Container image virtual registry: database models
The models for the docker virtual registry should closely follow what has been done for the Maven virtual registry.
Here is the schema:
classDiagram
class Reg["VirtualRegistries::Containers::Registry"]
Reg : Fkey group_id
Reg : Pkey id
Reg : String name (max 255)
Reg : String description (max 1024)
class RegU["VirtualRegistries::Containers::RegistryUpstream"]
RegU: Fkey group_id
RegU: Fkey registry_id
RegU: Fkey upstream_id
RegU: smallint position (default 1. Between 1 and 5).
class U["VirtualRegistries::Containers::Upstream"]
U : Fkey group_id
U : Pkey id
U : String url (required)
U : smallint cache_validity_hours (default 24)
U : jsonb credentials (AR encrypted)
class CR["VirtualRegistries::Containers::Cache::Entry"]
CR : Fkey group_id
CR : Pkey id
CR : Fkey upstream_id
CR : Timestamp upstream_checked_at
CR : Integer size
CR : SmallInt status
CR : String relative_path
CR : String file
CR : String object_storage_key
CR : String upstream_etag
CR : String content_type
CR : file_md5 bytea
CR : file_sha1 bytea
Reg "1" --> "0..*" RegU
RegU "1" --> "1" U
U "1" --> "0..*" CRHere are the details:
VirtualRegistries::Containers::Registry This is the parent/root object of the virtual registry system. Fields are pretty straightforward. This should mirror virtual_registries_packages_maven_registries.
VirtualRegistries::Containers::RegistryUpstream This is the join model that connects a registry and an upstream. The important field here is the position as it defines the ordered list of upstreams for a given registry. This should mirror virtual_registries_packages_maven_registry_upstreams.
VirtualRegistries::Containers::Upstream This is what models the upstram container registry. It is mainly defined by an url and the optional credentials. These credentials should be encrypted with ActiveRecord. The credentials field should be a json structure with different keys. For starters, we're going to accept username and password (long lived tokens) but down the road, we will have other ways to authenticate against the upstream (short lived tokens such as IAM services). This should mirror virtual_registries_packages_maven_upstreams.
VirtualRegistries::Containers::Cache::Entry This is what stores the object storage file reference. The majority of the fields are mostly for describing the file stored on object storage. The crucial aspect here is that we expect this table to be very large, thus it should be partitioned (see !174985 (merged)). This should mirror virtual_registries_packages_maven_cache_entries_00.
⚙️ Technical aspects
- Use multiple MRs. In particular, the cache entry table creation should go into its own table.
-
VirtualRegistries::Containersas a namespace might not be great. This is open for updates.
🛠️ Implementation plan
-
Container image virtual registry: database models (#548783 - closed) • Adie (she/her), Radamanthus Batnag • 18.5 • Needs attention
👈 - Container image virtual registry: cache entry s... (#549103 - closed) • Radamanthus Batnag • 18.5 • On track
- Container image virtual registry: upstream serv... (#549104 - closed) • Adie (she/her) • 18.4
- Container image virtual registry: handle file r... (#549134 - closed) • Adie (she/her) • 18.6
- Container image virtual registry: manage APIs (... (#548794 - closed) • Adie (she/her) • 18.5 • On track
- Container image virtual registry: push/pull end... (#549131) • Radamanthus Batnag • 18.6
- Container image virtual registry: performance r... (#549136) • Unassigned • Backlog
- Container image virtual registry: documentation... (#549138 - closed) • Adie (she/her) • 18.6
- Container image virtual registry: additional fe... (#549470) • Unassigned • Backlog