= Contaminate

Contaminate is a caching proxy masquerading as Docker registry. It can modify
Docker images and manifests on the fly, for those who need a little more
mutability in their immutable infrastructure.


== Configuration

Contaminate can be configured with a `contaminate.yml` file, or via specific
environment variables which can override configuration values.

=== YAML Keys

[cols="^1,<.^4,^1,^1"]
|===
.^| Name
.^| Env Variable
.^| Default Value
.^| Notes

| `layers_dir`
| `CT_layers_dir`
| `./layers.d`
| A directory containing the layers to override on images passing through Contaminate.

| `registry`
| `CT_registry`
| https://registry-1.docker.io
| A Registry HTTP V2 compliant URL, reachable by Contaminate.

|===

=== Environment Variables

[cols="^1,<.^4,^1"]
|===
.^| Name
.^| Default Value
.^| Notes


| `RUST_LOG`
| `warn`
| Log level for Contaminate logs to be printed

| `RUST_BACKTRACE`
| `0`
| Print full stack traces when errors occur

|===

== Hacking

Ensure that your local Docker daemon can access your Contaminate instance
without requiring HTTPs:

./etc/sysconfig/docker
[source, sh]
----
DOCKER_OPTS="--insecure-registry=localhost:5000 --insecure-registry=localhost:9090"
----

Running a local Docker registry to contaminate:

[source, sh]
----
docker run --rm -ti -e REGISTRY_HTTP_SECRET=secret -p 5000:5000 registry:2
----

Pull some upstream images and push them into your registry

[source,sh]
----
docker pull alpine:latest
docker tag alpine:latest localhost:5000/library/alpine:latest
docker push localhost:5000/library/alpine:latest
----