[release/9.0.1xx] [Containers] Fix insecure registry handling to use the correct port for the HTTP protocol #44235
Merged
baronfel merged 4 commits intorelease/9.0.1xxfrom Oct 18, 2024
Conversation
ghost
added
baronfel
approved these changes
Oct 16, 2024
baronfel
changed the title
baronfel
force-pushed
the
backport/pr-44050-to-release/9.0.1xx
branch
from
4ae6e05 to
98798f3
Compare
Member
|
The failure is an EMSDK workload that needs to flow into 9.0.1xx, not anything related to this PR. |
baronfel
force-pushed
the
backport/pr-44050-to-release/9.0.1xx
branch
from
98798f3 to
c2a48ee
Compare
Member
|
@dotnet/source-build there's a download failure happening that I don't think is related to this PR - can y'all take a look and see if there's something we need to do? |
Member
It was fixed in #44281. I'll merge the tip into this PR to fix. |
baronfel
force-pushed
the
backport/pr-44050-to-release/9.0.1xx
branch
from
34deb27 to
e35b936
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #44050 to release/9.0.1xx
Description/Customer Impact
Users pushing images to 'insecure registries' (which are managed via Docker/Podman configuration) couldn't successfully push to those registries if they used HTTP (as opposed to an untrusted/self-signed/etc HTTPS certificate). This was because when constructing the fallback HTTP url for the registry we used UriBuilder to copy over all parts of Uri and just change the
scheme. Due to vagaries of the UriBuilder APIs, this meant that we always used the HTTPS port (443) for these HTTP uris, which results in communication errors. This change updates the way we construct the HTTP Uris for our HTTP fallback logic for insecure registries to allow HTTP communication with these registries by not using the HTTPS port unless the registry configuration explicitly pinned the port to be used.Regression
No - this is fixing a gap that we didn't have test coverage in on the initial 'insecure registry' support
Risk
Low - we have automated test coverage for this scenario, and this only applies to users of the 'insecure registry' feature (which was only recently released in 8.0.400 and we have not received huge amounts of negative feedback on).
Testing
Automated tests for a wide variety of potential registry names and configurations was added.
/cc @baronfel @dameng324