Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/8.0.4xx] [Containers] Fix insecure registry handling to use the correct port for the HTTP protocol #44234

Merged
merged 4 commits into from
Oct 17, 2024
Merged

[release/8.0.4xx] [Containers] Fix insecure registry handling to use the correct port for the HTTP protocol #44234

merged 4 commits into from
Oct 17, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Oct 16, 2024
edited by baronfel
Loading

Backport of #44050 to release/8.0.4xx

Description/Customer Impact

Users pushing images to 'insecure registries' (which are managed via Docker/Podman configuration) couldn't successfully push to those registries if they used HTTP (as opposed to an untrusted/self-signed/etc HTTPS certificate). This was because when constructing the fallback HTTP url for the registry we used UriBuilder to copy over all parts of Uri and just change the scheme. Due to vagaries of the UriBuilder APIs, this meant that we always used the HTTPS port (443) for these HTTP uris, which results in communication errors. This change updates the way we construct the HTTP Uris for our HTTP fallback logic for insecure registries to allow HTTP communication with these registries by not using the HTTPS port unless the registry configuration explicitly pinned the port to be used.

Regression

No - this is fixing a gap that we didn't have test coverage in on the initial 'insecure registry' support

Risk

Low - we have automated test coverage for this scenario, and this only applies to users of the 'insecure registry' feature (which was only recently released in 8.0.400 and we have not received huge amounts of negative feedback on).

Testing

Automated tests for a wide variety of potential registry names and configurations was added.

/cc @baronfel @dameng324

@dotnet-issue-labeler dotnet-issue-labeler bot added Area-Infrastructure untriaged Request triage from a team member labels Oct 16, 2024
@baronfel baronfel changed the title [release/8.0.4xx] fix port error when fallback to http [release/8.0.4xx] [Containers] Fix insecure registry handling to use the correct port for the HTTP protocol Oct 16, 2024
@rbhanda rbhanda added this to the 8.0.11 milestone Oct 17, 2024
@baronfel baronfel merged commit 1ed097e into release/8.0.4xx Oct 17, 2024
17 checks passed
@baronfel baronfel deleted the backport/pr-44050-to-release/8.0.4xx branch October 17, 2024 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baronfel baronfel baronfel approved these changes

Assignees
No one assigned
Labels
Area-Infrastructure Servicing-approved untriaged Request triage from a team member
Projects
None yet
Milestone
8.0.11
Development

Successfully merging this pull request may close these issues.
3 participants
@baronfel @rbhanda @dameng324