The module lifecycle stage: Preview
PVC configuration example
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: payload-registry
spec:
version: 1
enabled: true
settings:
users: {}
persistence:
storageClass: network-ssd # Immutable parameter
size: 10Gi
User configuration example
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: payload-registry
spec:
version: 1
enabled: true
settings:
users:
# User: user-catalog
# Access Level: catalog
user-catalog:
# bcrypt hash: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects: []
# User: user-frontend-push
# Access Level: push and pull
# Access to registries:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/*
# Registry examples:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/a/b/c/image:latest
user-frontend-push:
# bcrypt hash: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-1"
subPath: "frontend/*"
access: FULL
# User: user-frontend-pull
# Access Level: pull
# Access to registries:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/*
# Registry examples:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/a/b/c/image:latest
user-frontend-pull:
# bcrypt hash: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-1"
subPath: "frontend/*"
access: READ
# User: user-backend-push
# Access Level: push and pull
# Access to registries:
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/*
# Registry examples:
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/a/b/c/image:latest
user-backend-push:
# bcrypt hash: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-2"
subPath: "backend/*"
access: FULL
# User: user-backend-pull
# Access Level: pull
# Access to registries:
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/*
# Registry examples:
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/a/b/c/image:latest
user-backend-pull:
# bcrypt hash: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-2"
subPath: "backend/*"
access: READ
# User: user-admin
# Access Level: push and pull
# Access to registries:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/*
# - payload-registry.${PUBLIC_DOMAIN}/project-2/*
user-admin:
# bcrypt hash: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-1"
subPath: "*"
access: FULL
- name: "project-2"
subPath: "*"
access: FULL
# User: user-ro-admin
# Access Level: pull
# Access to registries:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/*
# - payload-registry.${PUBLIC_DOMAIN}/project-2/*
user-ro-admin:
# bcrypt hash: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-1"
subPath: "*"
access: READ
- name: "project-2"
subPath: "*"
access: READ
GC configuration example
During the GC operation, the registry transitions to “read-only” mode. In this state, push operations are unavailable, while pull operations continue to work.
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: payload-registry
spec:
version: 1
enabled: true
settings:
users: {}
gc:
enabled: true
# Every Monday at 20:00
# https://crontab.guru/#0_20_*_*_1
schedule: "0 20 * * 1"
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: payload-registry
spec:
version: 1
enabled: true
settings:
users: {}
gc:
enabled: true
# Every day at 03:05
# https://crontab.guru/#5_3_*_*_*
schedule: "5 3 * * *"