Skip to content

Deprecate insecure_registries config #9278

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 1, 2025
Merged

Deprecate insecure_registries config #9278

merged 1 commit into from
Jul 1, 2025
+10 −0

Conversation

bitoku
Copy link
Contributor

@bitoku bitoku commented Jun 24, 2025

What type of PR is this?

/kind deprecation

What this PR does / why we need it:

This PR deprecates insecure-registries, which causes unnecessary DNS resolution.

Which issue(s) this PR fixes:

part of #9225

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Deprecate `insecure_registries` config.

@bitoku bitoku requested a review from mrunalp as a code owner June 24, 2025 06:17
@openshift-ci openshift-ci bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/deprecation labels Jun 24, 2025
@openshift-ci openshift-ci bot requested review from klihub and QiWang19 June 24, 2025 06:17
@bitoku bitoku force-pushed the insecure-registries-deprecation branch from 2ff4837 to f9fbb9d Compare June 24, 2025 06:18
bitoku
bitoku commented Jun 24, 2025
View reviewed changes
internal/storage/image.go
if len(serverConfig.InsecureRegistries) > 0 {
log.Warnf(ctx, "Insecure registries option is deprecated and will be no effect")
}
serverConfig.InsecureRegistries = append(serverConfig.InsecureRegistries, "127.0.0.0/8")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This 127.0.0.0/8 will be removed when we completely remove the option.
Do we want to have a new option like insecureLoopback and deprecate it separately to reduce the impact as much as possible? or is it too much?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't recall who requires this, but I tend to say no, let's deprecate without having a replacement for this for now.

@bitoku bitoku force-pushed the insecure-registries-deprecation branch 2 times, most recently from 3e39a3e to 622daa9 Compare June 24, 2025 06:41
@codecov Codecov
Copy link

codecov bot commented Jun 24, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 25.00000% with 3 lines in your changes missing coverage. Please review.

Project coverage is 66.97%. Comparing base (2c533be) to head (9d0dd61).
Report is 75 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #9278      +/-   ##
==========================================
+ Coverage   66.52%   66.97%   +0.45%     
==========================================
  Files         198      198              
  Lines       27159    27198      +39     
==========================================
+ Hits        18067    18217     +150     
+ Misses       7606     7482     -124     
- Partials     1486     1499      +13
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@bitoku
Copy link
Contributor Author

bitoku commented Jun 27, 2025

@cri-o/cri-o-maintainers PTAL

haircommander
haircommander reviewed Jun 27, 2025
View reviewed changes
@bitoku
deprecate insecure-registires
9d0dd61 
Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
@bitoku bitoku force-pushed the insecure-registries-deprecation branch from 622daa9 to 9d0dd61 Compare June 30, 2025 11:39
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jun 30, 2025

@bitoku: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/ci-e2e-evented-pleg 9d0dd61 link false /test ci-e2e-evented-pleg

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@bitoku
Copy link
Contributor Author

bitoku commented Jul 1, 2025

/skip
@cri-o/cri-o-maintainers PTAL

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 1, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jul 1, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bitoku, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 1, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit aa26b29 into cri-o:main Jul 1, 2025
109 of 117 checks passed
@github-actions github-actions bot mentioned this pull request Sep 14, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haircommander haircommander haircommander left review comments

@saschagrunert saschagrunert saschagrunert approved these changes

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@klihub klihub Awaiting requested review from klihub

@QiWang19 QiWang19 Awaiting requested review from QiWang19

Assignees

@saschagrunert saschagrunert

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/deprecation lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bitoku @saschagrunert @haircommander