Dependency Proxy moving to core and a minor breaking change: Blogs November 2020 (before the 17th)
Proposal
The Dependency Proxy allows you to proxy and cache images from Docker Hub for faster, more reliable builds. However, the feature is currently limited to private projects. This excludes the majority of projects.
gitlab-org/gitlab#11582 (closed) intends to address this by adding support for private groups/sub-groups to the Dependency Proxy. The problem is that this introduces a minor breaking change for teams that are using the feature today.
The side effect of enabling the dependency proxy for private groups is that we will need to require all users to authenticate when accessing the dependency proxy, even for public groups/projects.
This is due to the fact that there is a single API request that is made from the docker client to request authentication that provides no information about what is going to be requested from the dependency proxy, meaning it happens before we can identify which group the user is making the request for. So we have to authenticate the user at this point, so we can check their permissions against the group/project being used on the next request.
What this means from the user perspective is that before a user can do something like:
docker pull gitlab.example.com/groupname/dependency_proxy/containers/alpine:latest
they must first
docker login gitlab.example.com
providing their username/password, PAT, or deploy token.
Checklist
-
If you have a specific publish date in mind (please allow 3 weeks' lead time) -
Include it in the issue title and apply the appropriate milestone (e.g. Blogs October 2020
) -
Give the issue a due date of a minimum of 2 working days prior -
If your post is likely to be >2,000 words, give a due date of a minimum of 4 working days prior
-
-
If time sensitive -
Add ~"Blog: Priority" label and supplied rationale in description -
Mention @rebecca
to give her a heads up ASAP
-
-
If wide-spread customer impacting or sensitive, mention @nwoods
to give her a heads up ASAP, apply the sensitive label, and check the PR handbook in case you need to open an announcement request instead of a blog post issue -
If the post is about one of GitLab's Technology Partners, including integration partners, mention @TinaS
, apply the Partner Marketing label, and see the blog handbook for more on third-party posts -
If the post is about one of GitLab's customers, mention @KimLock
and@FionaOKeeffe
, apply the Customer Reference Program label, and see the blog handbook for more on third-party posts -
Indicate if supporting an event or campaign -
Indicate if this post requires additional approval from internal or external parties before publishing (please provide details in a comment)