Cannot use IPv6 literal in registry mirror endpoint about containerd HOT 8 OPEN

distribution/distribution#3489

from containerd.

Thanks @aojea for getting this working in distribution and eventually kubernetes ;)

from containerd.

Use of IPv6 literals in the image name works in Kubernetes 1.29, which uses docker/distribution v2.8.3 which uses distribution/reference as the backend for docker/distribution/reference. Older releases that are still on v2.8.2 will fail to schedule pods that use an ipv6 literal as the image registry:

    state:
      waiting:
        message: 'Failed to apply default image tag "[fd7c:53a5:aef5::242:ac11:7]/rancher/mirrored-coredns-coredns:1.10.1":
          couldn''t parse image name "[fd7c:53a5:aef5::242:ac11:7]/rancher/mirrored-coredns-coredns:1.10.1":
          invalid reference format'
        reason: InvalidImageName

This is unrelated to the issue of needing to support IPv6 addresses in mirror endpoints though.

from containerd.

fwiw go-toml itself doesn't handle round-trip this properly either. There does not appear to be any way to escape characters in table keys.

package main

import (
	"fmt"

	"github.com/pelletier/go-toml"
)

type Entry struct {
	Foo string
}

type Thing struct {
	Entries map[string]Entry
}

func main() {
	foo := Thing{
		Entries: map[string]Entry{
			"https://[::1]/v2": {
				Foo: "foo",
			},
		},
	}
	b, err := toml.Marshal(foo)
	fmt.Printf("Marshal error=%v\n%s\n", err, b)
	err = toml.Unmarshal(b, &foo)
	fmt.Printf("Unmarshal error=%v\n", err)
}

Marshal error=<nil>

[Entries]

  [Entries."https://[::1]/v2"]
    Foo = "foo"

Unmarshal error=(4, 4): unexpected token table key cannot contain ']', was expecting a table key

from containerd.

Added a very hacky proposed fix in #10072

from containerd.

@samuelkarp would you prefer to discuss the preferred approach to this here? I'll paste what I said on the PR:

Honestly this datastructure should have been a table list with a server field for each entry, rather than trying to get clever and put the server URL in the table key. Using a list would have also avoided all the weirdness with having to re-parse the tree to get the key order from line numbers in the file.

[[host]]
  server = "https://[fd7c:53a5:aef5::242:ac11:7]/v2"
  capabilities = ["pull", "resolve"]
  skip_verify = true

Since containerd 2.0 isn't out yet, now might be a good time to fix this.

from containerd.

Honestly this datastructure should have been a table list with a server field for each entry, rather than trying to get clever and put the server URL in the table key.

I agree.

Since containerd 2.0 isn't out yet, now might be a good time to fix this.

If so, we'll need to get it done and in fairly quickly; 2.0.0-rc.0 is already out and we've tried to give advance warning of breaking changes like this. It may be more feasible to add an override, or to try and fix the port-parsing such that a valid IPv6 address is not mistaken for something with a port appended.

@dmcgowan I'd appreciate your thoughts on this.

from containerd.

I'll have to poke at the go-toml/v2 parser that containerd 2.0 uses, but I was considering trying to get it to support both the existing [host."example.com"] or proposed [[host]]/server="example.com" structure, as long as the file doesn't mix between both. I think that should be doable.

I should have some cycles for a POC next week.

from containerd.