Summary
v2.2.0 host-image passthrough (#95, closes #94) lets the nested daemon reuse host images via three modes — off / public / all — plus an optional registry allowlist (DIND_HOST_PASSTHROUGH_REGISTRIES). There is no way to restrict passthrough to specific repositories / image names.
Request: add a per-repository (image-name) allowlist, e.g. DIND_HOST_PASSTHROUGH_IMAGES, so a deployment can seed the inner daemon with only the images it owns, rather than every public image present on the host.
Motivation
Downstream consumer link-assistant/hive-mind (issue #1879 / PR #1880) runs nested docker run of its own official Docker Hub images (konard/hive-mind, konard/hive-mind-dind). The goal is exactly: seed the inner daemon with those two images and nothing else.
With the current knobs the closest fit is DIND_HOST_PASSTHROUGH=public, which copies every host image carrying a public RepoDigest. That works and is secret-safe, but:
- It is broader than intended — unrelated public images on the host (base images, other services' images, CI scratch images) are also copied into every nested daemon, costing time and disk on each launch.
DIND_HOST_PASSTHROUGH_REGISTRIES only narrows by registry (docker.io, ghcr.io, …); it cannot select docker.io/konard/hive-mind* while excluding docker.io/<everything-else>.
So today there is no configuration that means "pass through only konard/hive-mind and konard/hive-mind-dind".
Proposed feature
Add DIND_HOST_PASSTHROUGH_IMAGES — a space-separated allowlist of image references / globs. When non-empty, only host images whose reference matches an entry are eligible (composed with the existing mode filter, so public still gates on a public RepoDigest for secret-safety):
# seed only hive-mind's own images into the nested daemon
DIND_HOST_PASSTHROUGH=public
DIND_HOST_PASSTHROUGH_IMAGES="konard/hive-mind konard/hive-mind-dind"
# or with globs / tags:
DIND_HOST_PASSTHROUGH_IMAGES="docker.io/konard/hive-mind* konard/hive-mind-dind:latest"
Semantics:
- Empty / unset → current behavior (mode + registry filter only).
- Non-empty → an image must match the mode filter and at least one pattern.
- Matching against both the tagged reference and the repository (with/without
docker.io/ and :tag) keeps it ergonomic.
This is analogous to DIND_HOST_PASSTHROUGH_REGISTRIES but one level finer (repo/name instead of registry host), and it composes cleanly with the existing mode gate.
Context
Filed from link-assistant/hive-mind#1879. We can adopt public mode today as a working default; this issue tracks the narrower, more precise scoping we'd prefer for production (least-surprise: copy only the images we actually nest-run).
Summary
v2.2.0host-image passthrough (#95, closes #94) lets the nested daemon reuse host images via three modes —off/public/all— plus an optional registry allowlist (DIND_HOST_PASSTHROUGH_REGISTRIES). There is no way to restrict passthrough to specific repositories / image names.Request: add a per-repository (image-name) allowlist, e.g.
DIND_HOST_PASSTHROUGH_IMAGES, so a deployment can seed the inner daemon with only the images it owns, rather than every public image present on the host.Motivation
Downstream consumer
link-assistant/hive-mind(issue #1879 / PR #1880) runs nesteddocker runof its own official Docker Hub images (konard/hive-mind,konard/hive-mind-dind). The goal is exactly: seed the inner daemon with those two images and nothing else.With the current knobs the closest fit is
DIND_HOST_PASSTHROUGH=public, which copies every host image carrying a public RepoDigest. That works and is secret-safe, but:DIND_HOST_PASSTHROUGH_REGISTRIESonly narrows by registry (docker.io,ghcr.io, …); it cannot selectdocker.io/konard/hive-mind*while excludingdocker.io/<everything-else>.So today there is no configuration that means "pass through only
konard/hive-mindandkonard/hive-mind-dind".Proposed feature
Add
DIND_HOST_PASSTHROUGH_IMAGES— a space-separated allowlist of image references / globs. When non-empty, only host images whose reference matches an entry are eligible (composed with the existing mode filter, sopublicstill gates on a public RepoDigest for secret-safety):Semantics:
docker.io/and:tag) keeps it ergonomic.This is analogous to
DIND_HOST_PASSTHROUGH_REGISTRIESbut one level finer (repo/name instead of registry host), and it composes cleanly with the existing mode gate.Context
Filed from
link-assistant/hive-mind#1879. We can adoptpublicmode today as a working default; this issue tracks the narrower, more precise scoping we'd prefer for production (least-surprise: copy only the images we actually nest-run).