Insecure private registry

[maitredede]

Describe the problem to be solved

I have a private local registry (http only) that I have configured with a hosts.toml file. When starting spegel, this configuration is removed.

/etc/containerd/certs.d/myhost.local/hosts.toml :

server = "http://myhost.local"

[host."http://myhost.local:80"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true

Proposed solution to the problem

• One solution would be to add a way to skip domains so folder is not handled --skip-domain=myhost.local

• One other solution would be to have a way to set some registry options and generate corresponding configuration. For example `--registry "http://myhost.local:80"=skip_verify=true"

[phillebaba]

The Helm chart already has the field spegel.appendMirrors that will cause Spegel to append the mirror configuration after any existing configuration. Could you check if this solves your problems?

https://github.com/spegel-org/spegel/tree/main/charts/spegel

[maitredede]

This fields adds each entry to each generated file, but I have one registry mirror per mirrored registry. With the spegel.appendMirrors field, when trying to download one image, it will ask all mirrors before getting the right one.

It will work in almost cases, but it generates lots of 404 for no purposes, and how does it work if two registries has the same image tag ? (only the hosting registry that is different).

That is why I would prefer to have a finer configuration. And also a way to handle insecure registries.