Skip to content

Commit 0e36ec3

Browse files
replicated-ci-kurllaveryanvanthao
authored
Automated Registry version update 3.1.1 (#5987)
* Create new Registry version * Trigger Build --------- Co-authored-by: laverya <2318911+laverya@users.noreply.github.com> Co-authored-by: Gerard Nguyen <gerard@replicated.com>
1 parent 7f5035f commit 0e36ec3

17 files changed

Lines changed: 921 additions & 0 deletions

addons/registry/3.1.1/Manifest

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
image registry registry:3.1.1
2+
image s3cmd kurlsh/s3cmd:20260224-0d00dd0

addons/registry/3.1.1/README.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
2+
[Docker registry](https://github.com/docker/distribution) is an OCI compatible image registry.
3+
This addon deploys it to the `kurl` namespace.
4+
5+
## TLS
6+
7+
TLS is enabled on the registry using a certificate signed by the Kubernetes cluster CA.
8+
The kubeadm bootstrapping process distributes the CA to every node in the cluster at filepath /etc/kubernetes/pki/ca.crt.
9+
The registry addon script copies that file to /etc/docker/certs.d/<service-IP>/ca.crt, telling Docker to trust the registry certificate signed by that CA.
10+
The service IP is from the Service of type ClusterIP that is created along with the Deployment.
11+
12+
## Auth
13+
14+
All access to the registry requires authentication with [basic auth](https://docs.docker.com/registry/deploying/#native-basic-auth).
15+
A new user/password is generated and placed in a secret in the default namespace to be used as an imagePullSecret by Pods.
16+
The user has push/pull access to all repos in the registry.
17+
18+
## Options
19+
20+
By default it is not possible to push to the registry from remote hosts.
21+
Use the `registry-publish-port=<port>` flag to configure the registry to listen on a NodePort.
Lines changed: 112 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,112 @@
1+
---
2+
apiVersion: v1
3+
kind: ConfigMap
4+
metadata:
5+
name: registry-config
6+
labels:
7+
app: registry
8+
data:
9+
config.yml: |-
10+
health:
11+
storagedriver:
12+
enabled: true
13+
interval: 10s
14+
threshold: 3
15+
auth:
16+
htpasswd:
17+
realm: basic-realm
18+
path: /auth/htpasswd
19+
http:
20+
addr: :443
21+
headers:
22+
X-Content-Type-Options:
23+
- nosniff
24+
tls:
25+
certificate: /etc/pki/registry.crt
26+
key: /etc/pki/registry.key
27+
log:
28+
fields:
29+
service: registry
30+
accesslog:
31+
disabled: true
32+
storage:
33+
delete:
34+
enabled: true
35+
filesystem:
36+
rootdirectory: /var/lib/registry
37+
cache:
38+
blobdescriptor: inmemory
39+
maintenance:
40+
uploadpurging:
41+
enabled: false
42+
version: 0.1
43+
---
44+
apiVersion: apps/v1
45+
kind: Deployment
46+
metadata:
47+
name: registry
48+
spec:
49+
selector:
50+
matchLabels:
51+
app: registry
52+
replicas: 1
53+
strategy:
54+
type:
55+
Recreate
56+
template:
57+
metadata:
58+
labels:
59+
app: registry
60+
spec:
61+
terminationGracePeriodSeconds: 30
62+
containers:
63+
- name: registry
64+
image: registry:3.1.1
65+
imagePullPolicy: IfNotPresent
66+
command:
67+
- /bin/registry
68+
- serve
69+
- /etc/docker/registry/config.yml
70+
ports:
71+
- containerPort: 443
72+
protocol: TCP
73+
volumeMounts:
74+
- name: registry-data
75+
mountPath: /var/lib/registry
76+
- name: registry-config
77+
mountPath: /etc/docker/registry
78+
- name: registry-pki
79+
mountPath: /etc/pki
80+
- name: registry-htpasswd
81+
mountPath: /auth
82+
env:
83+
- name: REGISTRY_HTTP_SECRET
84+
valueFrom:
85+
secretKeyRef:
86+
key: haSharedSecret
87+
name: registry-session-secret
88+
- name: OTEL_TRACES_EXPORTER
89+
value: "none"
90+
readinessProbe:
91+
failureThreshold: 3
92+
initialDelaySeconds: 10
93+
periodSeconds: 1
94+
successThreshold: 2
95+
timeoutSeconds: 1
96+
httpGet:
97+
path: /
98+
port: 443
99+
scheme: HTTPS
100+
volumes:
101+
- name: registry-data
102+
persistentVolumeClaim:
103+
claimName: registry-pvc
104+
- name: registry-config
105+
configMap:
106+
name: registry-config
107+
- name: registry-pki
108+
secret:
109+
secretName: registry-pki
110+
- name: registry-htpasswd
111+
secret:
112+
secretName: registry-htpasswd

0 commit comments

Comments
 (0)