server

package

v1.3.0-alpha.0 Latest Latest Go to latest Published: Apr 25, 2016 License: Apache-2.0 Imports: 37 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.imxd.top/openshift/origin

Documentation ¶

Overview ¶

Package server wraps repository and blob store objects of docker/distribution upstream. Most significantly, the wrappers cause manifests to be stored in OpenShift's etcd store instead of registry's storage. Registry's middleware API is utilized to register the object factories.

Module with quotaRestrictedBlobStore defines a wrapper for upstream blob store that does an image quota check before committing image layer to a registry. Master server contains admission check that will refuse the manifest if the image exceeds whatever quota set. But the check occurs too late (after the layers are written). This addition allows us to refuse the layers and thus keep the storage clean.

There are few things to keep in mind:

Origin master calculates image sizes from the contents of the layers. Registry, on the other hand, deals with layers themselves that contain some overhead required to store file attributes, and the layers are compressed. Thus we compare apples with pears. The check is primarily useful when the quota is already almost reached.
During a push, multiple layers are uploaded. Uploaded layer does not raise the usage of any resource. The usage will be raised during admission check once the manifest gets uploaded.
Here, we take into account just a single layer, not the image as a whole because the layers are uploaded before the manifest.
This leads to a situation where several layers can be written until a big enough layer will be received that exceeds quota limit.
Image stream size quota doesn't accumulate. Iow, its usage is NOT permanently stored in a resource quota object. It's updated just for a very short period of time between an ImageStreamMapping object is allowed by admission plugin to be created and subsequent quota refresh triggered by resource quota controller. Therefore its check will probably not ever trigger unless uploaded layer is really big. We could compute the usage here from corresponding image stream. We don't do so to keep the push efficient.

Index ¶

Variables
func BlobDispatcher(ctx *handlers.Context, r *http.Request) http.Handler
func UserClientFrom(ctx context.Context) (client.Interface, bool)
func WithUserClient(parent context.Context, userClient client.Interface) context.Context
type AccessController
- func (ac *AccessController) Authorized(ctx context.Context, accessRecords ...registryauth.Access) (context.Context, error)
type RegistryClient
- func NewRegistryClient(config *clientcmd.Config) *RegistryClient
- func (r *RegistryClient) Clients() (client.Interface, kclient.Interface, error)
- func (r *RegistryClient) SafeClientConfig() restclient.Config

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// Challenging errors
	ErrTokenRequired          = errors.New("authorization header with basic token required")
	ErrTokenInvalid           = errors.New("failed to decode basic token")
	ErrOpenShiftTokenRequired = errors.New("expected bearer token as password for basic token to registry")
	ErrOpenShiftAccessDenied  = errors.New("access denied")

	// Non-challenging errors
	ErrNamespaceRequired   = errors.New("repository namespace required")
	ErrUnsupportedAction   = errors.New("unsupported action")
	ErrUnsupportedResource = errors.New("unsupported resource")
)

Errors used and exported by this package.

View Source

var DefaultRegistryClient = NewRegistryClient(clientcmd.NewConfig().BindToFile())

DefaultRegistryClient is exposed for testing the registry with fake client.

Functions ¶

func BlobDispatcher ¶

func BlobDispatcher(ctx *handlers.Context, r *http.Request) http.Handler

BlobDispatcher takes the request context and builds the appropriate handler for handling blob requests.

func UserClientFrom ¶

func UserClientFrom(ctx context.Context) (client.Interface, bool)

func WithUserClient ¶

func WithUserClient(parent context.Context, userClient client.Interface) context.Context

Types ¶

type AccessController ¶

type AccessController struct {
	// contains filtered or unexported fields
}

func (*AccessController) Authorized ¶

func (ac *AccessController) Authorized(ctx context.Context, accessRecords ...registryauth.Access) (context.Context, error)

Authorized handles checking whether the given request is authorized for actions on resources allowed by openshift. Sources of access records:

origin/pkg/cmd/dockerregistry/dockerregistry.go#Execute
docker/distribution/registry/handlers/app.go#appendAccessRecords

type RegistryClient ¶ added in v1.1.4

type RegistryClient struct {
	// contains filtered or unexported fields
}

RegistryClient encapsulates getting access to the OpenShift API.

func NewRegistryClient ¶ added in v1.1.4

func NewRegistryClient(config *clientcmd.Config) *RegistryClient

NewRegistryClient creates a registry client.

func (*RegistryClient) Clients ¶ added in v1.1.4

func (r *RegistryClient) Clients() (client.Interface, kclient.Interface, error)

Client returns the authenticated client to use with the server.

func (*RegistryClient) SafeClientConfig ¶ added in v1.1.4

func (r *RegistryClient) SafeClientConfig() restclient.Config

SafeClientConfig returns a client config without authentication info.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL