Merge pull request #14829 from RichardScothern/registry-tls

Configure TLS for private v2 registry mirrors.
This commit is contained in:
Tibor Vass 2015-07-21 19:23:39 -04:00
commit 549e64205f

View File

@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"net/url"
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
@ -161,19 +162,31 @@ func (s *Service) TlsConfig(hostname string) (*tls.Config, error) {
return &tlsConfig, nil return &tlsConfig, nil
} }
func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) {
mirrorUrl, err := url.Parse(mirror)
if err != nil {
return nil, err
}
return s.TlsConfig(mirrorUrl.Host)
}
func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err error) { func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err error) {
var cfg = tlsconfig.ServerDefault var cfg = tlsconfig.ServerDefault
tlsConfig := &cfg tlsConfig := &cfg
if strings.HasPrefix(repoName, DEFAULT_NAMESPACE+"/") { if strings.HasPrefix(repoName, DEFAULT_NAMESPACE+"/") {
// v2 mirrors // v2 mirrors
for _, mirror := range s.Config.Mirrors { for _, mirror := range s.Config.Mirrors {
mirrorTlsConfig, err := s.tlsConfigForMirror(mirror)
if err != nil {
return nil, err
}
endpoints = append(endpoints, APIEndpoint{ endpoints = append(endpoints, APIEndpoint{
URL: mirror, URL: mirror,
// guess mirrors are v2 // guess mirrors are v2
Version: APIVersion2, Version: APIVersion2,
Mirror: true, Mirror: true,
TrimHostname: true, TrimHostname: true,
TLSConfig: tlsConfig, TLSConfig: mirrorTlsConfig,
}) })
} }
// v2 registry // v2 registry
@ -184,18 +197,6 @@ func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err
TrimHostname: true, TrimHostname: true,
TLSConfig: tlsConfig, TLSConfig: tlsConfig,
}) })
// v1 mirrors
// TODO(tiborvass): shouldn't we remove v1 mirrors from here, since v1 mirrors are kinda special?
for _, mirror := range s.Config.Mirrors {
endpoints = append(endpoints, APIEndpoint{
URL: mirror,
// guess mirrors are v1
Version: APIVersion1,
Mirror: true,
TrimHostname: true,
TLSConfig: tlsConfig,
})
}
// v1 registry // v1 registry
endpoints = append(endpoints, APIEndpoint{ endpoints = append(endpoints, APIEndpoint{
URL: DEFAULT_V1_REGISTRY, URL: DEFAULT_V1_REGISTRY,