diff options
author | Daniil Baturin <daniil@vyos.io> | 2025-03-11 16:22:12 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2025-03-11 16:22:12 +0000 |
commit | 2b0b323f6ebea2bdf6cb699508cc1b5c074ab2b8 (patch) | |
tree | 800ce43e1460c3b9a4554d36d5bcbf3fb0cb9036 | |
parent | b70e3686981e08e69938d6879575ca3f0f9adfbe (diff) | |
parent | a8e0f015ea91859163ac9befad8a6e8ac68dec9a (diff) | |
download | vyos-1x-2b0b323f6ebea2bdf6cb699508cc1b5c074ab2b8.tar.gz vyos-1x-2b0b323f6ebea2bdf6cb699508cc1b5c074ab2b8.zip |
Merge pull request #4321 from sskaje/T7092
T7092: Add Container Registry Mirror
-rw-r--r-- | data/templates/container/registries.conf.j2 | 10 | ||||
-rw-r--r-- | interface-definitions/container.xml.in | 48 | ||||
-rwxr-xr-x | src/conf_mode/container.py | 7 |
3 files changed, 65 insertions, 0 deletions
diff --git a/data/templates/container/registries.conf.j2 b/data/templates/container/registries.conf.j2 index eb7ff8775..b5c7eed9b 100644 --- a/data/templates/container/registries.conf.j2 +++ b/data/templates/container/registries.conf.j2 @@ -28,4 +28,14 @@ {% set _ = registry_list.append(r) %} {% endfor %} unqualified-search-registries = {{ registry_list }} +{% for r, r_options in registry.items() if r_options.disable is not vyos_defined %} +[[registry]] +{% if r_options.mirror is vyos_defined %} +location = "{{ r_options.mirror.host_name if r_options.mirror.host_name is vyos_defined else r_options.mirror.address }}{{ ":" + r_options.mirror.port if r_options.mirror.port is vyos_defined }}{{ r_options.mirror.path if r_options.mirror.path is vyos_defined }}" +{% else %} +location = "{{ r }}" +{% endif %} +insecure = {{ 'true' if r_options.insecure is vyos_defined else 'false' }} +prefix = "{{ r }}" +{% endfor %} {% endif %} diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index 5c320e8c6..3a5cfbaa6 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -571,6 +571,54 @@ <children> #include <include/interface/authentication.xml.i> #include <include/generic-disable-node.xml.i> + <leafNode name="insecure"> + <properties> + <help>Allow registry access over unencrypted HTTP or TLS connections with untrusted certificates</help> + <valueless/> + </properties> + </leafNode> + <node name="mirror"> + <properties> + <help>Registry mirror, use host-name|address[:port][/path]</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address of container registry mirror</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of container registry mirror</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of container registry mirror</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ipv6-link-local"/> + </constraint> + </properties> + </leafNode> + <leafNode name="host-name"> + <properties> + <help>Hostname of container registry mirror</help> + <valueHelp> + <format>hostname</format> + <description>FQDN of container registry mirror</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + #include <include/port-number.xml.i> + <leafNode name="path"> + <properties> + <help>Path of container registry mirror, optional, must be start with '/' if not empty</help> + </properties> + </leafNode> + </children> + </node> </children> </tagNode> </children> diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index 3636b0871..18d660a4e 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -289,6 +289,13 @@ def verify(container): if 'registry' in container: for registry, registry_config in container['registry'].items(): + if 'mirror' in registry_config: + if 'host_name' in registry_config['mirror'] and 'address' in registry_config['mirror']: + raise ConfigError(f'Container registry mirror address/host-name are mutually exclusive!') + + if 'path' in registry_config['mirror'] and not registry_config['mirror']['path'].startswith('/'): + raise ConfigError('Container registry mirror path must start with "/"!') + if 'authentication' not in registry_config: continue if not {'username', 'password'} <= set(registry_config['authentication']): |