Closed BenTheElder closed 1 year ago
BenTheElder
commented
1 year ago I think we need to revisit https://github.com/kubernetes-sigs/kind/issues/1895#issuecomment-833111925 / https://www.docker.com/community/open-source/application/, at least until we can smoothly migrate.
BenTheElder
commented
1 year ago Per above tweet:
We won't be deleting projects applying to this
[the open source application]
The current terms of agreement are very simple https://web.docker.com/rs/790-SSB-375/images/DockerOpenSourceProgramTermsofAgreement.pdf
• Program benefits are provided only to project leads and core project committers. • Program status and benefits are valid for one year and can be renewed if your project still meets the program requirements. • You may use the program benefits solely for developing non-commercial open-source projects. • You may not share free licenses with any third parties.
None of that seems like a problem. I think we should apply now and consider migrating to registry.k8s.io with a new tagging scheme as a next step for later this year when we have less on our plate and less immediate need to prevent user breakage.
BenTheElder
commented
1 year ago Filled out the form:
I think these are reasonably accurate. We obviously already agree to the docker TOS so only the additional conditions above.
BenTheElder
commented
1 year ago OK, I've submitted the form so we have a start on mitigating this anyhow, but we'll need to discuss more soon.
Back to Kubernetes Code Freeze / working on the k8s.gcr.io redirect planning for Kubernetes' own registry cost concerns :-) (https://kubernetes.io/blog/2023/03/10/image-registry-redirect/))
BenTheElder
commented
1 year ago Using https://github.com/kubernetes-sigs/kind/issues/1895#issuecomment-1468991168 to track how we might start shipping images on another registry
Vad1mo
commented
1 year ago We run a CNCF Harbor-based container registry service, happy to help the project and offer a registry free of charge. Harbor has the valuable option that allows you to replicate images to other registries. So, you push images to a central place and from there they are automatically replicated to ghcr, gcr, ecr, Docker Hub and so on.
Happy to show and explain the various options and possibilities for the Kind community.
BenTheElder
commented
1 year ago Thanks @Vad1mo. Kubernetes has a registry too and we're discussing moving to it in https://github.com/kubernetes-sigs/kind/issues/1895#issuecomment-1468991168 but also tracking the dockerhub issue here as I'm concerned about users pulling existing images.
Update re: dockerhub OSS program
boeboe
commented
1 year ago https://github.com/kubernetes/minikube/issues/16053
Metallb addon for minikube is broken due to this sudden move from docker.io.
medyagh
commented
1 year ago
- dockerd still only supports mirroring dockerhub (Enable engine to mirror private registry moby/moby#18818), so it will be somewhat harder for users without access to our upstream (e.g. china china can not pull from registry.k8s.io kubernetes/registry.k8s.io#137) to switch to a mirror as we've previously discussed with @tao12345666333 ref: Move dockerhub kindest/node to a non rate limited registry #1895
@BenTheElder thats a really good point minikube uses GCR images by default and uses docker hub images as fail over,, large part of minikube users in china rely on docker hub as a fail over but we also have a alibaba sync job that pushes the images to alibaba https://github.com/kubernetes/minikube/blob/master/.github/workflows/sync-minikube.yml
BenTheElder
commented
1 year ago @medyagh thanks! see also https://www.docker.com/blog/we-apologize-we-did-a-terrible-job-announcing-the-end-of-docker-free-teams/ phew.
I think we still want to look at migrating to project controlled hosting finally, but it may be less urgent. Still need to reread this new announcement in depth.
BenTheElder
commented
1 year ago We're in the open source program now.
Hi Benjamin Elder,
Congratulations! Your project has been approved for the Docker-Sponsored Open Source program. A Docker Team subscription will be allocated to the project organization Docker ID specified in your application within the next 3 weeks. In addition to a Team subscription, you now have:
free autobuilds
rate-limit removal for all users pulling public images from your project namespace
special badging on Docker Hub (this will be visible within two weeks)
If you haven’t already, please take the time to update your project’s Hub pages to include a detailed project description, links to your project source code, as well as contributing guidelines, and a link to your organization’s website. Projects lacking this information may not receive the Docker Sponsored Open Source badging for their images on Docker Hub.
Membership in the Docker-Sponsored Open Source (DSOS) program is valid for one year. You will receive a reminder email from us when it is time to renew your membership.
We are thrilled to have you as an open-source partner. If you have any questions regarding the open source program please contact opensource@docker.com and include the name of your project in the subject line. If you have questions regarding technical support please contact support@docker.com.
Thank you!
BenTheElder
commented
1 year ago Leaving this open until I get to ensuring we have the descriptions / links up to date as requested (soon! been focused on the k8s.gcr.io redirect for next week).
We'll use another issue to track any further changes we want to make e.g. migrating to Kubernetes's registry long-term.
BenTheElder
commented
1 year ago We had most of this already from previously preparing for the OSS program.
I've gone back through every image in kindest/ and added more details, links to the contributor guide, and updated any existing details. I think we have everything requested now and we appear to already have the "Sponsored OSS" badge.
BenTheElder
commented
1 year ago Docker is also no longer sunsetting free teams https://www.docker.com/developers/free-team-faq/
Just got the notice, we have Until April 14th to resolve this. Currently we depend on the
kindest/organization.https://web.docker.com/rs/790-SSB-375/images/privatereposfaq.pdf
AIUI the Kubernetes project previously decline to join the OSS program and it wasn't clear that KIND could agree to it on our own.
However other CNCF projects are members ref: https://twitter.com/justincormack/status/1635704358355468307
While we could move off of dockerhub, that has additional implications:
Users are already depending on these images in pipelines all over the place, if we just mirror / migrate they won't have much time to switch
dockerd still only supports mirroring dockerhub (https://github.com/moby/moby/issues/18818), so it will be somewhat harder for users without access to our upstream (e.g. china https://github.com/kubernetes/registry.k8s.io/issues/137) to switch to a mirror as we've previously discussed with @tao12345666333 ref: #1895
We do have a staging k8s infra GCR project available and could begin copying images over and promoting to registry.k8s.io, however registry.k8s.io does not support mutable tags and we'd have to finally fix our tagging scheme to not be based on Kubernetes versions only, which we'd still been discussing https://github.com/kubernetes-sigs/kind/issues/197, #2618 ...