This message was deleted.
# rancher-desktopa
adamant-kite-43734
08/01/2023, 3:57 PMThis message was deleted.
f
fast-garage-66093
08/01/2023, 6:28 PMWe are using a MitM proxy to filter all manifest pull requests from the container engine and reject those not covered by the allow list. This does not really allow filtering by tags, as that will generate additional manifest request using the digests, so you would have to add those digests to the allow list as well.
fast-garage-66093
08/01/2023, 6:34 PMIt is based on a SUSE Hackweek experiment I did earlier; there is a summary at Image Allow List for Rancher Desktop. It has evolved a bit since then (and the writeup still makes the assumption that you can filter on tags), but this is the most concise summary of how it works. It depends on a custom build of OpenResty, so unfortunately it is not just off-the-shelf packages.
fast-garage-66093
08/01/2023, 6:37 PMAlso using regular expressions for the filters was a bad idea; we are going to replace them with support for wildcards instead.
s
straight-night-58184
08/01/2023, 7:27 PMNice, this is helpful. Thank you
2 Views