imageresitry support Alibabacloud oss #1009
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -306,6 +306,38 @@ type ImageRegistryConfigStorageIBMCOS struct { | |||||
| ServiceInstanceCRN string `json:"serviceInstanceCRN,omitempty"` | ||||||
| } | ||||||
|
|
||||||
| // ImageRegistryConfigStorageOSS holds Alibaba Cloud OSS configuration. | ||||||
| // the registry to use Alibaba Cloud Object Storage Service for backend storage. | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
? |
||||||
| // More about oss, you can look at the [official documentation](https://www.alibabacloud.com/help/product/31815.htm) | ||||||
| type ImageRegistryConfigStorageOSS struct { | ||||||
|
Contributor
There was a problem hiding this comment. Since there's another push coming anyway, let's clean this up to |
||||||
| // bucket is the bucket name in which you want to store the registry's | ||||||
| // data. | ||||||
| // Optional, will be generated if not provided. | ||||||
|
menglingwei marked this conversation as resolved.
|
||||||
| // +optional | ||||||
|
Contributor
There was a problem hiding this comment. shouldn't this come after the comment? |
||||||
| // About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) | ||||||
| Bucket string `json:"bucket,omitempty"` | ||||||
|
|
||||||
| // region is the Alibaba Cloud Region in which your bucket exists. | ||||||
| // Optional, will be set based on the installed Alibaba Cloud Region. | ||||||
| // +optional | ||||||
|
Contributor
There was a problem hiding this comment. shouldn't this come after the comment? |
||||||
| // For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). | ||||||
| Region string `json:"region,omitempty"` | ||||||
| // regionEndpoint is the endpoint for OSS compatible storage services. | ||||||
| // Optional, defaults based on the Region that is provided. | ||||||
| // +optional | ||||||
| // An endpoint which defaults to [bucket].[region].aliyuncs.com or [bucket].[region]-internal.aliyuncs.com (when internal=true). | ||||||
| // You can change the default endpoint by changing this value. | ||||||
|
Contributor
There was a problem hiding this comment. you specifically called this out. Is the rest of this API immutable?
Author
There was a problem hiding this comment. @deads2k I took a look at the AWS structure definition. We have capabilities that are pretty much the same as AWS.So. I thought, can we keep the same definition as AWS? As follows: If you think this is ok, I will modify the code and resubmit the PR.
Author
There was a problem hiding this comment. If the KeyID is set, we may set SSEAlgorithm to KMS ,Otherwise, use the default value(AES256).
Author
There was a problem hiding this comment.
Contributor
There was a problem hiding this comment.
We cannot fix previous mistakes (this was in an operator repo when it was created), but we can avoid creating new instances of it. This API should follow our conventions.
Author
There was a problem hiding this comment. Do we need to keep |
||||||
| RegionEndpoint string `json:"regionEndpoint,omitempty"` | ||||||
| // internal specifies whether the registry use the OSS VPC internal endpoint | ||||||
| // Optional, defaults to false. if RegionEndpoint is specified, this config will be ignored | ||||||
|
menglingwei marked this conversation as resolved.
Outdated
|
||||||
| // +optional | ||||||
| Internal bool `json:"internal,omitempty"` | ||||||
|
Contributor
There was a problem hiding this comment. Nothing is a bool. Use an enum string please, with values like Internal and its counterpoint.
Author
There was a problem hiding this comment. I think it's better to keep it the same as registry storage-driver for oss. https://github.com/docker/docker.github.io/blob/master/registry/storage-drivers/oss.md
Contributor
There was a problem hiding this comment. The registry storage driver isn't an openshift API. openshift APIs look like kube APIs and we prefer to have enumerations where the value clearly indicates what it does and the list of values provides helpful description of what the alternatives are. This field looks like "EndpointAccessibility" with values "Internal" or "Public". Looking at clear enums like that, the default ought to be internal.
Author
There was a problem hiding this comment. So we might want to change Internal to EndpointAccessibility, and EndpointAccessibility is an enums filed. Is ok?
Contributor
There was a problem hiding this comment.
Yes, that looks good. Please be careful about resolving threads without a push. These comments are disappearing from view. |
||||||
| // encrypt specifies whether you would like your data encrypted on the server side. Defaults to false if not specified. | ||||||
| // Optional, defaults to false. | ||||||
| // +optional | ||||||
|
Contributor
There was a problem hiding this comment. shouldn't this come after the comment? |
||||||
| // More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm) | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
| Encrypt bool `json:"encrypt,omitempty"` | ||||||
|
Contributor
There was a problem hiding this comment. You have two encryption related fields? this and keyID? You need to describe the interaction and likely produce an API that makes it impossible to specify an invalid combination.
Contributor
There was a problem hiding this comment. Why would we allow a non-encrypted option?
Author
There was a problem hiding this comment. Here the documation https://www.alibabacloud.com/help/doc-detail/117914.htm?spm=a2c63.p38356.b99.1075.5c3e56989tiYEz.
Author
There was a problem hiding this comment.
Contributor
There was a problem hiding this comment. The registry storage driver isn't an openshift API. This API is an openshift API and should conform to our standards.
Author
There was a problem hiding this comment. @kwoodson @deads2k From the above discussion. I think i need to change internal to an Enum filed like "EndpointAccessibility" , it may be Internal or Public, the default value is Internal. And the Encrty change to an Enum filed like Encryption,It is used to define the server-side encryption algorithm, KMS or AES256, and same time ,add KeyID , if the Encryption value is KMS, the KeyID must be set. So the final structure should be I wonder if my understanding is correct? If it's correct, I'll do it this way
Author
There was a problem hiding this comment. If user don't set Encrypt or out of range ,the default value is AES256. If user set Encrypt to KMS and KeyID is not empty, use KMS. Follow the api documents type Encryption string
Contributor
There was a problem hiding this comment. I didn't realize that keyID was related to Encryption before. type ImageRegistryConfigStorageAlibaba struct{
}
type Encryption string
var(
ClearText = Encryption("ClearText")
AES256 = Encryption("AES256")
KMS = Encryption("KMS")
)
// this a union type in kube parlance. Depending on the value for the encryptionType,
// different pointers may be used
type EncryptionAlibaba struct{
EncryptionType Encryption `json:"encryptionType"`
KMSEncryptionAlibaba *KMSEncryptionAlibaba `json:"kms"`
}
type KMSEncryptionAlibaba struct{
KeyID string
}
Contributor
There was a problem hiding this comment. this thread got resolved before a push, unresolving so we can see it. |
||||||
| } | ||||||
|
|
||||||
| // ImageRegistryConfigStorage describes how the storage should be configured | ||||||
| // for the image registry. | ||||||
| type ImageRegistryConfigStorage struct { | ||||||
|
|
@@ -333,6 +365,9 @@ type ImageRegistryConfigStorage struct { | |||||
| // ibmcos represents configuration that uses IBM Cloud Object Storage. | ||||||
| // +optional | ||||||
| IBMCOS *ImageRegistryConfigStorageIBMCOS `json:"ibmcos,omitempty"` | ||||||
| // OSS represents configuration that uses Alibaba Cloud Object Storage Service. | ||||||
|
Contributor
There was a problem hiding this comment. These comments will be visible by customers and should contain YAML names, so
Suggested change
|
||||||
| // +optional | ||||||
| OSS *ImageRegistryConfigStorageOSS `json:"oss,omitempty"` | ||||||
| // managementState indicates if the operator manages the underlying | ||||||
| // storage unit. If Managed the operator will remove the storage when | ||||||
| // this operator gets Removed. | ||||||
|
|
||||||
Uh oh!
There was an error while loading. Please reload this page.