From 426a2e7db816e9b7a9d257c7474564db4902267e Mon Sep 17 00:00:00 2001
From: Erik Brakkee <erik@brakkee.org>
Date: Sat, 31 Aug 2024 19:58:24 +0200
Subject: [PATCH] autoregistry

---
 autoregistry/README.md         |  29 +++++
 autoregistry/bigmf/Dockerfile  |  13 +++
 autoregistry/compose.yaml      |  40 +++++++
 autoregistry/proxy/Dockerfile  |  16 +++
 autoregistry/proxy/docker.go   | 197 +++++++++++++++++++++++++++++++++
 autoregistry/proxy/go.mod      |  37 +++++++
 autoregistry/proxy/go.sum      | 155 ++++++++++++++++++++++++++
 autoregistry/proxy/main.go     |  98 ++++++++++++++++
 autoregistry/proxy/registry.go |  79 +++++++++++++
 autoregistry/registries.yaml   |   8 ++
 10 files changed, 672 insertions(+)
 create mode 100644 autoregistry/README.md
 create mode 100644 autoregistry/bigmf/Dockerfile
 create mode 100644 autoregistry/compose.yaml
 create mode 100644 autoregistry/proxy/Dockerfile
 create mode 100644 autoregistry/proxy/docker.go
 create mode 100644 autoregistry/proxy/go.mod
 create mode 100644 autoregistry/proxy/go.sum
 create mode 100644 autoregistry/proxy/main.go
 create mode 100644 autoregistry/proxy/registry.go
 create mode 100644 autoregistry/registries.yaml

diff --git a/autoregistry/README.md b/autoregistry/README.md
new file mode 100644
index 0000000..9ffac24
--- /dev/null
+++ b/autoregistry/README.md
@@ -0,0 +1,29 @@
+
+
+# Introduction
+
+When developing with a local k8s cluster, images must be made available to a local registry.
+This involves tagging the images (e.g. `localhost:5000/alpine`) and then pushing them. 
+Tagging is usually done transparently by e.g. `docker compose build` and it is easy to forget 
+to push the images. 
+
+The autoproxy solves this problem by proxying for a local container registry. When an image is 
+pulled it checkes whether or not the image is available in the container registry. If not, then
+it looks for the requested image in docker and does a push automatically. If the image is 
+available in the registry the autoproxy checks is the images is the same as on the registry and
+if not it pushes it. 
+
+# Usage
+
+A test setup is in the `compose.yaml` file. In this setup:
+* a backend registry runs which is just a regular local container registry
+* the frontend service is the proxy for the backend
+
+In the example setup images tagged with `localhost:5000/...` will automatically be
+pushed by the proxy in case they are requested. 
+
+# k3d
+
+```
+k3d cluster create dev --registry-config registries.yaml
+```
diff --git a/autoregistry/bigmf/Dockerfile b/autoregistry/bigmf/Dockerfile
new file mode 100644
index 0000000..c4c84ce
--- /dev/null
+++ b/autoregistry/bigmf/Dockerfile
@@ -0,0 +1,13 @@
+FROM alpine:3.20.0
+
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
+RUN dd if=/dev/urandom bs=1M count=50 of=x.img
diff --git a/autoregistry/compose.yaml b/autoregistry/compose.yaml
new file mode 100644
index 0000000..75520dd
--- /dev/null
+++ b/autoregistry/compose.yaml
@@ -0,0 +1,40 @@
+
+name: registry
+
+services:
+  backend:
+    image: registry:2.8.3
+    restart: always
+    volumes:
+      - registry:/var/lib/registry
+    # only for testing.
+    #ports:
+    # for debugging only, not requireed to be accessioble
+    #  - 4999:5000
+
+  frontend:
+    image: regproxy
+    build:
+      context: proxy
+    restart: always
+    #network_mode: host
+    command:
+      - localhost
+      - "5000"
+      - http://backend:5000
+    ports:
+      # run images with localhost:5001
+      - 5000:5000
+    volumes:
+      - //var/run:/var/run
+
+  # an image with a lot of big layers to verify the mechanism.
+  bigmf:
+    build:
+      context: bigmf
+    image: localhost:5000/bigmf
+    profiles:
+      - testing
+
+volumes:
+  registry:
diff --git a/autoregistry/proxy/Dockerfile b/autoregistry/proxy/Dockerfile
new file mode 100644
index 0000000..b186baf
--- /dev/null
+++ b/autoregistry/proxy/Dockerfile
@@ -0,0 +1,16 @@
+
+FROM alpine:3.20.0 as builder
+
+RUN apk update && apk add go
+RUN mkdir /opt/proxy
+COPY go.* /opt/proxy/
+WORKDIR /opt/proxy
+RUN go mod download
+COPY *.go /opt/proxy/
+RUN go build
+
+FROM scratch
+COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/
+COPY --from=builder /opt/proxy/proxy /opt/proxy/proxy
+
+ENTRYPOINT ["/opt/proxy/proxy"]
diff --git a/autoregistry/proxy/docker.go b/autoregistry/proxy/docker.go
new file mode 100644
index 0000000..56c00e0
--- /dev/null
+++ b/autoregistry/proxy/docker.go
@@ -0,0 +1,197 @@
+package main
+
+import (
+	"bufio"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/docker/docker/api/types/image"
+	"github.com/docker/docker/client"
+	"io"
+	"log"
+	"os"
+	"regexp"
+	"strings"
+	"time"
+)
+
+// based on an example from https://www.loginradius.com/blog/engineering/build-push-docker-images-golang/
+
+type ErrorLine struct {
+	Error       string      `json:"error"`
+	ErrorDetail ErrorDetail `json:"errorDetail"`
+}
+
+type ErrorDetail struct {
+	Message string `json:"message"`
+}
+
+// docker errors are so critical that the safest thing is to just exit and
+// get restarted.
+func exitOnDockerError() {
+	if err := recover(); err != nil {
+		log.Fatalf("Exiting the proxy because of a docker error\n", err)
+		os.Exit(1)
+	}
+}
+
+func print(rd io.Reader) error {
+	var lastLine string
+
+	scanner := bufio.NewScanner(rd)
+	for scanner.Scan() {
+		lastLine = scanner.Text()
+		log.Println(scanner.Text())
+	}
+
+	errLine := &ErrorLine{}
+	json.Unmarshal([]byte(lastLine), errLine)
+	if errLine.Error != "" {
+		return errors.New(errLine.Error)
+	}
+
+	if err := scanner.Err(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func GetDockerClient() *client.Client {
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+	return cli
+}
+
+func GetDockerImageId(registry, image_name, tag_name string) (imageId, imageName string) {
+	defer exitOnDockerError()
+	full_image := registry + "/" + image_name
+	if strings.HasPrefix(tag_name, "sha256:") || strings.HasPrefix(tag_name, "sha512:") {
+		full_image += "@" + tag_name
+	} else {
+		full_image += ":" + tag_name
+	}
+	cli := GetDockerClient()
+
+	images, err := cli.ImageList(context.Background(), image.ListOptions{})
+	if err != nil {
+		panic(err)
+	}
+	for _, image_obj := range images {
+		for _, tag := range image_obj.RepoTags {
+			if tag == full_image {
+				return image_obj.ID, full_image
+			}
+		}
+		for _, tag := range image_obj.RepoDigests {
+			if tag == full_image {
+				// now we need to find an image tag that is in the
+				// registry and that has a regular tag so we can push it.
+				for _, pushTag := range image_obj.RepoTags {
+					if strings.HasPrefix(pushTag, registry+"/") {
+						return image_obj.ID, pushTag
+					}
+				}
+			}
+		}
+	}
+	return "", ""
+}
+
+var lockChannel = make(chan string, 1)
+
+func PushDockerImage(full_image string) {
+	defer exitOnDockerError()
+	log.Printf("Image %s is unavailable in backend", full_image)
+
+	// only do one push at a time to be sure.
+	select {
+	case lockChannel <- "locking":
+		{
+			defer func() {
+				<-lockChannel
+			}()
+		}
+	case <-time.After(2 * time.Minute):
+		{
+			// kubernetes will retry anyway when a pull fails.
+			log.Printf("Lock not acquired within the timout, client will have to retry pull later")
+			return
+		}
+	}
+	log.Printf("Got lock for pushing %s, starting push", full_image)
+
+	cli := GetDockerClient()
+	closer, err := cli.ImagePush(context.Background(), full_image,
+		image.PushOptions{
+			RegistryAuth: "abc123", // dummy
+		})
+	if err != nil {
+		panic(err)
+	}
+	defer closer.Close()
+	err = print(closer)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func TestDocker(host, port string) {
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	images, err := cli.ImageList(context.Background(), image.ListOptions{})
+	if err != nil {
+		panic(err)
+	}
+	for _, image := range images {
+		for _, tag := range image.RepoTags {
+			log.Println(image.ID, tag)
+		}
+	}
+
+	// Now push an image
+	closer, err := cli.ImagePush(context.Background(), host+":"+port+"/alpine:latest",
+		image.PushOptions{
+			All:           false,
+			RegistryAuth:  "abc123", // dummy
+			PrivilegeFunc: nil,
+			Platform:      nil,
+		})
+	if err != nil {
+		panic(err)
+	}
+	defer closer.Close()
+
+	err = print(closer)
+	if err != nil {
+		panic(err)
+	}
+
+	// parsing image and tag from a context path
+
+	path := "v2/alpine/manifests/latest"
+	r := regexp.MustCompile("^v2/(.*)/manifests/([^/]+)$")
+	matches := r.FindStringSubmatch(path)
+	fmt.Println("Matches ", len(matches), matches)
+	if len(matches) == 3 {
+		fmt.Println("Match ", matches[1], matches[2])
+	} else {
+		fmt.Println("No match", matches)
+	}
+
+}
+
+func CheckDockerAvailable() {
+	log.Printf("Checking connection to docker daemon\n")
+	client := GetDockerClient()
+	_, err := client.ImageList(context.Background(), image.ListOptions{})
+	if err != nil {
+		panic(err)
+	}
+}
diff --git a/autoregistry/proxy/go.mod b/autoregistry/proxy/go.mod
new file mode 100644
index 0000000..1215d6b
--- /dev/null
+++ b/autoregistry/proxy/go.mod
@@ -0,0 +1,37 @@
+module proxy
+
+require (
+	github.com/docker/docker v27.0.3+incompatible
+	github.com/go-resty/resty/v2 v2.11.0
+)
+
+require (
+	github.com/Microsoft/go-winio v0.4.14 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/term v0.5.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
+	go.opentelemetry.io/otel v1.28.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 // indirect
+	go.opentelemetry.io/otel/metric v1.28.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.28.0 // indirect
+	go.opentelemetry.io/otel/trace v1.28.0 // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	gotest.tools/v3 v3.5.1 // indirect
+)
+
+go 1.21
+
+toolchain go1.21.9
diff --git a/autoregistry/proxy/go.sum b/autoregistry/proxy/go.sum
new file mode 100644
index 0000000..ebbaecd
--- /dev/null
+++ b/autoregistry/proxy/go.sum
@@ -0,0 +1,155 @@
+github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
+github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
+github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/docker/docker v27.0.3+incompatible h1:aBGI9TeQ4MPlhquTQKq9XbK79rKFVwXNUAYz9aXyEBE=
+github.com/docker/docker v27.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
+github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-resty/resty/v2 v2.11.0 h1:i7jMfNOJYMp69lq7qozJP+bjgzfAzeOhuGlyDrqxT/8=
+github.com/go-resty/resty/v2 v2.11.0/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
+github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
+github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
+github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
+go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
+go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 h1:j9+03ymgYhPKmeXGk5Zu+cIZOlVzd9Zv7QIiyItjFBU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0/go.mod h1:Y5+XiUG4Emn1hTfciPzGPJaSI+RpDts6BnCIir0SLqk=
+go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
+go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
+go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
+go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
+go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
+go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
+google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
+gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
diff --git a/autoregistry/proxy/main.go b/autoregistry/proxy/main.go
new file mode 100644
index 0000000..345ab38
--- /dev/null
+++ b/autoregistry/proxy/main.go
@@ -0,0 +1,98 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+)
+
+type AutoRegistry struct {
+	host               string
+	port               string
+	backendRegistryUrl string
+	reverseProxy       *httputil.ReverseProxy
+}
+
+func NewAutoRegistry(host, port, backendRegistryUrl string) *AutoRegistry {
+	proxy := AutoRegistry{
+		host: host, port: port,
+		backendRegistryUrl: backendRegistryUrl,
+	}
+	url, err := url.Parse(backendRegistryUrl)
+	if err != nil {
+		panic(err)
+	}
+	proxy.reverseProxy = httputil.NewSingleHostReverseProxy(url)
+	return &proxy
+}
+
+func (autoProxy *AutoRegistry) setupHandler() {
+	http.HandleFunc("/", autoProxy.requestHandler())
+}
+
+// ProxyRequestHandler handles the http request using proxy
+func (autoProxy *AutoRegistry) requestHandler() func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		autoProxy.pushImageIfNeeded(r, autoProxy.host+":"+autoProxy.port)
+		autoProxy.reverseProxy.ServeHTTP(w, r)
+	}
+}
+
+func (autoProxy *AutoRegistry) pushImageIfNeeded(r *http.Request, registry string) {
+	// below will catch error but can return old image to the user.
+	// This will lead to a lot of troubleshooting. Better is to fail the request to the client
+	// when there is a problem with docker.
+	//defer func() {
+	//	if r := recover(); r != nil {
+	//		log.Println("ERROR: Docker interaction failed: ", r)
+	//	}
+	//}()
+
+	log.Printf("Got request: %s, url: %s\n", r.Method, r.URL.Path)
+	if r.Method != "HEAD" && r.Method != "GET" {
+		return
+	}
+	image_name, tag_name, ok := ParseImage(r.URL.Path)
+	if !ok {
+		// not a manifest request
+		return
+	}
+	docker_id, push_tag := GetDockerImageId(registry, image_name, tag_name)
+	log.Printf("Docker id %s\n", docker_id)
+	if docker_id == "" {
+		return
+	}
+	registry_id := GetRegistryId(autoProxy.backendRegistryUrl, image_name, tag_name)
+	if docker_id == registry_id {
+		log.Printf("Image %s:%s is up to date in registry\n", image_name, tag_name)
+	}
+	log.Printf("image %s:%s is not up to date in registry, pushing it\n", image_name, tag_name)
+	PushDockerImage(push_tag)
+}
+
+func printHelp() {
+	fmt.Println("Usage: proxy <host> <port> <backendUrl>")
+}
+
+func main() {
+
+	// make sure we can connect to docker and fail immediately otherwise
+	CheckDockerAvailable()
+
+	if len(os.Args) != 4 {
+		printHelp()
+	}
+	host := os.Args[1]
+	port := os.Args[2]
+	backendRegistry := os.Args[3]
+
+	log.Printf("Running with: host %s port %s backend %s\n", host, port, backendRegistry)
+
+	proxy := NewAutoRegistry(host, port, backendRegistry)
+	proxy.setupHandler()
+	// handle all requests to your server using the proxy
+	log.Fatal(http.ListenAndServe(":"+port, nil))
+}
diff --git a/autoregistry/proxy/registry.go b/autoregistry/proxy/registry.go
new file mode 100644
index 0000000..fe03ed0
--- /dev/null
+++ b/autoregistry/proxy/registry.go
@@ -0,0 +1,79 @@
+package main
+
+import (
+	"fmt"
+	"github.com/go-resty/resty/v2"
+	"regexp"
+)
+
+type Manifest struct {
+	Config struct {
+		Digest string
+	}
+}
+
+func GetRegistryId(registry_url, image_name, tag_name string) string {
+	client := resty.New()
+	client.SetDebug(false)
+	resp, err := client.R().
+		EnableTrace().
+		SetResult(Manifest{}).
+		ForceContentType("application/json").
+		SetHeader("Accept", "application/vnd.docker.distribution.manifest.v2+json").
+		Get(registry_url + "/v2/" + image_name + "/manifests/" + tag_name)
+	if err != nil {
+		panic(err)
+	}
+	manifest := resp.Result().(*Manifest)
+	return manifest.Config.Digest
+}
+
+func ParseImage(path string) (image_name string, tag_name string, ok bool) {
+	r := regexp.MustCompile("^/?v2/(.*)/manifests/([^/]+)$")
+	matches := r.FindStringSubmatch(path)
+	if len(matches) == 3 {
+		return matches[1], matches[2], true
+	}
+	return "", "", false
+}
+
+func testRegistry() {
+	client := resty.New()
+	client.SetDebug(true)
+	resp, err := client.R().
+		EnableTrace().
+		SetResult(Manifest{}).
+		ForceContentType("application/json").
+		SetHeader("Accept", "application/vnd.docker.distribution.manifest.v2+json").
+		Get("http://host.docker.internal:4999/v2/alpine/manifests/latest")
+
+	fmt.Println("err ", err)
+
+	fmt.Printf("results: %v\n", resp.Result().(*Manifest))
+
+	fmt.Println("Response Info:")
+	fmt.Println("  Error      :", err)
+	fmt.Println("  Status Code:", resp.StatusCode())
+	fmt.Println("  Status     :", resp.Status())
+	fmt.Println("  Proto      :", resp.Proto())
+	fmt.Println("  Time       :", resp.Time())
+	fmt.Println("  Received At:", resp.ReceivedAt())
+	fmt.Println("  Body       :\n", resp)
+	fmt.Println()
+
+	// Explore trace info
+	fmt.Println("Request Trace Info:")
+	ti := resp.Request.TraceInfo()
+	fmt.Println("  DNSLookup     :", ti.DNSLookup)
+	fmt.Println("  ConnTime      :", ti.ConnTime)
+	fmt.Println("  TCPConnTime   :", ti.TCPConnTime)
+	fmt.Println("  TLSHandshake  :", ti.TLSHandshake)
+	fmt.Println("  ServerTime    :", ti.ServerTime)
+	fmt.Println("  ResponseTime  :", ti.ResponseTime)
+	fmt.Println("  TotalTime     :", ti.TotalTime)
+	fmt.Println("  IsConnReused  :", ti.IsConnReused)
+	fmt.Println("  IsConnWasIdle :", ti.IsConnWasIdle)
+	fmt.Println("  ConnIdleTime  :", ti.ConnIdleTime)
+	fmt.Println("  RequestAttempt:", ti.RequestAttempt)
+	fmt.Println("  RemoteAddr    :", ti.RemoteAddr.String())
+}
diff --git a/autoregistry/registries.yaml b/autoregistry/registries.yaml
new file mode 100644
index 0000000..e3003b1
--- /dev/null
+++ b/autoregistry/registries.yaml
@@ -0,0 +1,8 @@
+# k3d registries.yaml to allow k3d to use localhost:5000 for pulling images.
+
+mirrors:
+  localhost:5000:
+    endpoint:
+      - http://host.k3d.internal:5000
+
+