sdk-go-v2 HOT 3
- Please use subdomains for wildcard dns entries instead of path substitution HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from registry.k8s.io.