#lax

A place for people in (and around!) Los Angeles Archive: https://archive.sweetops.com/lax/

2019-10-28

@Erik Osterman is there a big difference in registry mirroring vs just pushing to 2 different registries?

you could do them in parallel in ci step (push to codefreshf registry + push to ECR)

Erik Osterman

chances are you don’t rely on just your software

Erik Osterman

in our case: prometheus, grafana, keycloak, gatekeeper, kubecost, and 2 dozen other third-party vendors

Erik Osterman

sure you can take on the burden of pushing those to your own repos - that’s great (but a lot of work)

Erik Osterman

or you can just use a mirror that that has a pull-through cache (as you describe) and address the immediate risk of being crippled by upstream outages.

Erik Osterman

I’d argue:

Erik Osterman

1) from a security perspective, you should explicitly replicate or produce an image in your own repo for every package you depend on. for smaller team, this might be a lot of overhead. it will shield you also from upstream outages.

Erik Osterman

2) from an HA perspective, the registry mirror is sufficient.

Erik Osterman

80/20 rule

Erik Osterman

option (1) is 80% more work with 20% more benefit

Erik Osterman

great response erik

2019-10-27

2019-10-25

Erik Osterman

@btai @Corey Gale good tip yesterday at the meet up about setting up a pass thru registry for Docker to mitigate the effects of a Docker hub outage

Erik Osterman

I think mirroring the images to ECR is a PIA

Erik Osterman

But in researching this some more, I learned about the registry mirror option built into Docker

Pia?

Erik Osterman

(Pain in the ass)

Erik Osterman

I guess that makes it PITA

Corey Gale

Erik Osterman
Registry as a pull through cache

Use-case If you have multiple instances of Docker running in your environment, such as multiple physical or virtual machines all running Docker, each daemon goes out to the internet and…

kubernetes/kops

Kubernetes Operations (kops) - Production Grade K8s Installation, Upgrades, and Management - kubernetes/kops

Erik Osterman

Looks like this is natively supported by Kops

Erik Osterman

So it seems like it’s easy enough to deploy a pass thru registry in cluster and then configure the mirror to use it

Erik Osterman

Not sure what happens if the mirror is offline - I presume it attempts upstream

Corey Gale
02:22:20 AM

@Corey Gale has joined the channel

Erik Osterman

@Jeremy Grodberg we should add this to next rollout

Jeremy Grodberg

Maybe go all the way and use something like Artifactory to be the pull-through cache for everything, not just docker images. https://jfrog.com/artifactory/features/

Artifactory Features: Build Integration, REST API, Replication ... - JFrog

Artifactory provides compelling features including, HA, P2 repository, build server integration, NuGet support, repo replication, yum.

Erik Osterman

I just don’t know where the line is drawn between open source and enterprise. Artifactory is cool and all, but I know their pricing is insane.

2019-10-14

Hear from @Jake Lundberg (HashiCorp) and his colleague next Thursday in Santa Monica!

https://www.meetup.com/West-LA-DevOps/events/265221538/

West LA DevOps: The 4th Meetup

Thu, Oct 24, 2019, 6:00 PM: WHENOctober 24, 2019Doors open at 6pmWHEREGumGum HQ[masked]th St.4th floorSanta Monica, 90401ORGANIZERSCorey Gale (DevOps Manager @ GumGum)Brian Tai (DevOps Engineer @ Audi

1
1

oof I don’t like that @Erik Osterman

I definitely don’t want our members pay to rsvp. at the same time I’d say our attendance rate is about 40~50% of the total rsvps

Technically they could show up without RSVPing.

    keyboard_arrow_up