Summary
thar-be-registries currently hardcodes ["pull", "resolve"] capabilities for all registry mirror endpoints. This blocks tools like Spegel that require pull-only mirrors. containerd 2.1's transfer service fails when Spegel's DHT hasn't initialized if resolve is also requested.
See the upstream tracking issue: bottlerocket-os/bottlerocket#4710
Proposed change
Add an optional capabilities field to the Mirror settings type and a resolve_capabilities helper in thar-be-registries that maps the configured values to containerd's Capability enum, defaulting to ["pull", "resolve"] when unset for backward compatibility.
Depends on bottlerocket-os/bottlerocket-settings-sdk#134 which adds the capabilities field to RegistryMirrorV1.
I have a PR ready to submit.
Summary
thar-be-registriescurrently hardcodes["pull", "resolve"]capabilities for all registry mirror endpoints. This blocks tools like Spegel that requirepull-only mirrors. containerd 2.1's transfer service fails when Spegel's DHT hasn't initialized ifresolveis also requested.See the upstream tracking issue: bottlerocket-os/bottlerocket#4710
Proposed change
Add an optional
capabilitiesfield to theMirrorsettings type and aresolve_capabilitieshelper inthar-be-registriesthat maps the configured values to containerd'sCapabilityenum, defaulting to["pull", "resolve"]when unset for backward compatibility.Depends on bottlerocket-os/bottlerocket-settings-sdk#134 which adds the
capabilitiesfield toRegistryMirrorV1.I have a PR ready to submit.