Skip to content

revisit registry.k8s.io backup stategy #8008

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BenTheElder opened this issue Apr 17, 2025 · 1 comment
Open

revisit registry.k8s.io backup stategy #8008

BenTheElder opened this issue Apr 17, 2025 · 1 comment
Labels
priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra.

Comments

@BenTheElder
Copy link
Member

I'm not sure if we're even running anything today.

We should consider setting up a strongly append-only copy (AR immutable tags or something like that) somewhere as isolated as possible from the main prod credentials, which serves only to sync in append-only backup of published images to a trusted location, should we ever need it.

It should not be public read, just a private backup mirror.

/sig k8s-infra
/priority important-longterm
@k8s-ci-robot k8s-ci-robot added sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Apr 17, 2025
@BenTheElder BenTheElder mentioned this issue Apr 17, 2025
Open
@BenTheElder
Copy link
Member Author

note: https://cloud.google.com/artifact-registry/docs/docker/names#versions

Immutable: In the repository, a tag always points to the same image digest. If an Artifact Registry repository is configured for immutable image tags, the following actions are not permitted:

  • Delete a tagged image. Deleting untagged images is still permitted.
  • Remove a tag from an image.
  • Push an image with a tag that is already used by another version of the image in the repository.

So immutable tags is not a complete append only strategy (also we might want to consider running the archive on some other platform anyhow)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BenTheElder @k8s-ci-robot