Parameters

The parent key for all of the following parameters is registry_cache.

namespace

type

string

default

syn-registry-cache

The namespace in which to deploy this component.

Example

namespace: example-namespace

fqdn

type

string

default

dockerhub.vshn.net

FQDN under which the registry will be served

expose_type

type

string

default

ingress

possible values

ingress or route

Whether to use an Ingress or Route object to expose the registry.

imagePullSecretName

type

string

default

~

The name of an image pull secret to use, if not null. The secret is configured for both the Registry and the Redis deployments.

We currently don’t support generating an image pull secret from the component, as we don’t have a way to generate the required contents from Vault secrets. Instead, we provide this parameter so that users can tell the component to configure the deployment with an externally-managed image pull secret.

redis.enabled

type

bool

default

true

Whether or not to deploy and use redis as a Blob descriptor cache

redis.memory

type

bytes

default

1G

Max amount of memory Redis may consume.

registry.config.storage.s3.bucket, registry.config.storage.s3.regionendpoint

type

strings

mandatory

yes

S3 configuration for the image store

Example

s3:
  bucket: example-harbor-instance-data
  endpoint: https://s3.example.com/

registry.config.storage.s3.accesskey, registry.config.storage.s3.secretkey

type

strings

default

Vault reference

S3 credentials for storing image blobs.

http_secret

type

string

default

Vault reference

HTTP Session secret. Must be set but is only used internally.

Vault secrets

# Adjust to your environment
key="clusters/kv/${TENANT_ID}/${CLUSTER_ID}/registry-cache"

# Query for existing secrets first
vault kv get "${key}"

# If there are existing secrets, add your instance secrets:
vault kv patch "${key}" \
  http_secret=$(pwgen 32 1) \
  proxy_username=DOCKER_HUB_USERNAME \
  proxy_password=DOCKER_HUB_PASSWORD \
  s3_accesskey=S3_ACCESS_KEY \
  s3_secretkey=S3_SECRET_KEY

# If there is no pre-existing secret, create new:
vault kv put "${key}" \
  http_secret=$(pwgen 32 1) \
  proxy_username=DOCKER_HUB_USERNAME \
  proxy_password=DOCKER_HUB_PASSWORD \
  s3_accesskey=S3_ACCESS_KEY \
  s3_secretkey=S3_SECRET_KEY