Module payload-registry: usage examples

PVC configuration example

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: payload-registry
spec:
  version: 1
  enabled: true
  settings:
    users: {}
    
    persistence:
      storageClass: network-ssd # Immutable parameter
      size: 10Gi

User configuration example

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: payload-registry
spec:
  version: 1
  enabled: true
  settings:
    users:
      # User: user-catalog
      # Access Level: catalog
      user-catalog:
        # bcrypt hash: `htpasswd -Bnb "user-frontend-push" "password123" | cut -d: -f2`
        passwordHash: "$2y$05$KbQy.oSLGCS.mm0SIkLtIOYu.G1Lcp8iyPMLfK/Id9AO7nJYmdLXa"
        projects: []

      # User: user-frontend-push
      # Access Level: push and pull
      # Access to registries:
      # - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/*
      # Registry examples:
      # - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/image:latest
      # - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/a/b/c/image:latest
      user-frontend-push:
        # bcrypt hash: `htpasswd -Bnb "user-frontend-push" "password123" | cut -d: -f2`
        passwordHash: "$2y$05$KbQy.oSLGCS.mm0SIkLtIOYu.G1Lcp8iyPMLfK/Id9AO7nJYmdLXa"
        projects:
          - name: "project-1"
            subPath: "frontend/*"
            access: FULL

      # User: user-frontend-pull
      # Access Level: pull
      # Access to registries:
      # - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/*
      # Registry examples:
      # - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/image:latest
      # - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/a/b/c/image:latest
      user-frontend-pull:
        # bcrypt hash: `htpasswd -Bnb "user-frontend-pull" "password123" | cut -d: -f2`
        passwordHash: "$2y$05$KbQy.oSLGCS.mm0SIkLtIOYu.G1Lcp8iyPMLfK/Id9AO7nJYmdLXa"
        projects:
          - name: "project-1"
            subPath: "frontend/*"
            access: READ

      # User: user-backend-push
      # Access Level: push and pull
      # Access to registries:
      # - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/*
      # Registry examples:
      # - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/image:latest
      # - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/a/b/c/image:latest
      user-backend-push:
        # bcrypt hash: `htpasswd -Bnb "user-backend-push" "password123" | cut -d: -f2`
        passwordHash: "$2y$05$KbQy.oSLGCS.mm0SIkLtIOYu.G1Lcp8iyPMLfK/Id9AO7nJYmdLXa"
        projects:
          - name: "project-2"
            subPath: "backend/*"
            access: FULL

      # User: user-backend-pull
      # Access Level: pull
      # Access to registries:
      # - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/*
      # Registry examples:
      # - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/image:latest
      # - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/a/b/c/image:latest
      user-backend-pull:
        # bcrypt hash: `htpasswd -Bnb "user-backend-pull" "password123" | cut -d: -f2`
        passwordHash: "$2y$05$KbQy.oSLGCS.mm0SIkLtIOYu.G1Lcp8iyPMLfK/Id9AO7nJYmdLXa"
        projects:
          - name: "project-2"
            subPath: "backend/*"
            access: READ

      # User: user-admin
      # Access Level: push and pull
      # Access to registries:
      # - payload-registry.${PUBLIC_DOMAIN}/project-1/*
      # - payload-registry.${PUBLIC_DOMAIN}/project-2/*
      user-admin:
        # bcrypt hash: `htpasswd -Bnb "user-admin" "password123" | cut -d: -f2`
        passwordHash: "$2y$05$KbQy.oSLGCS.mm0SIkLtIOYu.G1Lcp8iyPMLfK/Id9AO7nJYmdLXa"
        projects:
          - name: "project-1"
            subPath: "*"
            access: FULL
          - name: "project-2"
            subPath: "*"
            access: FULL

      # User: user-ro-admin
      # Access Level: pull
      # Access to registries:
      # - payload-registry.${PUBLIC_DOMAIN}/project-1/*
      # - payload-registry.${PUBLIC_DOMAIN}/project-2/*
      user-ro-admin:
        # bcrypt hash: `htpasswd -Bnb "user-ro-admin" "password123" | cut -d: -f2`
        passwordHash: "$2y$05$KbQy.oSLGCS.mm0SIkLtIOYu.G1Lcp8iyPMLfK/Id9AO7nJYmdLXa"
        projects:
          - name: "project-1"
            subPath: "*"
            access: READ
          - name: "project-2"
            subPath: "*"
            access: READ

GC configuration example

During the GC operation, the registry transitions to “read-only” mode. In this state, push operations are unavailable, while pull operations continue to work.

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: payload-registry
spec:
  version: 1
  enabled: true
  settings:
    users: {}
    
    gc:
      enabled: true
      # Every Monday at 20:00
      # https://crontab.guru/#0_20_*_*_1
      schedule: "0 20 * * 1"

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: payload-registry
spec:
  version: 1
  enabled: true
  settings:
    users: {}
    
    gc:
      enabled: true
      # Every day at 03:05
      # https://crontab.guru/#5_3_*_*_*
      schedule: "5 3 * * *"

Module payload-registry: usage examples

PVC configuration example

User configuration example

GC configuration example

An error has occurred

Tell us what you didn’t like.

Module payload-registry: usage examples

PVC configuration example

User configuration example

GC configuration example

An error has occurred

Tell us what you didn’t like.

Request trial access

Thank you

Error

Request callback

Thank you

Something went wrong

Book your sessions

Thank you

Error

Request demo

Thank you

Error

Get the PCI SSC Compliance Report

Thank you

Error