Mirror configuration for registries

[sylvainOL]

Hello,
first thanks for the work!

I'm looking at it and I've found something that may be a blocker for us: use of mirrors

We deploy our kubernetes in airgap environment and we configure the mirrors in containerd.
That means that on the "kubernetes side", you don't see the mirrors but they are present...

Would it be feasible to add a configuration for mirror registries?

would be awesome :)

[ckotzbauer]

Hey @sylvainOL,

thanks for opening this feature request!

I understood, the images are pulled from a proxy, but Kubernetes doesn't know about it. This should be possible to add a configuration for this. Let me think about how this can be implemented.

[ckotzbauer]

Hi @sylvainOL,
I implemented a simple proxy-mechanism which should achieve your use-case.
This is published as ghcr.io/ckotzbauer/sbom-operator:0.23.0-beta.0
The operator has a new --proxy-registry flag now, which can be used multiple times to add host-mappings like this:

--proxy-registry docker.io=ghcr.io

This would pull all images which are declared as Docker-Hub-Images from ghcr.io instead. Ports are also supported.

Can you please have a look and give feedback, if this fits your needs?
Thanks!

[ckotzbauer]

Ping @sylvainOL

[sylvainOL]

Hi @ckotzbauer,

thanks for the proposal.

I'm unfortunately in a rush for deployment these days.

I plan to recheck everything on SBOM starting january sorry.

I think it should cover our use case anyway :) and my go skills are too low to review your code :(

But, if I can add several times --proxy-registry, it's good!

[ckotzbauer]

No worry. The parameter can be added multiple times.
With this, I would integrate this feature and when you need anything or we have to refine the feature, then just let me know :)