This directory contains a Kubernetes chart to deploy a private Docker Registry.
- PV support on underlying infrastructure (if persistence is required)
This chart will do the following:
- Implement a Docker registry deployment
First, add the repo:
$ helm repo add twuni https://helm.twun.io
To install the chart, use the following:
$ helm install twuni/docker-registry
The following table lists the configurable parameters of the docker-registry chart and their default values.
Parameter | Description | Default |
---|---|---|
image.pullPolicy |
Container pull policy | IfNotPresent |
image.repository |
Container image to use | registry |
image.tag |
Container image tag to deploy | 2.8.1 |
imagePullSecrets |
Specify image pull secrets | nil (does not add image pull secrets to deployed pods) |
persistence.accessMode |
Access mode to use for PVC | ReadWriteOnce |
persistence.enabled |
Whether to use a PVC for the Docker storage | false |
persistence.deleteEnabled |
Enable the deletion of image blobs and manifests by digest | nil |
persistence.size |
Amount of space to claim for PVC | 10Gi |
persistence.storageClass |
Storage Class to use for PVC | - |
persistence.existingClaim |
Name of an existing PVC to use for config | nil |
serviceAccount.create |
Create ServiceAccount | false |
serviceAccount.name |
ServiceAccount name | nil |
serviceAccount.annotations |
Annotations to add to the ServiceAccount | {} |
deployment.annotations |
Annotations to add to the Deployment | {} |
service.port |
TCP port on which the service is exposed | 5000 |
service.type |
service type | ClusterIP |
service.clusterIP |
if service.type is ClusterIP and this is non-empty, sets the cluster IP of the service |
nil |
service.nodePort |
if service.type is NodePort and this is non-empty, sets the node port of the service |
nil |
service.loadBalancerIP |
if service.type is LoadBalancer and this is non-empty, sets the loadBalancerIP of the service |
nil |
service.loadBalancerSourceRanges |
if service.type is LoadBalancer and this is non-empty, sets the loadBalancerSourceRanges of the service |
nil |
service.sessionAffinity |
service session affinity | nil |
service.sessionAffinityConfig |
service session affinity config | nil |
replicaCount |
k8s replicas | 1 |
updateStrategy |
update strategy for deployment | {} |
podAnnotations |
Annotations for pod | {} |
podLabels |
Labels for pod | {} |
podDisruptionBudget |
Pod disruption budget | {} |
resources.limits.cpu |
Container requested CPU | nil |
resources.limits.memory |
Container requested memory | nil |
autoscaling.enabled |
Enable autoscaling using HorizontalPodAutoscaler | false |
autoscaling.minReplicas |
Minimal number of replicas | 1 |
autoscaling.maxReplicas |
Maximal number of replicas | 2 |
autoscaling.targetCPUUtilizationPercentage |
Target average utilization of CPU on Pods | 60 |
autoscaling.targetMemoryUtilizationPercentage |
(Kubernetes ≥1.23) Target average utilization of Memory on Pods | 60 |
autoscaling.behavior |
(Kubernetes ≥1.23) Configurable scaling behavior | {} |
priorityClassName |
priorityClassName | "" |
storage |
Storage system to use | filesystem |
tlsSecretName |
Name of secret for TLS certs | nil |
secrets.htpasswd |
Htpasswd authentication | nil |
secrets.s3.accessKey |
Access Key for S3 configuration | nil |
secrets.s3.secretKey |
Secret Key for S3 configuration | nil |
secrets.s3.secretRef |
The ref for an external secret containing the accessKey and secretKey keys | "" |
secrets.swift.username |
Username for Swift configuration | nil |
secrets.swift.password |
Password for Swift configuration | nil |
secrets.haSharedSecret |
Shared secret for Registry | nil |
configData |
Configuration hash for docker | nil |
s3.region |
S3 region | nil |
s3.regionEndpoint |
S3 region endpoint | nil |
s3.bucket |
S3 bucket name | nil |
s3.rootdirectory |
S3 prefix that is applied to allow you to segment data | nil |
s3.encrypt |
Store images in encrypted format | nil |
s3.secure |
Use HTTPS | nil |
swift.authurl |
Swift authurl | nil |
swift.container |
Swift container | nil |
proxy.enabled |
If true, registry will function as a proxy/mirror | false |
proxy.remoteurl |
Remote registry URL to proxy requests to | https://registry-1.docker.io |
proxy.username |
Remote registry login username | nil |
proxy.password |
Remote registry login password | nil |
proxy.secretRef |
The ref for an external secret containing the proxyUsername and proxyPassword keys | "" |
namespace |
specify a namespace to install the chart to - defaults to .Release.Namespace |
{{ .Release.Namespace }} |
nodeSelector |
node labels for pod assignment | {} |
affinity |
affinity settings | {} |
tolerations |
pod tolerations | [] |
ingress.enabled |
If true, Ingress will be created | false |
ingress.annotations |
Ingress annotations | {} |
ingress.labels |
Ingress labels | {} |
ingress.path |
Ingress service path | / |
ingress.hosts |
Ingress hostnames | [] |
ingress.tls |
Ingress TLS configuration (YAML) | [] |
ingress.className |
Ingress controller class name | nginx |
metrics.enabled |
Enable metrics on Service | false |
metrics.port |
TCP port on which the service metrics is exposed | 5001 |
metrics.serviceMonitor.annotations |
Prometheus Operator ServiceMonitor annotations | {} |
metrics.serviceMonitor.enable |
If true, Prometheus Operator ServiceMonitor will be created | false |
metrics.serviceMonitor.labels |
Prometheus Operator ServiceMonitor labels | {} |
metrics.prometheusRule.annotations |
Prometheus Operator PrometheusRule annotations | {} |
metrics.prometheusRule.enable |
If true, Prometheus Operator prometheusRule will be created | false |
metrics.prometheusRule.labels |
Prometheus Operator prometheusRule labels | {} |
metrics.prometheusRule.rules |
PrometheusRule defining alerting rules for a Prometheus instance | {} |
extraVolumeMounts |
Additional volumeMounts to the registry container | [] |
extraVolumes |
Additional volumes to the pod | [] |
extraEnvVars |
Additional environment variables to the pod | [] |
initContainers |
Init containers to be created in the pod | [] |
garbageCollect.enabled |
If true, will deploy garbage-collector cronjob | false |
garbageCollect.deleteUntagged |
If true, garbage-collector will delete manifests that are not currently referenced via tag | true |
garbageCollect.schedule |
CronTab schedule, please use standard crontab format | 0 1 * * * |
Specify each parameter using the --set key=value[,key=value]
argument to
helm install
.
To generate htpasswd file, run this docker command:
docker run --entrypoint htpasswd registry:2 -Bbn user password > ./htpasswd
.