Skip to content

Feature Request: Support local / alternate container registry before caching #520

New issue
New issue
Open
Open
Feature Request: Support local / alternate container registry before caching#520
@aDisplayName

Description

@aDisplayName
aDisplayName
opened on Aug 6, 2025

Background

As mentioned in README.md, kuik does not work well with other controller need to manipulate the Pod's pod.specs.containers.image.

kuik's caching ability does provide a very good solution for edge side workload deployment when network bandwidth is not stable.

Another frequent scenario on edge side deployment is that the predefined pod image repository might be entirely unreachable for edge cluster. For example, air-gaped edge cluster, or the access to a certain public cloud provider is restricted due to legal restriction.

In this scenario, one of common solution, without changing the helm chart, is to use the Pod mutating webhook to change the image repository to a external local cache, where the edge cluster has access to.

Solution

kuik can also add a feature to transform the original image repository, to a repository located in a pre-defined external mirror, before being cached to the in-cluster registry cache.

For example, for a deployment target which can only access container repository from project-a.azurecr.io, standard public helm chart will not be used directly. And the task is to deploy an bitnami/nats helm chart without any modification in that target cluster.

  1. For such cluster, we can setup a pull-through cache at project-a.azurecr.io/docker-mirror/, any repository access at project-a.azurecr.io/docker-mirror/image will be proxied to docker.io/image.
  2. When deploying kuik, we make sure adding the following image repository transforming rule: 
    imageRedirMapping:
- src: docker.io/
  to: project-a.azurecr.io/docker-mirror/
- src: ghcr.io/
  to: project-a.azurecr.io/ghcr-mirror/
``
  3. In kuik controller, based on the mapping rule defined, we can add one more step in pod mutating webhook: change every docker.io/nats:2.10.26-alpine to project-a.azurecr.io/docker-mirror/nats:2.10.26-alpine, before converting to localhost:7439/project-a.azurecr.io/docker-mirror/nats:2.10.26-alpine

I believe this change will greatly benefit kuik usage in edge scenario.

I can start to work on a PR if this direction is considered reasonable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions