But 500MB limit of layer size is a dealbreaker for AI related workflow.
When you push, the client could just PUT a metadata file and an object for each layer in the object store, and pulling would just read the metadata file, which would tell it where to get each layer. And could use etags to skip downloaded layers that have already been downloaded.
For auth just use the standard S3 auth.
Would be compatible with S3/r2/any other S3-compatible storage.
We eventually built our own registry in Go running on Cloud Run, which now serves all our images on cgr.dev.
Zero egress fees is really a game changer.
We have a managed docker registry and could have definitely used this project!
Slightly unrelated, but we've been experimenting with using SSH for authenticating with a docker registry if anyone is interested: https://github.com/picosh/tunkit?tab=readme-ov-file#why
However I am ever more confused now on what Cloudflare does and builds. They have everything from CDN, DNS to Orange Meets and this now?
Though, to be fair, the pull-through mechanism in the reference registry been kind of goofy for years. Ask me how I know /s
We are running a registry that does store content on R2[1], and today this is implemented as the unholy chimera of Cloudflare Workers, AWS CloudFront, Lambda@edge, regular Lambda, S3, and R2.
Pushes go first to CloudFront+Lambda@edge, content is saved in S3 first, then moved to R2 in background jobs. Once it's transited to R2, then pulls are served from R2.
I would so love for Workers + R2 to actually be able to accept pushes of large layers, unfortunately I have yet to talk to anyone at Cloudflare who believes it's possible. Especially in this era of AI/ML models, some container images can have single layers in the 10-100GB range!
[0] https://developers.cloudflare.com/workers/platform/limits/#r...
[1] https://depot.dev/docs/guides/ephemeral-registry