Since k8s.gcr.io regionalizes to {eu,us,asia} GCR registries today, if we hav

<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="12

The regions for AR will be: asia-east1 (Taiwan) asia-

I'm thinking about doing the following: <code c

regionalize GCR in oci-proxy,about kubernetes/registry.k8s.io

Comments (11)

BenTheElder commented on July 28, 2024 2

Ordinarily for help wanted issues the author would probably help guide contributors, but I am going on vacation for a few weeks and will be relatively unavailable until sometime after July 25th.

@ameukam and @dims are repo approvers / admins and should be able to help in the meantime.

from registry.k8s.io.

BenTheElder commented on July 28, 2024

AIUI cloud-run services are regional, we have configured a loadbalancer in front of N regional services.

So we should be able to do this without any code changes actually, just setting UPSTREAM_REGISTRY env per each service / region.

from registry.k8s.io.

ameukam commented on July 28, 2024

just setting UPSTREAM_REGISTRY env per each service / region.

The current HCL code handling the cloud-run services don't really allow to do that. There is only one HCL construct to handle all the cloud-run services:

https://github.com/kubernetes/k8s.io/blob/58af71b38de3493b76b0440dff817e07f68795c9/infra/gcp/terraform/k8s-infra-oci-proxy-prod/oci-proxy-prod.tf#L82-L121

We need to split between one construct per continent or construct per region.

from registry.k8s.io.

BenTheElder commented on July 28, 2024

ACK -- that's fine, the point is that it's technically feasible and actually doesn't even require additional complexity in the runtime code, it will definitely add a touch to the deployment config.

from registry.k8s.io.

BenTheElder commented on July 28, 2024

actually to clarify: it will need code change, because the API v2 endpoint is at us.gcr.io/v2 even though the registry is us.gcr.io/k8s-artifacts-prod

we will have to remap the URLs more intelligently than just substituting the base URL.

/assign

from registry.k8s.io.

BenTheElder commented on July 28, 2024

#78 solves the auth problem with remapping registry.k8s.io/foo => us.gcr.io/k8s-artifacts-prod/foo

fairly minor code tweaks can inject the "k8s-artifacts-prod" aspect when needed.
I've hacked this up to prove that this issue is a viable approach, but I'll need to follow up with a clean PR.

so far I broke off the auth fix the other day, I'll follow up with the URL rewriting O(soon).

from registry.k8s.io.

upodroid commented on July 28, 2024

The regions for AR will be:

asia-east1 (Taiwan)
asia-northeast1 (Tokyo)
us-central1 (Iowa)
us-east1 (South Carolina)
us-east4 (West Virginia)
europe-north1 (Finland)
europe-west1 (Belgium)
europe-west4 (Netherlands)

https://github.com/kubernetes/k8s.io/blob/main/infra/gcp/terraform/k8s-infra-oci-proxy-prod/variables.tf

from registry.k8s.io.

BenTheElder commented on July 28, 2024

Thanks.

We should start by redirecting to the 3 backing GCR, so we immediately unlock the option to point k8s.gcr.io at the oci-proxy as soon as that's running.

Then later when/if we have the artifact registries up, we can flip to those in the deployment config at any time.

from registry.k8s.io.

upodroid commented on July 28, 2024

I'm thinking about doing the following:

registry.k8s.io
- Merge kubernetes/k8s.io#3904
- Apply 3904 to the prod project and modify each cloud run instance's UPSTREAM_REGISTRY to point to the closest gcr.io/k8s-artifacts-prod registry
- Observe and see what is happening
registry-sandbox.k8s.io
- Agree on what the AR repo name should be, it needs to be fixed name.
- Merge kubernetes/k8s.io#3904
- Create 3 AR Docker Repositories in the k8s-artifacts-prod project at us-central1, europe-west1 and asia-east1 and backfill it with gcrane. We can create more and backfill them later. This one needs a longer conversation but we spin up very large VMs in that project and run gcrane on it.
- Modify the oci-proxy sandbox deployment to run in us-central1, europe-west1, asia-east1

How does that sound?

Also, I examined the requests flow and it looks interesting:

# Ben, do we need to cut out the k8s.gcr.io hop and go to GCR directly?

mahamed@knative-e2e:~$ gcrane pull registry.k8s.io/kubernetes/pause:3.3 -v pause
2022/06/27 21:29:18 --> GET https://registry.k8s.io/v2/
2022/06/27 21:29:18 GET /v2/ HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept-Encoding: gzip


2022/06/27 21:29:18 <-- 308 https://registry.k8s.io/v2/ (25.157859ms)
2022/06/27 21:29:18 HTTP/2.0 308 Permanent Redirect
Content-Length: 58
Age: 465
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:21:33 GMT
Location: https://k8s.gcr.io/v2/
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: 50e1610fa16e4a1b420c22eaadb197bd

<a href="https://k8s.gcr.io/v2/">Permanent Redirect</a>.


2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/
2022/06/27 21:29:18 GET /v2/ HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://registry.k8s.io/v2/
Accept-Encoding: gzip


2022/06/27 21:29:18 <-- 401 https://k8s.gcr.io/v2/ (9.88756ms)
2022/06/27 21:29:18 HTTP/2.0 401 Unauthorized
Cache-Control: private
Content-Type: application/json
Date: Mon, 27 Jun 2022 21:29:18 GMT
Docker-Distribution-Api-Version: registry/2.0
Server: Docker Registry
Www-Authenticate: Bearer realm="https://k8s.gcr.io/v2/token",service="k8s.gcr.io"
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{"errors":[{"code":"UNAUTHORIZED","message":"Unauthorized access."}]}
2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/token?scope=repository%3Akubernetes%2Fpause%3Apull&service=k8s.gcr.io [body redacted: basic token response contains credentials]
2022/06/27 21:29:18 GET /v2/token?scope=repository%3Akubernetes%2Fpause%3Apull&service=k8s.gcr.io HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept-Encoding: gzip


2022/06/27 21:29:18 <-- 200 https://k8s.gcr.io/v2/token?scope=repository%3Akubernetes%2Fpause%3Apull&service=k8s.gcr.io (12.756299ms) [body redacted: basic token response contains credentials]
2022/06/27 21:29:18 HTTP/2.0 200 OK
Cache-Control: private
Content-Type: application/json
Date: Mon, 27 Jun 2022 21:29:18 GMT
Docker-Distribution-Api-Version: registry/2.0
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0


2022/06/27 21:29:18 --> GET https://registry.k8s.io/v2/kubernetes/pause/manifests/3.3
2022/06/27 21:29:18 GET /v2/kubernetes/pause/manifests/3.3 HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept: application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json
Authorization: <redacted>
Accept-Encoding: gzip


2022/06/27 21:29:18 <-- 308 https://registry.k8s.io/v2/kubernetes/pause/manifests/3.3 (12.978989ms)
2022/06/27 21:29:18 HTTP/2.0 308 Permanent Redirect
Content-Length: 88
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:29:18 GMT
Location: https://k8s.gcr.io/v2/kubernetes/pause/manifests/3.3
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: cc5bcde3ca85c4a0c98c12a830361c73

<a href="https://k8s.gcr.io/v2/kubernetes/pause/manifests/3.3">Permanent Redirect</a>.


2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/kubernetes/pause/manifests/3.3
2022/06/27 21:29:18 GET /v2/kubernetes/pause/manifests/3.3 HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept: application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json
Referer: https://registry.k8s.io/v2/kubernetes/pause/manifests/3.3
Accept-Encoding: gzip


2022/06/27 21:29:18 <-- 200 https://k8s.gcr.io/v2/kubernetes/pause/manifests/3.3 (42.748748ms)
2022/06/27 21:29:18 HTTP/2.0 200 OK
Content-Length: 1694
Content-Type: application/vnd.docker.distribution.manifest.list.v2+json
Date: Mon, 27 Jun 2022 21:29:18 GMT
Docker-Content-Digest: sha256:a319ac2280eb7e3a59e252e54b76327cb4a33cf8389053b0d78277f22bbca2fa
Docker-Distribution-Api-Version: registry/2.0
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 526,
         "digest": "sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 526,
         "digest": "sha256:a0171a0d58c0ae1a277bff097f8d38e0985b4343f396d2fa8810d3d59fbdf872",
         "platform": {
            "architecture": "arm",
            "os": "linux",
            "variant": "v7"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 526,
         "digest": "sha256:9c4504dfea56cb8ce6e32432c5fd47afd3ce0f3c317165baa39f60eff4a7af24",
         "platform": {
            "architecture": "arm64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 526,
         "digest": "sha256:972339de7b2584efd6c8b7e78cc7a769b445febf4c150ade780fbbcdc5308c60",
         "platform": {
            "architecture": "ppc64le",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 526,
         "digest": "sha256:91403ca32837caf28cc20fa087f4065eb6f66681302d9b583d071ba65b2b462a",
         "platform": {
            "architecture": "s390x",
            "os": "linux"
         }
      }
   ]
}
2022/06/27 21:29:18 --> GET https://registry.k8s.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
2022/06/27 21:29:18 GET /v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept: application/vnd.docker.distribution.manifest.v2+json
Authorization: <redacted>
Accept-Encoding: gzip


2022/06/27 21:29:18 <-- 308 https://registry.k8s.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b (12.397418ms)
2022/06/27 21:29:18 HTTP/2.0 308 Permanent Redirect
Content-Length: 156
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:29:18 GMT
Location: https://k8s.gcr.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: baf28dfc0bad5de970106a2ddabf4954

<a href="https://k8s.gcr.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b">Permanent Redirect</a>.


2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
2022/06/27 21:29:18 GET /v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Accept: application/vnd.docker.distribution.manifest.v2+json
Referer: https://registry.k8s.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
Accept-Encoding: gzip


2022/06/27 21:29:18 <-- 200 https://k8s.gcr.io/v2/kubernetes/pause/manifests/sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b (36.574657ms)
2022/06/27 21:29:18 HTTP/2.0 200 OK
Content-Length: 526
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Date: Mon, 27 Jun 2022 21:29:18 GMT
Docker-Content-Digest: sha256:de361176a97942ea59f238a88743f22dbd5684225974447df1f476817714499b
Docker-Distribution-Api-Version: registry/2.0
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 743,
      "digest": "sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 296517,
         "digest": "sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b"
      }
   ]
}
2022/06/27 21:29:18 --> GET https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
2022/06/27 21:29:18 GET /v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Authorization: <redacted>
Accept-Encoding: gzip


2022/06/27 21:29:18 <-- 308 https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da (13.546569ms)
2022/06/27 21:29:18 HTTP/2.0 308 Permanent Redirect
Content-Length: 152
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:29:18 GMT
Location: https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: f6df5afb7f2c510f0249a677865ab484

<a href="https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da">Permanent Redirect</a>.


2022/06/27 21:29:18 --> GET https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
2022/06/27 21:29:18 GET /v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
Accept-Encoding: gzip


2022/06/27 21:29:19 <-- 302 https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da (73.829694ms)
2022/06/27 21:29:19 HTTP/2.0 302 Found
Cache-Control: private
Content-Type: application/json
Date: Mon, 27 Jun 2022 21:29:19 GMT
Docker-Distribution-Api-Version: registry/2.0
Location: https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{"errors":[]}
2022/06/27 21:29:19 --> GET https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
2022/06/27 21:29:19 GET /us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da HTTP/1.1
Host: storage.googleapis.com
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da
Accept-Encoding: gzip


2022/06/27 21:29:19 <-- 200 https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:0184c1613d92931126feb4c548e5da11015513b9e4c104e7305ee8b53b50a9da (7.60083ms)
2022/06/27 21:29:19 HTTP/2.0 200 OK
Content-Length: 743
Accept-Ranges: bytes
Age: 3061
Cache-Control: public, max-age=3600
Content-Type: application/octet-stream
Date: Mon, 27 Jun 2022 20:38:18 GMT
Etag: "0359b2e0a8a16431d492e25acbc96060"
Expires: Mon, 27 Jun 2022 21:38:18 GMT
Last-Modified: Sat, 02 May 2020 11:30:26 GMT
Server: UploadServer
X-Goog-Generation: 1588419026716444
X-Goog-Hash: crc32c=Ro1FHw==
X-Goog-Hash: md5=A1my4KihZDHUkuJay8lgYA==
X-Goog-Metageneration: 1
X-Goog-Storage-Class: STANDARD
X-Goog-Stored-Content-Encoding: identity
X-Goog-Stored-Content-Length: 743
X-Guploader-Uploadid: ADPycdtsD0_exXDAB2sWgElZUOTRKxqoD1liy0roZ2-dxlYi8g18Bjgw_EIf0F1pwXLCQ3-226gG7tqYBDtfkcOTYiEnSQ

{"architecture":"amd64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Entrypoint":["/pause"],"WorkingDir":"/","OnBuild":null},"created":"2020-05-02T09:46:29.068489061Z","history":[{"created":"2020-05-02T09:46:29.068489061Z","created_by":"ARG ARCH","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2020-05-02T09:46:29.068489061Z","created_by":"ADD bin/pause-amd64 /pause # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2020-05-02T09:46:29.068489061Z","created_by":"ENTRYPOINT [\"/pause\"]","comment":"buildkit.dockerfile.v0","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:48a5e87615149095fad57d5db80f2cd9728b5562900eccb32842a45e8e8a61ae"]}}
2022/06/27 21:29:19 --> GET https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 GET /v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b HTTP/1.1
Host: registry.k8s.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Authorization: <redacted>
Accept-Encoding: gzip


2022/06/27 21:29:19 <-- 308 https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b (14.525489ms) [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 HTTP/2.0 308 Permanent Redirect
Content-Length: 152
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Jun 2022 21:29:19 GMT
Location: https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b
Server: Google Frontend
Via: 1.1 google
X-Cloud-Trace-Context: 1d288977a3d555348d511c3d7c38abc9


2022/06/27 21:29:19 --> GET https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 GET /v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b HTTP/1.1
Host: k8s.gcr.io
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://registry.k8s.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b
Accept-Encoding: gzip


2022/06/27 21:29:19 <-- 302 https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b (32.950498ms) [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 HTTP/2.0 302 Found
Cache-Control: private
Content-Type: application/json
Date: Mon, 27 Jun 2022 21:29:19 GMT
Docker-Distribution-Api-Version: registry/2.0
Location: https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b
Server: Docker Registry
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0


2022/06/27 21:29:19 --> GET https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 GET /us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b HTTP/1.1
Host: storage.googleapis.com
User-Agent: gcrane/0.10.0 go-containerregistry/0.10.0
Referer: https://k8s.gcr.io/v2/kubernetes/pause/blobs/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b
Accept-Encoding: gzip


2022/06/27 21:29:19 <-- 200 https://storage.googleapis.com/us.artifacts.k8s-artifacts-prod.appspot.com/containers/images/sha256:aeab776c48375e1a61810a0a5f59e982e34425ff505a01c2b57dcedc6799c17b (2.5075ms) [body redacted: omitting binary blobs from logs]
2022/06/27 21:29:19 HTTP/2.0 200 OK
Content-Length: 296517
Accept-Ranges: bytes
Age: 3061
Cache-Control: public, max-age=3600
Content-Type: application/octet-stream
Date: Mon, 27 Jun 2022 20:38:18 GMT
Etag: "50d939767981cbef447a2d64207b6855"
Expires: Mon, 27 Jun 2022 21:38:18 GMT
Last-Modified: Sat, 02 May 2020 11:30:26 GMT
Server: UploadServer
X-Goog-Generation: 1588419026785955
X-Goog-Hash: crc32c=QPo/bA==
X-Goog-Hash: md5=UNk5dnmBy+9Eei1kIHtoVQ==
X-Goog-Metageneration: 1
X-Goog-Storage-Class: STANDARD
X-Goog-Stored-Content-Encoding: identity
X-Goog-Stored-Content-Length: 296517
X-Guploader-Uploadid: ADPycduHp5CWisIdIPMXWnQ7dK9z5JKyJHy6I7u0iy7UxyCkkemd4FFuum5isOVnT-M2apNKDm4E-25RCnneyX4BZBBlIw

from registry.k8s.io.

BenTheElder commented on July 28, 2024

Apply 3904 to the prod project and modify each cloud run instance's UPSTREAM_REGISTRY to point to the closest gcr.io/k8s-artifacts-prod registry

We can't do that without another small change first, because of #77 (comment)

Ben, do we need to cut out the k8s.gcr.io hop and go to GCR directly?

yep, the goal is to remove the k8s.gcr.io hop so we have the option to redirect it to registry.k8s.io.
and that works with some small changes. I split off the 200 OK piece, need to go back and split off the other part, should get it this week, just at an event right now.

I think we should move AR discussion to a follow-up issue, and keep this one to not depending on the k8s.gcr.io regionalizing.
I think that's the most pressing step, and a prerequesite for switching to AR.
AR also needs discussion with release / image promoter tools owners.

from registry.k8s.io.

upodroid commented on July 28, 2024

/assign

from registry.k8s.io.

regionalize GCR in oci-proxy about registry.k8s.io HOT 11 CLOSED

Comments (11)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent