Dependency proxy for containers
What does this MR do?
Adds dependency proxy feature for container registry.
Implementation details:
- Only docker hub is supported in initial version.
- Downloads blobs from docker hub and saves in GitLab storage.
- Relies on docker hub for manifest files.
- UI and Documentation will be in separate MR https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10386
- Only one dependency proxy per group is supported for now.
- By default feature is enabled in config but disabled on group level. You need rails console to enable it for each group. UI to enable the feature coming in https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10386
- Feature requires Puma web server. Disabled otherwise. Run GDK with
EXPERIMENTAL_PUMA=1
to test the feature - Docker pull does not like
/-/
in routing so we usedocker pull example.com/foo/dependency_proxy/containers/alpine
instead ofdocker pull example.com/foo/-/dependency_proxy/containers/alpine
- Works
What are the relevant issue numbers?
https://gitlab.com/gitlab-org/gitlab-ee/issues/7934
How to test
Steps necessary:
- Just pull the branch
- Enable dependency proxy in
config/gitlab.yml
- Restart GDK
- Enable dependency proxy for specific group via rails console.
Group.first.create_dependency_proxy_setting(enabled: true)
- Try to pull some random image from Docker Hub via GitLab group:
docker pull localhost:3001/GROUP_NAME/dependency_proxy/containers/alpine
docker pull localhost:3001/GROUP_NAME/dependency_proxy/containers/ruby:2.5.3-alpine
You should see blobs appeared in shared/registry_proxy
directory. All blobs are served from that directory. But if missing, blobs are downloaded from Docker Hub first.
Links
- Issue - https://gitlab.com/gitlab-org/gitlab-ee/issues/7934
- Backend - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10676, https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10681, https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9750
- UI - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10386
- Docs - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/12210
- Config - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10675, omnibus-gitlab!3206 (merged)
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process. -
EE specific content should be in the top level /ee
folder -
For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan? -
Security reports checked/validated by reviewer
Edited by Dmytro Zaporozhets (DZ)