archive
/
watchtower
mirror of https://github.com/containrrr/watchtower
1
0
Fork 0
Code Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dependabot/go_modules/github.com/docker/cli-26.0.0incompatible
dependabot/go_modules/github.com/docker/docker-26.0.0incompatible
dependabot/github_actions/dominikh/staticcheck-action-1.3.1
dependabot/go_modules/github.com/docker/docker-24.0.9incompatible
dependabot/go_modules/github.com/onsi/gomega-1.32.0
dependabot/github_actions/docker/login-action-3.1.0
dependabot/go_modules/google.golang.org/protobuf-1.33.0
dependabot/go_modules/golang.org/x/net-0.22.0
dependabot/github_actions/hmarr/auto-approve-action-4
dependabot/github_actions/codecov/codecov-action-4
dependabot/docker/dockerfiles/alpine-3.19.1
dependabot/go_modules/github.com/docker/go-connections-0.5.0
refactor-update
main
dependabot/github_actions/actions/setup-go-5
gh-pages
feat/extended-api
feat/opencontainers-labels
feat/registry-client
fix/snakeswap
fix/image-tag-from-hash
feat/api-report
feature/http-overhaul
feat/graph-updates
fix/avoid-rate-limits
feature/urls-from-file
v1.7.0
v1.6.0
v1.5.3
v1.5.2
v1.3.0
v1.1.6
v1.1.5
v0.1.0
CenturyLink
v0.1.1
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.10
v0.3.11
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.2.0
v1.2.1
v1.4.0
v1.5.0
v1.5.1
v1.7.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bab07a7547'
${ noResults }
watchtower/docs/proposals/persistent-token-cache.md

1.3 KiB
Raw Blame History

Proposal: Persistent / Distributed Token Cache

Summary

Introduce an optional pluggable token cache interface for registry auth tokens so deployments can opt for a shared cache (Redis, Memcached, or file-backed) across multiple Watchtower instances.

Motivation

  • In multi-instance deployments, the in-memory token cache avoids redundant token requests only per instance. A shared cache reduces token endpoint load and synchronizes token usage across instances.

Proposal

  • Define a TokenCache interface (Get/Set/Delete) in pkg/registry/auth/cache_interface.go.
  • Keep the existing in-memory cache as the default implementation.
  • Provide example Redis-backed implementation in contrib/redis-token-cache/ (optional).

Migration

  1. Add TokenCache interface and adapter in pkg/registry/auth.
  2. Wire TokenCache into GetBearerHeader to check the cache via the interface.
  3. Add configuration options or environment variable to enable persistent cache and connection details.

Risks

  • Operational complexity for configuration (credentials for Redis, etc.).
  • Need to handle TTL semantics and clock skew.

References

  • Current in-memory cache: pkg/registry/auth/auth.go (tokenCache, getCachedToken, storeToken).