►
From YouTube: Dependency Proxy new features in GitLab 13.7
Description
This video covers new features being added to the Dependency Proxy in GitLab 13.7:
- DockerHub rate limit mitigation and offline support
- Support for private groups
- Authentication to protect your group's storage limits
- New predefined environment variables
A
So
let
me
go
ahead
and
get
started
by
sharing
my
screen
here.
Let's
see
all
right,
so
let
me
bump
up
my
size.
So
if
you're
new
to
the
dependency
proxy,
we
have
some
great
documentation.
A
A
A
The
dependency
proxy
will
help
you
mitigate
those
those
rate
limits,
and
so
I
believe
they
rolled
these
out
in
november
of
2020
and
so
just
to
take
a
look
at
docker's
documentation.
They
give
some
tools
to
that.
Allow
you
to
take
a
look
at
what
how
many
different
requests
you've
made.
So
I've
copied
those
over,
and
so,
if
we
run
each
of
those
first,
we
run
a
command
to
fetch
a
token
and
then
the
second.
A
We
use
that
token
to
make
a
head
request
on
what
is
essentially
just
a
a
dummy
image,
which
is
this
repository
rate
limit
preview
image,
and
so
you
can
see
here.
You've
got
a
rate
limit
limit
and
a
rate
limit
remaining,
and
so
the
limit
is
100
pulls
over
21
600
seconds,
which
is
six
hours,
and
you
can
see
for
me
on
my
personal
computer
here.
I
have
99
remaining,
so
I'm
still
in
a
good
spot.
A
so
with
every
single
pull
you
make
of
any
image,
you're
going
to
be
penalized
for
that,
and
so
how
that
works
is
when
you
make
a
poll
for
an
image,
there's
two
different
types
of
files
that
are
requested.
First,
you
request
a
manifest
which
is
kind
of
like
a
table
of
contents,
or
you
know
an
index
for
the
image
itself.
It
says
like
what
is
this
index
made
of
and
then
using
that
manifest?
A
You
request
a
series
of
layers,
so
docker
has
allowed
everyone
to
make
head
requests
for
the
manifest,
and
you
can
see
here
they
say
doc
or
head
requests
are
not
counted,
and
so
the
head
request,
as
you
can
see,
one,
it
returns
the
rate
limits,
but
it
also
for
a
given
image
will
return
a
digest
value,
and
so
this
digest
value
is
unique
for
that
image.
So
we
can
determine
okay
when
we
request
the
manifest.
Is
our
image
the
up
to
date,
one
or
not,
and
so
with
the
dependency
proxy.
A
So,
let's
take
a
look
at
how
that
looks.
So
I
have
my
local
setup
working,
and
so,
if
I
were
to
do
something
like
a
docker
poll
on
this
is
just
my
local
host
here.
Gdk.Test.
A
A
A
Again,
that's
a
little
confusing
somehow
I
must
have
reset
over
a
period
of
time.
Let's
just
try
that
one
more
time
oh
strange
and
try
pulling
one
more
time
make
sure
that
we
have
the
right
numbers
all
right
great,
so
you
can
see
that
it
did
not
change
because
we're
pulling
directly
from
the
cash
not
sure
why
we
received
100
on
that
one
request.
But
so
I
do
have
a
little
trick
to
show.
Well
what
happens?
A
A
Interface
open
with
my
local
database,
and
so
we
could
see
if
I
look
at
the
manifests
that
I
have
in
my
cache-
and
this
is
not
something
you
would
ever
need
to
do.
This
is
purely
just
to
kind
of
give
a
glimpse
of
what's
going
on
here,
you
can
see
I've
saved.
Let
me
make
this
a
little
bit.
Bigger
I've
saved
the
here
see
if
we
can
actually
pull
this
out.
A
A
The
really
nice
thing,
as
I
mentioned
before,
is
that
like,
while
I'm
demoing
this
to
you
and
going
through
these
motions,
you
don't
actually
have
to
change
how
you
use
the
dependency
proxy
at
all
in
order
to
take
advantage
of
this,
if
you're
using
the
dependency
proxy,
this
is
now
just
built
in
it
will
help
you
mitigate
that
docker
rate
limit.
A
Another
thing
I
want
to
talk
about
is
an
update
we
made
in
13.7
to
support
private
groups.
So
previously,
if
you
wanted
to
use
the
dependency
proxy,
you
had
to
use
a
public
group,
and
there
are
a
variety
of
reasons
for
this,
but
now
we
support
private
groups
and
in
order
to
support
private
groups,
you
just
have
to
authenticate
against
the
dependency
proxy
and
when
I
say
authenticate,
I
just
mean
docker
login.
A
A
And
let's
go
ahead
and
pretend
like
we're
going
to
set
up
a
project
here
using
ci
and
the
dependency
proxy,
and
just
so
we
have
this
available,
we'll
open
up
the
docs
there's
an
entire
section
on
authenticating
with
a
dependency
proxy,
and
you
can
see
here
we're
going
to
either
use
a
docker
login,
which
we
can
do
straight
through
your
ci
scripts
or
if
you
want
to
be
able
to
use,
for
example,
the
images
that
are
specified
sort
of
at
the
top
level
of
your
scripts,
the
base
level
images,
then
you
can
add
an
environmental
or
sorry
an
environment
variable
to
hold
your
credentials
to
log
in.
A
A
This
is
the
url
that
you're
going
to
pull
images
through
for
any
project
within
that
group.
So
we
can
copy
that,
and
you
can
see
here-
I've
already
pulled
in
21
blobs
of
images
which
is
equating
to
700
megabytes,
roughly
and
so
from
here.
What
I'd
like
to
do
is,
let's
see
what
happens
if
I
try
to
pull
an
image
through?
A
So
I'm
receiving
a
403
error,
so
I
need
to
log
in
so.
If
I
go
ahead
and
log
in
to
gitlab.com
it'll,
ask
me
for
a
username
and
password.
This
can
be
your
username
and
password.
It
can
be
a
personal
access
token.
A
variety
of
credentials
will
work
here.
So
I'm
going
to
go
ahead
and
use
a
personal
access
token,
which
I
have
somewhere
around
here.
A
Okay
and
now,
if
I
go
ahead
and
try
to
pull
that
same
image
there,
we
go
when
we
have
a
poll.
So
let's
see
how
this
works
with
ci,
so
in
ci.
A
We
have
this
example
here
showing
how
you
might
log
in
within
the
actual
script
and
depending
on
the
complexity
or
what
you're
trying
to
do
with
your
script.
Maybe
this
works
for
you
if
you're
logging
into
multiple
registries,
but
maybe
it
doesn't,
if
you
just
want
to
be
able
to
do
something
simple
like
let's
say
we
wanted
to
do
image.
A
A
A
We
have
a
script
and
in
the
script
we'll
just
say
it
works,
because
we
just
want
to
make
sure
that
we're
pulling
this
image
to
begin
with
from
the
dependency
proxy.
So
right
now,
if
I
were
to
commit
this
and
run
a
pipeline,
it's
going
to
pull
this
from
docker
hub.
So
in
order
to
pull
it
from
the
dependency
proxy,
we
need
the
url
prefix
that
our
group
gives
us.
So
we
need
this
prefix
here.
A
Now
we
have
a
few
handy,
predefined
environment
variables
that
you
can
use
so
for
any
project.
A
And
so
for
that
I
just
need
to
oops,
add
the
prefix
and
then
the
last
thing
I
need
to
do
before
this
will
work
is
because
I'm
not
logging
in
inside
of
this
ci
file.
A
I
need
to
make
use
of
the
docker
auth,
config,
environment
variable,
and
so
what
you'll
end
up
doing
is
taking
whatever
your
credentials
you're
using
and
you
will
come
into
a
terminal
and
you'll
base
64
the
combination
of
them.
So
if
my
username
is
foo
and
my
password
is
bar,
then
this
is
the
value
that
I'm
going
to
use,
and
so
what
I
would
end
up
doing
is
taking
this
block
coming
over
to
our
project
and
going
to
the
ci
cd
settings
which
I'll
just
open
in
the
new
tag
tab
here.
A
A
It's
from
my
group
that
url
that
we
pulled
for
the
dependency
proxy
and
then
the
alpine
latest
image,
so
we're
not
pulling
it
from
docker
hub
we're
pulling
it
from
the
dependency
proxy
here
and
now
that
it's
within
that
dependency
proxy
cache
anytime.
We
run
this
job
in
the
future.
A
It
will
continue
to
use
that
cached
image
until
the
latest
tag
is
outdated,
at
which
point
it
will
pull
the
newest
version
of
that
image,
and
so
you
might
wonder,
okay
well,
let's
say
I'm
using
the
node
latest
version
and
over
the
course
of
time,
latest
updates-
and
we
have
all
of
these
old
images
stacked
into
our
cache.
A
And
maybe
this
number
is
getting
very
high
and
we
think
maybe
a
lot
of
it
is
is
just
stale
images
that
are
no
longer
needed
well,
for
that
we
can
go
back
to
the
docs
and
at
the
very
bottom
or
towards
the
bottom.
We
have
a
clearing
the
dependency
proxy
cache,
which
is
right
now
is
currently
supported
through
the
api.
A
A
A
This
is
returning
the
id
of
a
job.
That's
going
to
be
performed
so
clearing
the
cache
can
be
a
heavy
operation
depending
on
how
large
the
cache
is.
So
it
queues
up
as
a
background
job
and
on
gitlab.com,
I'm
guessing
mine.
It
might
not
have
even
run
yet.
No,
it's
still
still
getting
to
it,
but
you
know
you'll
know
that
it's
successful
by
doing
that,
and
we
only
allow
you
to
initially
run
this
once
per
hour,
because
it
is
a
heavy
job
that
could
be.
A
You
know
you
could
be
deleting
multiple
gigabytes
of
data
here,
so
we
want
to
make
sure
that
it
runs.
If
I,
if
I
were
to
try
to
run
it
again,
it'll
it'll
just
throw
back
saying
I
have
to
wait
an
hour
before
I
can
run
it
again,
but
just
know
that
it's
running
in
the
background,
I
think
that's
it
for
the
new
features
for
the
dependency
proxy.
A
The
other
one
note
to
mention
is
that
in
13
points
or
13
version,
13
6,
the
dependency
proxy
was
moved
to
core,
so
it's
available
for
all
tiers
to
be
able
to
use
for
free
and
then
in
13.7.
As
I
mentioned,
we
included
the
ability
to
mitigate
that
rate,
limiting
that
docker
hub
introduced
all
right
thanks
for
watching.