Available in editions:  CE, BE, SE, SE+, EE

Description

The module implements the internal container image registry.

The internal registry allows for optimizing the downloading and storage of images, as well as helping to ensure availability and fault tolerance for Deckhouse Kubernetes Platform.

The module can operate in the following modes:

  • Direct — enables the internal container image registry. Access to the internal registry is performed via the fixed address registry.d8-system.svc:5001/system/deckhouse. This fixed address allows Deckhouse images to avoid being re-downloaded and components to avoid being restarted when registry parameters change. Switching between modes and registries is done through the deckhouse ModuleConfig. The switching process is automatic — see the usage examples for more information.
  • Unmanaged — operation without using the internal registry. Access within the cluster is performed via an address that can be set during the cluster installation or changed in a deployed cluster.

Restrictions and features of using the module

The registry module has a number of limitations and features related to installation, operating conditions, and mode switching.

Cluster installation limitations

Bootstrapping a DKP cluster with Direct mode enabled is not supported. The cluster is deployed with settings for Unmanaged mode.

Operating conditions restrictions

The module works under the following conditions:

  • If CRI containerd or containerd v2 is used on the cluster nodes. To configure CRI, refer to the ClusterConfiguration configuration.
  • The cluster is fully managed by DKP. The module will not work in Managed Kubernetes clusters.

Mode switching restrictions

Mode switching restrictions are as follows:

  • Switching to Direct mode is possible if there are no user registry configurations on the nodes. For more details, see the Registry Module: FAQ section.
  • Switching to Unmanaged mode is only available from Direct mode.
  • In Unmanaged mode, changing registry settings is not supported. To change settings, you need to switch to Direct mode, make the necessary changes, and then switch back to Unmanaged mode.

Direct Mode Architecture

In Direct mode, registry requests are processed directly, without intermediate caching.

CRI requests to the registry are redirected based on its configuration, which is defined in the containerd configuration.

For components such as operator-trivy, image-availability-exporter, deckhouse-controller, and others that access the registry directly, requests will go through the in-cluster proxy located on the master nodes.

direct