Skip to content

Dependency proxy for containers

Dmytro Zaporozhets (DZ) requested to merge dz-registry-proxy into master

What does this MR do?

Adds dependency proxy feature for container registry.

Implementation details:

  1. Only docker hub is supported in initial version.
  2. Downloads blobs from docker hub and saves in GitLab storage.
  3. Relies on docker hub for manifest files.
  4. UI and Documentation will be in separate MR https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10386
  5. Only one dependency proxy per group is supported for now.
  6. By default feature is enabled in config but disabled on group level. You need rails console to enable it for each group. UI to enable the feature coming in https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10386
  7. Feature requires Puma web server. Disabled otherwise. Run GDK with EXPERIMENTAL_PUMA=1 to test the feature
  8. Docker pull does not like /-/ in routing so we use docker pull example.com/foo/dependency_proxy/containers/alpine instead of docker pull example.com/foo/-/dependency_proxy/containers/alpine
  9. Works

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ee/issues/7934

How to test

Steps necessary:

  1. Just pull the branch
  2. Enable dependency proxy in config/gitlab.yml
  3. Restart GDK
  4. Enable dependency proxy for specific group via rails console. Group.first.create_dependency_proxy_setting(enabled: true)
  5. Try to pull some random image from Docker Hub via GitLab group:
docker pull localhost:3001/GROUP_NAME/dependency_proxy/containers/alpine
docker pull localhost:3001/GROUP_NAME/dependency_proxy/containers/ruby:2.5.3-alpine

You should see blobs appeared in shared/registry_proxy directory. All blobs are served from that directory. But if missing, blobs are downloaded from Docker Hub first.

Links

Does this MR meet the acceptance criteria?

Edited by Dmytro Zaporozhets (DZ)

Merge request reports