Available in editions:  CE, BE, SE, SE+, EE

The module lifecycle stagePreview

To configure connection parameters to the container registry and manage the container registry operating mode, use the registry section of the deckhouse module configuration.

The parameters of the registry module itself are specified in ModuleConfig registry.

The module is enabled by default in the Default bundle. The module is disabled by default in the following bundles: Managed, Minimal.

How to explicitly enable the module...

You may explicitly enable or disable the module in one of the following ways:

  • Via Deckhouse web UI. In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the registry module and enable (or disable) the “Module enabled” toggle. Save changes.

    Example:

    Module enable/disable interface

  • Via Deckhouse CLI (d8).

    Use the d8 system module enable command for enabling, or d8 system module disable command for disabling the module (you need Deckhouse CLI (d8), configured to work with the cluster).

    Example of enabling the module:

    d8 system module enable registry

  • Using ModuleConfig registry.

    Set spec.enabled to true or false in ModuleConfig registry (create it if necessary);

    Example of a manifest to enable module registry:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: registry
spec:
  enabled: true

How to configure the module...

You can configure the module in one of the following ways:

  • Via Deckhouse web UI.

    In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the registry module and enable the “Advanced Settings” switch. Fill in the required fields in the “Configuration” tab or specify the module settings in YAML format on the “YAML” tab, excluding the settings section. Save the changes.

    Example:

    Module Setup Interface

    You can also edit the ModuleConfig object registry on the “YAML” tab in the module settings window (“System” → “System Management” → “Deckhouse” → “Modules”, open the module registry) by specifying the schema version in the spec.version parameter and the necessary module parameters in the spec.settings section.

  • Via Deckhouse CLI (d8) (requires Deckhouse CLI (d8) configured to work with the cluster).

    Edit the existing ModuleConfig registry (for more details on configuring Deckhouse, see the documentation) by executing the following command:

    d8 k edit mc registry

    Make the necessary changes in the spec.settings section. If necessary, specify the schema version in the spec.version parameter. Save the changes.

    You can also create a file with manifest for ModuleConfig registry using the example below. Fill in the spec.settings section with the required module parameters. If necessary, specify the schema version in the spec.version parameter.

    Apply the manifest using the following command (indicate the manifest file name):

    d8 k apply -f <FILENAME>

    Example of a manifest for ModuleConfig registry:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: registry
spec:
  version: 1
  enabled: true
  settings: # Module parameters from the "Parameters" section below.

Parameters

Schema version: 1

  • settings
    object
    • settings.https
      object

      What certificate type to use.

      This parameter completely overrides the global.modules.https settings.

      Examples:

      https:
  mode: Disabled

      https:
  mode: OnlyInURI

      https:
  mode: CustomCertificate
  customCertificate:
    secretName: foobar

      https:
  mode: CertManager
  certManager:
    clusterIssuerName: letsencrypt
      • settings.https.certManager
        object

        Parameters for certmanager.

        • settings.https.certManager.clusterIssuerName
          string

          What ClusterIssuer to use for getting an SSL certificate (currently, letsencrypt, letsencrypt-staging, selfsigned are available; also, you can define your own).

          Default: letsencrypt

          Example:

          clusterIssuerName: letsencrypt
      • settings.https.customCertificate
        object

        Parameters for custom certificate usage.

        • settings.https.customCertificate.secretName
          string

          The name of the secret in the d8-system namespace to use with the registry ingress.

          This secret must have the kubernetes.io/tls format.

      • settings.https.mode
        string

        The HTTPS usage mode:

        • CertManager: The registry ingress is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter.
        • CustomCertificate: The registry ingress is accessed over HTTPS using a certificate from the d8-system namespace.
        • Disabled: In this mode, the registry ingress can only be accessed over HTTP.
        • OnlyInURI: The registry ingress will work over HTTP (thinking that there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). Load balancer should provide a redirect from HTTP to HTTPS.

        Default: CertManager

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

    • settings.ingressClass
      string

      The class of the Ingress controller used for the registry.

      Optional. By default, the modules.ingressClass global value is used.

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

    • settings.whitelistSourceRanges
      array of strings

      A list of CIDR-formatted addresses allowed to connect to the registry. If not specified, connections from any address are allowed.

      Example:

      whitelistSourceRanges:
- 10.0.0.0/10
- 192.168.0.0/16
      • Element of the array
        string

        Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))?$