feat(docker): backport --pull-limit-check-disabled cli flag [BE-11820] (#658)

Author: oscarzhou-portainer

agent.go

@@ -81,39 +81,40 @@ type (
 
 	// Options are the options used to start an agent.
 	Options struct {
-		AssetsPath            string
-		AgentServerAddr       string
-		AgentServerPort       string
-		AgentSecurityShutdown time.Duration
-		ClusterAddress        string
-		ClusterProbeTimeout   time.Duration
-		ClusterProbeInterval  time.Duration
-		DataPath              string
-		SharedSecret          string
-		EdgeMode              bool
-		EdgeAsyncMode         bool
-		EdgeKey               string
-		EdgeID                string
-		EdgeUIServerAddr      string
-		EdgeUIServerPort      string
-		EdgeInactivityTimeout string
-		EdgeInsecurePoll      bool
-		EdgeTunnel            bool
-		EdgeTunnelProxy       string
-		EdgeMetaFields        EdgeMetaFields
-		LogLevel              string
-		LogMode               string
-		SSLCert               string
-		SSLKey                string
-		SSLCACert             string
-		CertRetryInterval     time.Duration
-		AWSClientCert         string
-		AWSClientKey          string
-		AWSClientBundle       string
-		AWSRoleARN            string
-		AWSTrustAnchorARN     string
-		AWSProfileARN         string
-		AWSRegion             string
+		AssetsPath             string
+		AgentServerAddr        string
+		AgentServerPort        string
+		AgentSecurityShutdown  time.Duration
+		ClusterAddress         string
+		ClusterProbeTimeout    time.Duration
+		ClusterProbeInterval   time.Duration
+		DataPath               string
+		SharedSecret           string
+		EdgeMode               bool
+		EdgeAsyncMode          bool
+		EdgeKey                string
+		EdgeID                 string
+		EdgeUIServerAddr       string
+		EdgeUIServerPort       string
+		EdgeInactivityTimeout  string
+		EdgeInsecurePoll       bool
+		EdgeTunnel             bool
+		EdgeTunnelProxy        string
+		EdgeMetaFields         EdgeMetaFields
+		LogLevel               string
+		LogMode                string
+		SSLCert                string
+		SSLKey                 string
+		SSLCACert              string
+		CertRetryInterval      time.Duration
+		AWSClientCert          string
+		AWSClientKey           string
+		AWSClientBundle        string
+		AWSRoleARN             string
+		AWSTrustAnchorARN      string
+		AWSProfileARN          string
+		AWSRegion              string
+		PullLimitCheckDisabled bool
 	}
 
 	// PciDevice is the representation of a physical pci device on a host
@@ -318,6 +319,8 @@ const (
 	ComposePathPrefix = "portainer-compose-unpacker"
 	// EdgeIdEnvVarName is the environment variable name of the edge ID for per device edge stack configurations
 	EdgeIdEnvVarName = "PORTAINER_EDGE_ID"
+	// DefaultPullLimitCheckDisabled is the default value for the registry pull limit check
+	DefaultPullLimitCheckDisabled = "false"
 )
 
 const (

http/handler/dockerhub/dockerhub_status.go

@@ -49,6 +49,13 @@ func (handler *Handler) dockerhubStatus(w http.ResponseWriter, r *http.Request)
 		return httperror.BadRequest("Invalid request payload", err)
 	}
 
+	if handler.PullLimitCheckDisabled {
+		return response.JSON(w, &dockerhubStatusResponse{
+			Limit:     10,
+			Remaining: 10,
+		})
+	}
+
 	httpClient := &http.Client{
 		Timeout: time.Second * 3,
 	}

http/handler/dockerhub/handler.go

@@ -12,12 +12,14 @@ import (
 // Handler represents an HTTP API Handler for host specific actions
 type Handler struct {
 	*mux.Router
+	PullLimitCheckDisabled bool
 }
 
 // NewHandler returns a new instance of Handler
-func NewHandler(notaryService *security.NotaryService) *Handler {
+func NewHandler(notaryService *security.NotaryService, pullLimitCheckDisabled bool) *Handler {
 	h := &Handler{
-		Router: mux.NewRouter(),
+		Router:                 mux.NewRouter(),
+		PullLimitCheckDisabled: pullLimitCheckDisabled,
 	}
 
 	h.Handle("/dockerhub",

http/handler/handler.go

@@ -46,15 +46,16 @@ type Handler struct {
 // Config represents a server handler configuration
 // used to create a new handler
 type Config struct {
-	SystemService        agent.SystemService
-	ClusterService       agent.ClusterService
-	SignatureService     agent.DigitalSignatureService
-	KubeClient           *kubecli.KubeClient
-	KubernetesDeployer   *exec.KubernetesDeployer
-	EdgeManager          *edge.Manager
-	RuntimeConfiguration *agent.RuntimeConfig
-	UseTLS               bool
-	ContainerPlatform    agent.ContainerPlatform
+	SystemService          agent.SystemService
+	ClusterService         agent.ClusterService
+	SignatureService       agent.DigitalSignatureService
+	KubeClient             *kubecli.KubeClient
+	KubernetesDeployer     *exec.KubernetesDeployer
+	EdgeManager            *edge.Manager
+	RuntimeConfiguration   *agent.RuntimeConfig
+	UseTLS                 bool
+	ContainerPlatform      agent.ContainerPlatform
+	PullLimitCheckDisabled bool
 }
 
 var dockerAPIVersionRegexp = regexp.MustCompile(`(/v[0-9]\.[0-9]*)?`)
@@ -69,7 +70,7 @@ func NewHandler(config *Config) *Handler {
 		browseHandler:          browse.NewHandler(agentProxy, notaryService),
 		browseHandlerV1:        browse.NewHandlerV1(agentProxy, notaryService),
 		dockerProxyHandler:     docker.NewHandler(config.ClusterService, config.RuntimeConfiguration, notaryService, config.UseTLS),
-		dockerhubHandler:       dockerhub.NewHandler(notaryService),
+		dockerhubHandler:       dockerhub.NewHandler(notaryService, config.PullLimitCheckDisabled),
 		diagnosticsHandler:     diagnostics.NewHandler(config.ContainerPlatform, config.EdgeManager, notaryService),
 		keyHandler:             key.NewHandler(notaryService, config.EdgeManager),
 		kubernetesHandler:      kubernetes.NewHandler(notaryService, config.KubernetesDeployer),

http/server.go

@@ -68,15 +68,16 @@ func NewAPIServer(config *APIServerConfig) *APIServer {
 // Start starts a new web server by listening on the specified listenAddr.
 func (server *APIServer) Start(edgeMode bool) error {
 	config := &handler.Config{
-		SystemService:        server.systemService,
-		ClusterService:       server.clusterService,
-		SignatureService:     server.signatureService,
-		RuntimeConfiguration: server.agentTags,
-		EdgeManager:          server.edgeManager,
-		KubeClient:           server.kubeClient,
-		KubernetesDeployer:   server.kubernetesDeployer,
-		UseTLS:               !edgeMode,
-		ContainerPlatform:    server.containerPlatform,
+		SystemService:          server.systemService,
+		ClusterService:         server.clusterService,
+		SignatureService:       server.signatureService,
+		RuntimeConfiguration:   server.agentTags,
+		EdgeManager:            server.edgeManager,
+		KubeClient:             server.kubeClient,
+		KubernetesDeployer:     server.kubernetesDeployer,
+		UseTLS:                 !edgeMode,
+		ContainerPlatform:      server.containerPlatform,
+		PullLimitCheckDisabled: server.agentOptions.PullLimitCheckDisabled,
 	}
 
 	httpHandler := handler.NewHandler(config)

os/options.go

@@ -11,43 +11,44 @@ import (
 )
 
 const (
-	EnvKeyAgentHost             = "AGENT_HOST"
-	EnvKeyAgentPort             = "AGENT_PORT"
-	EnvKeyClusterAddr           = "AGENT_CLUSTER_ADDR"
-	EnvKeyClusterProbeTimeout   = "AGENT_CLUSTER_PROBE_TIMEOUT"
-	EnvKeyClusterProbeInterval  = "AGENT_CLUSTER_PROBE_INTERVAL"
-	EnvKeyAgentSecret           = "AGENT_SECRET"
-	EnvKeyAgentSecurityShutdown = "AGENT_SECRET_TIMEOUT"
-	EnvKeyAssetsPath            = "ASSETS_PATH"
-	EnvKeyDataPath              = "DATA_PATH"
-	EnvKeyEdge                  = "EDGE"
-	EnvKeyEdgeAsync             = "EDGE_ASYNC"
-	EnvKeyEdgeKey               = "EDGE_KEY"
-	EnvKeyEdgeID                = "EDGE_ID"
-	EnvKeyEdgeServerHost        = "EDGE_SERVER_HOST"
-	EnvKeyEdgeServerPort        = "EDGE_SERVER_PORT"
-	EnvKeyEdgeInactivityTimeout = "EDGE_INACTIVITY_TIMEOUT"
-	EnvKeyEdgeInsecurePoll      = "EDGE_INSECURE_POLL"
-	EnvKeyEdgeTunnel            = "EDGE_TUNNEL"
-	EnvKeyEdgeTunnelHttpProxy   = "HTTP_PROXY"
-	EnvKeyEdgeTunnelHttpsProxy  = "HTTPS_PROXY"
-	EnvKeyLogLevel              = "LOG_LEVEL"
-	EnvKeyLogMode               = "LOG_MODE"
-	EnvKeySSLCert               = "MTLS_SSL_CERT"
-	EnvKeySSLKey                = "MTLS_SSL_KEY"
-	EnvKeySSLCACert             = "MTLS_SSL_CA"
-	EnvKeyCertRetryInterval     = "MTLS_CERT_RETRY_INTERVAL"
-	EnvKeyAWSClientCert         = "AWS_CLIENT_CERT"
-	EnvKeyAWSClientKey          = "AWS_CLIENT_KEY"
-	EnvKeyAWSClientBundle       = "AWS_CLIENT_BUNDLE"
-	EnvKeyAWSRoleARN            = "AWS_ROLE_ARN"
-	EnvKeyAWSTrustAnchorARN     = "AWS_TRUST_ANCHOR_ARN"
-	EnvKeyAWSProfileARN         = "AWS_PROFILE_ARN"
-	EnvKeyAWSRegion             = "AWS_REGION"
-	EnvKeyUpdateID              = "UPDATE_ID"
-	EnvKeyEdgeGroups            = "EDGE_GROUPS"
-	EnvKeyEnvironmentGroup      = "PORTAINER_GROUP"
-	EnvKeyTags                  = "PORTAINER_TAGS"
+	EnvKeyAgentHost              = "AGENT_HOST"
+	EnvKeyAgentPort              = "AGENT_PORT"
+	EnvKeyClusterAddr            = "AGENT_CLUSTER_ADDR"
+	EnvKeyClusterProbeTimeout    = "AGENT_CLUSTER_PROBE_TIMEOUT"
+	EnvKeyClusterProbeInterval   = "AGENT_CLUSTER_PROBE_INTERVAL"
+	EnvKeyAgentSecret            = "AGENT_SECRET"
+	EnvKeyAgentSecurityShutdown  = "AGENT_SECRET_TIMEOUT"
+	EnvKeyAssetsPath             = "ASSETS_PATH"
+	EnvKeyDataPath               = "DATA_PATH"
+	EnvKeyEdge                   = "EDGE"
+	EnvKeyEdgeAsync              = "EDGE_ASYNC"
+	EnvKeyEdgeKey                = "EDGE_KEY"
+	EnvKeyEdgeID                 = "EDGE_ID"
+	EnvKeyEdgeServerHost         = "EDGE_SERVER_HOST"
+	EnvKeyEdgeServerPort         = "EDGE_SERVER_PORT"
+	EnvKeyEdgeInactivityTimeout  = "EDGE_INACTIVITY_TIMEOUT"
+	EnvKeyEdgeInsecurePoll       = "EDGE_INSECURE_POLL"
+	EnvKeyEdgeTunnel             = "EDGE_TUNNEL"
+	EnvKeyEdgeTunnelHttpProxy    = "HTTP_PROXY"
+	EnvKeyEdgeTunnelHttpsProxy   = "HTTPS_PROXY"
+	EnvKeyLogLevel               = "LOG_LEVEL"
+	EnvKeyLogMode                = "LOG_MODE"
+	EnvKeySSLCert                = "MTLS_SSL_CERT"
+	EnvKeySSLKey                 = "MTLS_SSL_KEY"
+	EnvKeySSLCACert              = "MTLS_SSL_CA"
+	EnvKeyCertRetryInterval      = "MTLS_CERT_RETRY_INTERVAL"
+	EnvKeyAWSClientCert          = "AWS_CLIENT_CERT"
+	EnvKeyAWSClientKey           = "AWS_CLIENT_KEY"
+	EnvKeyAWSClientBundle        = "AWS_CLIENT_BUNDLE"
+	EnvKeyAWSRoleARN             = "AWS_ROLE_ARN"
+	EnvKeyAWSTrustAnchorARN      = "AWS_TRUST_ANCHOR_ARN"
+	EnvKeyAWSProfileARN          = "AWS_PROFILE_ARN"
+	EnvKeyAWSRegion              = "AWS_REGION"
+	EnvKeyUpdateID               = "UPDATE_ID"
+	EnvKeyEdgeGroups             = "EDGE_GROUPS"
+	EnvKeyEnvironmentGroup       = "PORTAINER_GROUP"
+	EnvKeyTags                   = "PORTAINER_TAGS"
+	EnvKeyPullLimitCheckDisabled = "PULL_LIMIT_CHECK_DISABLED"
 )
 
 type EnvOptionParser struct{}
@@ -57,18 +58,19 @@ func NewEnvOptionParser() *EnvOptionParser {
 }
 
 var (
-	fAssetsPath            = kingpin.Flag("assets", EnvKeyAssetsPath+" path to the assets folder").Envar(EnvKeyAssetsPath).Default(agent.DefaultAssetsPath).String()
-	fAgentServerAddr       = kingpin.Flag("host", EnvKeyAgentHost+" address on which the agent API will be exposed").Envar(EnvKeyAgentHost).Default(agent.DefaultAgentAddr).IP()
-	fAgentServerPort       = kingpin.Flag("port", EnvKeyAgentPort+" port on which the agent API will be exposed").Envar(EnvKeyAgentPort).Default(agent.DefaultAgentPort).Int()
-	fAgentSecurityShutdown = kingpin.Flag("secret-timeout", EnvKeyAgentSecurityShutdown+" the duration after which the agent will be shutdown if not associated or secured by AGENT_SECRET. (defaults to 72h)").Envar(EnvKeyAgentSecurityShutdown).Default(agent.DefaultAgentSecurityShutdown).Duration()
-	fClusterAddress        = kingpin.Flag("cluster-addr", EnvKeyClusterAddr+" address (in the IP:PORT format) of an existing agent to join the agent cluster. When deploying the agent as a Docker Swarm service, we can leverage the internal Docker DNS to automatically join existing agents or form a cluster by using tasks.<AGENT_SERVICE_NAME>:<AGENT_PORT> as the address").Envar(EnvKeyClusterAddr).String()
-	fClusterProbeTimeout   = kingpin.Flag("agent-cluster-timeout", EnvKeyClusterProbeTimeout+" timeout interval for receiving agent member probe responses (only change this setting if you know what you're doing)").Envar(EnvKeyClusterProbeTimeout).Default(agent.DefaultClusterProbeTimeout).Duration()
-	fClusterProbeInterval  = kingpin.Flag("agent-cluster-interval", EnvKeyClusterProbeInterval+" interval for repeating failed agent member probe (only change this setting if you know what you're doing)").Envar(EnvKeyClusterProbeInterval).Default(agent.DefaultClusterProbeInterval).Duration()
-	fDataPath              = kingpin.Flag("data", EnvKeyDataPath+" path to the data folder").Envar(EnvKeyDataPath).Default(agent.DefaultDataPath).String()
-	fSharedSecret          = kingpin.Flag("secret", EnvKeyAgentSecret+" shared secret used in the signature verification process").Envar(EnvKeyAgentSecret).String()
-	fLogLevel              = kingpin.Flag("log-level", EnvKeyLogLevel+" defines the log output verbosity (default to INFO)").Envar(EnvKeyLogLevel).Default(agent.DefaultLogLevel).Enum("ERROR", "WARN", "INFO", "DEBUG")
-	fLogMode               = kingpin.Flag("log-mode", EnvKeyLogMode+" defines the logging output mode").Envar(EnvKeyLogMode).Default("PRETTY").Enum("NOCOLOR", "PRETTY", "JSON")
-	fUpdateID              = kingpin.Flag("update-id", "the edge update identifier that started this agent").Envar(EnvKeyUpdateID).Int()
+	fAssetsPath             = kingpin.Flag("assets", EnvKeyAssetsPath+" path to the assets folder").Envar(EnvKeyAssetsPath).Default(agent.DefaultAssetsPath).String()
+	fAgentServerAddr        = kingpin.Flag("host", EnvKeyAgentHost+" address on which the agent API will be exposed").Envar(EnvKeyAgentHost).Default(agent.DefaultAgentAddr).IP()
+	fAgentServerPort        = kingpin.Flag("port", EnvKeyAgentPort+" port on which the agent API will be exposed").Envar(EnvKeyAgentPort).Default(agent.DefaultAgentPort).Int()
+	fAgentSecurityShutdown  = kingpin.Flag("secret-timeout", EnvKeyAgentSecurityShutdown+" the duration after which the agent will be shutdown if not associated or secured by AGENT_SECRET. (defaults to 72h)").Envar(EnvKeyAgentSecurityShutdown).Default(agent.DefaultAgentSecurityShutdown).Duration()
+	fClusterAddress         = kingpin.Flag("cluster-addr", EnvKeyClusterAddr+" address (in the IP:PORT format) of an existing agent to join the agent cluster. When deploying the agent as a Docker Swarm service, we can leverage the internal Docker DNS to automatically join existing agents or form a cluster by using tasks.<AGENT_SERVICE_NAME>:<AGENT_PORT> as the address").Envar(EnvKeyClusterAddr).String()
+	fClusterProbeTimeout    = kingpin.Flag("agent-cluster-timeout", EnvKeyClusterProbeTimeout+" timeout interval for receiving agent member probe responses (only change this setting if you know what you're doing)").Envar(EnvKeyClusterProbeTimeout).Default(agent.DefaultClusterProbeTimeout).Duration()
+	fClusterProbeInterval   = kingpin.Flag("agent-cluster-interval", EnvKeyClusterProbeInterval+" interval for repeating failed agent member probe (only change this setting if you know what you're doing)").Envar(EnvKeyClusterProbeInterval).Default(agent.DefaultClusterProbeInterval).Duration()
+	fDataPath               = kingpin.Flag("data", EnvKeyDataPath+" path to the data folder").Envar(EnvKeyDataPath).Default(agent.DefaultDataPath).String()
+	fSharedSecret           = kingpin.Flag("secret", EnvKeyAgentSecret+" shared secret used in the signature verification process").Envar(EnvKeyAgentSecret).String()
+	fLogLevel               = kingpin.Flag("log-level", EnvKeyLogLevel+" defines the log output verbosity (default to INFO)").Envar(EnvKeyLogLevel).Default(agent.DefaultLogLevel).Enum("ERROR", "WARN", "INFO", "DEBUG")
+	fLogMode                = kingpin.Flag("log-mode", EnvKeyLogMode+" defines the logging output mode").Envar(EnvKeyLogMode).Default("PRETTY").Enum("NOCOLOR", "PRETTY", "JSON")
+	fUpdateID               = kingpin.Flag("update-id", "the edge update identifier that started this agent").Envar(EnvKeyUpdateID).Int()
+	fPullLimitCheckDisabled = kingpin.Flag("pull-limit-check-disabled", "Pull limit check").Envar(EnvKeyPullLimitCheckDisabled).Default(agent.DefaultPullLimitCheckDisabled).Bool()
 
 	// Edge mode
 	fEdgeMode              = kingpin.Flag("edge", EnvKeyEdge+" enable Edge mode. Disabled by default, set to 1 or true to enable it").Envar(EnvKeyEdge).Bool()
@@ -166,6 +168,7 @@ func (parser *EnvOptionParser) Options() (*agent.Options, error) {
 			TagsIDs:            tagsIDs,
 			UpdateID:           *fUpdateID,
 		},
+		PullLimitCheckDisabled: *fPullLimitCheckDisabled,
 	}, nil
 }