Additional container registry mirror [Was: Re: Sunsetting the Docker `openwrtorg` org (not `openwrt` org)]
Petr Štetiar
ynezz at true.cz
Sat Apr 15 01:19:01 PDT 2023
Paul Spooren <mail at aparcar.org> [2023-04-15 02:02:24]:
Hi,
> I’d simply disable it instead of no longer updating it, any other opinions?
fine with me, thanks for taking care. I would simply announce it in several
places, that there is a plan to sunset that namespace in 3-6 months, thus
being nice and giving everyone some time to adjust their workflows.
BTW I've recently experienced following from Hetzner.de ephemeral VPS in their
Helsinki DC with IP address within AS24940:
WARNING: Failed to pull image with policy "if-not-present": Error response
from daemon: error parsing HTTP 403 response body: invalid character '<'
looking for beginning of value: "<html><body><h1>403 Forbidden</h1>\nSince
Docker is a US company, we must comply with US export control regulations. In
an effort to comply with these, we now block all IP addresses that are located
in Cuba, Iran, North Korea, Republic of Crimea, Sudan, and Syria. If you are
not in one of these cities, countries, or regions and are blocked, please
reach out to https://hub.docker.com/support/contact/\n</body></html>\n"
(manager.go:237:1s)
>From docker.com support I've got a response, that they're using maxmind.com
service for this purpose and that Hetzner.de should fix that, but they don't
fully understand the situation and/or don't care.
Anyway, I'm seeing more and more such issues recently with Cloudflare/GCP/AWS
as well, probably using similar IP flagging service, so perhaps we should
consider using some additional container registry as a backup/mirror? So if
the pull from one registry doesn't work, then folks could try a different one.
I've not done any prior research about all viable options yet, but quay.io
looks so far as my favorite option. Any objections/ideas?
Cheers,
Petr
More information about the openwrt-devel
mailing list