This is primarily to get the signature access docker/distribution API
extension.
To make it work, two updates to the test harness are necessary:
- Change the expected output of (oadm policy add-cluster-role-to-group)
- Don't expect (openshift start master) to create .kubeconfig files
for the registry service.
As of https://github.com/openshift/origin/pull/10830 ,
openshift.local.config/master/openshift-registry.kubeconfig is no longer
autogenerated. Instead, do what (oadm registry) does, creating a
service account and a cluster policy role binding. Then manually create
the necessary certificates and a .kubeconfig instead of using the
service account in a pod.
Vendor containers/storage, and its dependencies github.com/pborman/uuid
and github.com/mistifyio/go-zfs, which we didn't already use.
Update the build Dockerfile to install their dependencies.
Add scriptlets that try to detect whether or not we need to use the
"libdm_no_deferred_remove" and/or "btrfs_noversion" build tags.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
I don’t know how to checkout a specific untagged commit (
9ff4bf43548c758b6767b639b335681285fece48 ) from the original repo, so
I have forked the project and fetched that commit from a cached Docker
image.
We should instead update the containers/image client for the new API ASAP,
and then the github.com/mtrmac/origin repo should be removed.
This builds from the image-signatures-rest branch for
https://github.com/openshift/origin/pull/9181 .
Testing push, pull, streaming.
Does not test working with the other Docker registries built in
Dockerfile; I will leave that to the author of that code :)
Note that this relies on an internet connection for pulling from the
Docker Hub (which is incidentally tested by that); pushing to no Docker
Registry, neither local nor Hub, is tested by this.
The tests only run in a container because the (oc login) / (docker
login)-like code modifies files in a home directory; the new
SKOPEO_CONTAINER_TESTS environment variable should protect against
accidental non-container runs.
