You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am currently trying to evaluate the feasibility of writing a C-ICAP service that modifies the requests to an external container registry in order to reroute them to a private registry.
The following sequence diagram outlines more in detail what I am trying to achieve:
sequenceDiagram
Docker->>Squid: GET https://registry-1.docker.io/v2/
Note right of Squid: Rewrite https://registry-1.docker.io/v2/<br/>to https://harbor.example.org/v2/
Squid->>Harbor: GET https://harbor.example.org/v2/
Harbor->>Squid: WWW-Authenticate: Bearer<br/>realm="https://harbor.example.org/service/token"<br/>service="harbor-registry"
Note left of Squid: Rewrite realm="https://harbor.example.org/service/token"<br/>to realm="https://registry-1.docker.io/service/token"
Squid->>Docker: WWW-Authenticate: Bearer<br/>realm="https://registry-1.docker.io/service/token"<br/>service="harbor-registry"
Docker->>Squid: GET https://registry-1.docker.io/service/token?<br/>scope=repository%3Alibrary%2Fdebian%3Apull&service=harbor-registry
Note right of Squid: Rewrite https://registry-1.docker.io/service/token?<br/>scope=repository%3Alibrary%2Fdebian%3Apull&service=harbor-registry<br/>to https://harbor.example.org/service/token?<br/>scope=repository%3Aregistry-1.docker.io%2Flibrary%2Fdebian%3Apull&service=harbor-registry
Squid->>Harbor: GET https://harbor.example.org/service/token?<br/>scope=repository%3Aregistry-1.docker.io%2Flibrary%2Fdebian%3Apull&service=harbor-registry
Harbor->>Squid:
Squid->>Docker:
Docker->>Squid: HEAD https://registry-1.docker.io/v2/library/debian/manifests/latest
Note right of Squid: Rewrite https://registry-1.docker.io/v2/library/debian/manifests/latest<br/>to https://harbor.example.org/v2/registry-1.docker.io/library/debian/manifests/latest
Squid->>Harbor: HEAD https://harbor.example.org/v2/registry-1.docker.io/library/debian/manifests/latest
Harbor->>Squid:
Squid->>Docker:
Docker->>Squid: GET https://registry-1.docker.io/v2/library/debian/manifests/sha256:...
Note right of Squid: Rewrite https://registry-1.docker.io/v2/library/debian/manifests/sha256:...<br/>to https://harbor.example.org/v2/registry-1.docker.io/library/debian/manifests/sha256:...
Squid->>Harbor: GET https://harbor.example.org/v2/registry-1.docker.io/library/debian/manifests/sha256:...
Harbor->>Squid:
Squid->>Docker:
Loading
I currently have the following questions:
Is it possible to modify the requested URI? (e.g. /v2/library/debian/manifests/latest to /v2/registry-1.docker.io/library/debian/manifests/latest) In contrast to the headers, I could not find an appropriate function.
As no modification of the body should be required: Is it necessary to implement mod_service_io?
In which function should the modification of the headers be performed?
Are there any best-practices on how to deal with ICAP clients that do not support certain features (e.g. Message Preview)?
Does C-ICAP have any limitations that could render this task unfeasible?
Thank you in advance for any advice provided!
The text was updated successfully, but these errors were encountered:
Hi @chtsanti!
I am currently trying to evaluate the feasibility of writing a C-ICAP service that modifies the requests to an external container registry in order to reroute them to a private registry.
The following sequence diagram outlines more in detail what I am trying to achieve:
sequenceDiagram Docker->>Squid: GET https://registry-1.docker.io/v2/ Note right of Squid: Rewrite https://registry-1.docker.io/v2/<br/>to https://harbor.example.org/v2/ Squid->>Harbor: GET https://harbor.example.org/v2/ Harbor->>Squid: WWW-Authenticate: Bearer<br/>realm="https://harbor.example.org/service/token"<br/>service="harbor-registry" Note left of Squid: Rewrite realm="https://harbor.example.org/service/token"<br/>to realm="https://registry-1.docker.io/service/token" Squid->>Docker: WWW-Authenticate: Bearer<br/>realm="https://registry-1.docker.io/service/token"<br/>service="harbor-registry" Docker->>Squid: GET https://registry-1.docker.io/service/token?<br/>scope=repository%3Alibrary%2Fdebian%3Apull&service=harbor-registry Note right of Squid: Rewrite https://registry-1.docker.io/service/token?<br/>scope=repository%3Alibrary%2Fdebian%3Apull&service=harbor-registry<br/>to https://harbor.example.org/service/token?<br/>scope=repository%3Aregistry-1.docker.io%2Flibrary%2Fdebian%3Apull&service=harbor-registry Squid->>Harbor: GET https://harbor.example.org/service/token?<br/>scope=repository%3Aregistry-1.docker.io%2Flibrary%2Fdebian%3Apull&service=harbor-registry Harbor->>Squid: Squid->>Docker: Docker->>Squid: HEAD https://registry-1.docker.io/v2/library/debian/manifests/latest Note right of Squid: Rewrite https://registry-1.docker.io/v2/library/debian/manifests/latest<br/>to https://harbor.example.org/v2/registry-1.docker.io/library/debian/manifests/latest Squid->>Harbor: HEAD https://harbor.example.org/v2/registry-1.docker.io/library/debian/manifests/latest Harbor->>Squid: Squid->>Docker: Docker->>Squid: GET https://registry-1.docker.io/v2/library/debian/manifests/sha256:... Note right of Squid: Rewrite https://registry-1.docker.io/v2/library/debian/manifests/sha256:...<br/>to https://harbor.example.org/v2/registry-1.docker.io/library/debian/manifests/sha256:... Squid->>Harbor: GET https://harbor.example.org/v2/registry-1.docker.io/library/debian/manifests/sha256:... Harbor->>Squid: Squid->>Docker:I currently have the following questions:
/v2/library/debian/manifests/latestto/v2/registry-1.docker.io/library/debian/manifests/latest) In contrast to the headers, I could not find an appropriate function.mod_service_io?Thank you in advance for any advice provided!
The text was updated successfully, but these errors were encountered: