From 5c4ef315d3d5a0647a99730138ce7815704a38d7 Mon Sep 17 00:00:00 2001 From: Ian MacDougall Date: Wed, 6 Jun 2018 14:25:57 +0100 Subject: [PATCH 1/2] feat: add ability to specify a masquerade URL in the registry mirror --- mirroroperator/registrymirror.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mirroroperator/registrymirror.py b/mirroroperator/registrymirror.py index 0c4902a..735430b 100644 --- a/mirroroperator/registrymirror.py +++ b/mirroroperator/registrymirror.py @@ -27,6 +27,7 @@ def __init__(self, event_type, namespace, hostess_docker_registry, self.daemon_set_name = self.full_name + "-utils" self.apiVersion = kwargs.get("apiVersion") self.upstreamUrl = kwargs.get("spec", {}).get("upstreamUrl") + self.masqueradeUrl = kwargs.get("spec", {}).get("masqueradeUrl", "mirror-"+self.upstreamUrl) self.credentials_secret_name = kwargs.get( "spec", {}).get("credentialsSecret") self.image_pull_secrets = kwargs["image_pull_secrets"] or "" @@ -139,7 +140,7 @@ def generate_daemon_set(self, daemon_set): value=self.namespace), client.V1EnvVar( name="SHADOW_FQDN", - value="mirror-"+self.upstreamUrl), + value=self.masqueradeUrl), client.V1EnvVar( name="HOSTS_FILE", value="/etc/hosts_from_host"), @@ -225,7 +226,7 @@ def generate_daemon_set(self, daemon_set): client.V1Volume( name="docker-certs", host_path=client.V1HostPathVolumeSource( - path="/etc/docker/certs.d/mirror-{}".format(self.upstreamUrl) + path="/etc/docker/certs.d/{}".format(self.masqueradeUrl) ), ), client.V1Volume( From e3ec493afb3aa8110f7102475f3c926f3df62fa1 Mon Sep 17 00:00:00 2001 From: Ian MacDougall Date: Thu, 7 Jun 2018 15:08:16 +0100 Subject: [PATCH 2/2] docs: add in documentation for the masqueradeUrl option --- README.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0f1d30b..284088b 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,18 @@ spec: upstreamUrl: hub.docker.io ``` +You can, optionally, specify a masqueradeUrl in the RegistryMirror object spec. If you do this then the daemonsets that run the [mirror-hostess][mirror-hostess] docker image will add a hosts entry to each node that points the service associated with a RegistryMirror to the hostname in the masqueradeUrl. This allows you to masquerade one hostname for a mirror to another. In the following example local.docker.io would point to the service IP: + +```yaml +apiVersion: k8s.osp.tech/v1 +kind: RegistryMirror +metadata: + name: docker +spec: + upstreamUrl: hub.docker.io + masqueradeUrl: local.docker.io +``` + If you have a username/password which must be used to access the upstream mirror, you can add a `credentialsSecret` key to the spec, who's value should be the name of the secret, e.g: ```yaml @@ -68,9 +80,10 @@ spec: credentialsSecret: internal-mirror ``` -The operator will then deploy a daemon set, stateful set, service and headless service in whichever namespace is configured. We generally expect this to be default. These will all be named `registry-mirror-`, with the exception of the headless service which will be named `registry-mirror--headless`. +The operator will then deploy a daemonset, statefulset, service and headless service in whichever namespace is configured. We generally expect this to be default. These will all be named `registry-mirror-`, with the exception of the headless service which will be named `registry-mirror--headless`. You can get all the elements of your mirror using - `kubectl get ds,statefulset,svc,registrymirror -l mirror= -n default`. If you wish to update the secret or URL, all you need to do is change it in the `RegistryMirror` manifest and the operator will handle updates. [operators]: https://coreos.com/blog/introducing-operators.html +[mirror-hostess]: https://github.com/ocadotechnology/mirror-hostess