Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feat][Credential Provider] Registry mirror mapping #6845

Closed
lzhecheng opened this issue Aug 19, 2024 · 1 comment · Fixed by #6846
Closed

[Feat][Credential Provider] Registry mirror mapping #6845

lzhecheng opened this issue Aug 19, 2024 · 1 comment · Fixed by #6846
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@lzhecheng
Copy link
Contributor

lzhecheng commented Aug 19, 2024
edited
Loading

What would you like to be added:

Need a new feature to support registry mirror mapping for credential provider. For example, the image URL is mcr.microsoft.com/test/acronly:dev, and credential provider fetches credential from xxx.azurecr.io ACR.

Steps:

  1. docker push an image to an ACR xxx.azurecr.io/test/acronly:dev and set annonymous pull to false
  2. Set up containerd config on Node
server = "https://mcr.microsoft.com"

[host."https://xxx.azurecr.io"]
  capabilities = ["pull", "resolve"]
  1. Set up /var/lib/kubelet/credential-provider-config.yaml
apiVersion: kubelet.config.k8s.io/v1
kind: CredentialProviderConfig
providers:
  - name: acr-credential-provider
    matchImages:
      - "*.azurecr.io"
      - "*.azurecr.cn"
      - "*.azurecr.de"
      - "*.azurecr.us"
      - "mcr.microsoft.com"
    defaultCacheDuration: "10m"
    apiVersion: credentialprovider.kubelet.k8s.io/v1
    args:
      - /etc/kubernetes/azure.json
      - --mirror-mapping=mcr.microsoft.com:xxx.azurecr.io
  1. Create a Pod using image mcr.microsoft.com/test/acronly:dev and image pull is successful

Why is this needed:

Credential provider supports registry host namespace in containerd config
@lzhecheng lzhecheng added the kind/feature Categorizes issue or PR as related to a new feature. label Aug 19, 2024
@lzhecheng lzhecheng mentioned this issue Aug 19, 2024
Merged
@lzhecheng
Copy link
Contributor Author 

zhechengli@devbox:~$ kgpo
NAME                      READY   STATUS    RESTARTS        AGE
busybox-cd5485c9d-d5db2   1/1     Running   1 (5m23s ago)   65m
zhechengli@devbox:~$ kdpo busybox-cd5485c9d-d5db2
Name:         busybox-cd5485c9d-d5db2
Namespace:    default
Priority:     0
...
Containers:
  busybox:
    Container ID:  containerd://a886b73539abea83e596b1d76622be472252ff9d6bf768fc4c8ecf0d47ff15ff
    Image:         mcr.microsoft.com/test/acronly:dev
...
Events:
  Type    Reason   Age                  From     Message
  ----    ------   ----                 ----     -------
  Normal  Pulling  5m28s (x2 over 65m)  kubelet  Pulling image "mcr.microsoft.com/test/acronly:dev"
  Normal  Created  5m26s (x2 over 65m)  kubelet  Created container busybox
  Normal  Started  5m26s (x2 over 65m)  kubelet  Started container busybox
  Normal  Pulled   5m26s                kubelet  Successfully pulled image "mcr.microsoft.com/test/acronly:dev" in 1.14s (1.14s including waiting). Image size: 774778 bytes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[credential provider] Add a flag mirrorMapping lzhecheng/cloud-provider-azure
1 participant
@lzhecheng