feat(sync): use regclient for sync extension (#2903)

* feat(sync): use regclient for sync extension replaced containers/image package with regclient/regclient package Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com> * fix(sync): fixed converting innner docker list mediatype Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com> * feat(sync): added option to preserve digest Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com> * fix(sync): added coverage and various fixes Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com> * fix(metadb): fixed converting manifest list not setting platform and annotations Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com> * fix(sync): remove read lock on storage, not used concurrently Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com> * feat(sync): added cache for repo tags Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com> * fix(sync): fixed Makefile removed opengpg tag Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com> * fix(sync): add test for on demand referrer Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com> --------- Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com>
2026-06-19 22:27:58 +08:00 · 2025-04-16 02:58:15 +03:00
parent 2592d4c784
commit 0e2aa81439
58 changed files with 2279 additions and 3741 deletions
@@ -961,7 +961,7 @@ Configure each registry sync:
 				"onDemand": false,                  # pull any image which the local registry doesn't have
 				"pollInterval": "6h",               # polling interval, if not set then periodically polling will not run
 				"tlsVerify": true,                  # whether or not to verify tls (default is true)
-				"certDir": "/home/user/certs",      # use certificates at certDir path, if not specified then use the default certs dir
+				"certDir": "/home/user/certs",      # use certificates at certDir path similar to Docker's /etc/docker/certs.d., if not specified then use the default certs dir,
 				"maxRetries": 5,                    # maxRetries in case of temporary errors (default: no retries)
 				"retryDelay": "10m",                # delay between retries, retry options are applied for both on demand and periodically sync and retryDelay is mandatory when using maxRetries.
 				"onlySigned": true,                 # sync only signed images (either notary or cosign)
@@ -1015,5 +1015,16 @@ Configure each registry sync:
 		]
 		}
 ```
-
 Prefixes can be strings that exactly match repositories or they can be [glob](https://en.wikipedia.org/wiki/Glob_(programming)) patterns.
+
+### Sync's certDir option
+
+sync uses the same logic for reading cert directory as docker: https://docs.docker.com/engine/security/certificates/#understand-the-configuration
+sync can also read the certificates directly under certDir:
+ - ca.crt - public pem cert of registry. Root CA that signed the registry certificate, in PEM.
+ - client.cert - public pem cert for client (mTLS)
+ - client.key - public key cert for client (mTLS)
+
+### Sync's credentials
+
+Besides sync-auth.json file, zot also reads and uses docker credentials by default: https://docs.docker.com/reference/cli/docker/login/#description
@@ -0,0 +1,33 @@
+{
+    "distSpecVersion": "1.1.1",
+    "storage": {
+        "rootDirectory": "/tmp/zot"
+    },
+    "http": {
+        "address": "127.0.0.1",
+        "port": "8080",
+        "compat": [
+            "docker2s2"
+        ]
+    },
+    "log": {
+        "level": "debug"
+    },
+    "extensions": {
+        "sync": {
+            "enable": true,
+            "credentialsFile": "./examples/sync-auth-filepath.json",
+            "registries": [
+                {
+                    "urls": [
+                        "https://index.docker.io"
+                    ],
+                    "onDemand": true,
+                    "tlsVerify": true,
+                    "retryDelay": "5m",
+                    "preserveDigest": true
+                }
+            ]
+        }
+    }
+}
@@ -73,10 +73,25 @@
 					],
 					"onDemand": true,
 					"tlsVerify": true,
-					"maxRetries": 6,
-					"retryDelay": "5m"
+					"maxRetries": 5,
+					"retryDelay": "30s"
+				},
+				{
+					"urls": [
+						"https://demo.goharbor.io"
+					],
+					"pollInterval": "12h",
+					"content": [
+						{
+							"prefix": "zot/**"
+						}
+					],
+					"onDemand": true,
+					"tlsVerify": true,
+					"maxRetries": 5,
+					"retryDelay": "1m"
 				}
 			]
 		}
 	}
-}
+}