Parameters

The parent key for all of the following parameters is registry_cache.

namespace

type

string
default

syn-registry-cache

The namespace in which to deploy this component.

fqdn

type

string
default

dockerhub.vshn.net

FQDN under which the registry will be served

expose_type

type

string
default

ingress
possible values

ingress or route

Whether to use an Ingress or Route object to expose the registry.

htpasswd

type

string
default

null

The content of the htpasswd file, used to secure the registry-cache.

imagePullSecretName

type

string
default

registry-pull-secret

The name of an image pull secret to use, if not null. The secret is configured for both the Registry and the Redis deployments.

imagePullSecret

type

dict
default 
imagePullSecret:
  type: 'kubernetes.io/dockerconfigjson'
  stringData:
    .dockerconfigjson: '?{vaultkv:${cluster:tenant}/${cluster:name}/registry-cache/image_pull_secret}'

The image pull secret for pulling from docker.io.

This creates a secret of type kubernetes.io/dockerconfigjson.

stringData:
  .dockerconfigjson: |
    {
      "auths": {
        "docker.io": { xxx }
      }
    }

redis

Configuration of the Redis component.

redis.enabled

type

bool
default

true

Whether or not to deploy and use redis as a Blob descriptor cache.

redis.resources

type: dict default: See class/defaults.yml

Configure resource requests and limits for Redis component.

Memory limit must be specified in the redis resources limits, as Redis is used as a LRU cache.

redis.config

type: dict default: See class/defaults.yml

Redis configuration.

registry

Configuration of the Registry component.

registry.replicas

type: integer default:: 2

Configures how many replicas of the Registry component to deploy.

registry.config.storage.s3.bucket, registry.config.storage.s3.regionendpoint

type

strings
mandatory

yes
example 
s3:
  bucket: example-harbor-instance-data
  endpoint: https://s3.example.com/

S3 configuration for the image store

registry.config.storage.s3.accesskey, registry.config.storage.s3.secretkey

type

strings
default

Vault reference

S3 credentials for storing image blobs.

http_secret

type

string
default

Vault reference

HTTP Session secret. Must be set but is only used internally.

rules

type

dict
default

{}
example 
rules:
  generic-rules:
    "alert:RegistryHighRequestDuration":
      expr: |
        registry_http_request_duration_seconds_sum > 0.1
      labels:
        severity: warning

This parameter allows users to configure Prometheus rules to deploy for the registry-cache.

Each key-value pair in the dictionary is transformed into a PrometheusRule object by the component.

The component expects that values are dicts themselves and expects that keys in those dicts are prefixed with record: or alert: to indicate whether the rule is a recording or alerting rule. The component will transform the keys into fields in the resulting rule by taking the prefix as the field name and the rest of the key as the field value. For example, key "record:sum:some:metric:5m" would be transformed into record: sum:some:metric:5m which should define a recording rule with name sum:some:metric:5m. This field is then merged into the provided value which should be a valid rule definition.

See the Prometheus docs for supported configurations for recording and alerting rules.

Vault secrets

# Adjust to your environment
key="clusters/kv/${TENANT_ID}/${CLUSTER_ID}/registry-cache"

# Query for existing secrets first
vault kv get "${key}"

# If there are existing secrets, add your instance secrets:
vault kv patch "${key}" \
  http_secret=$(pwgen 32 1) \
  proxy_username=DOCKER_HUB_USERNAME \
  proxy_password=DOCKER_HUB_PASSWORD \
  s3_accesskey=S3_ACCESS_KEY \
  s3_secretkey=S3_SECRET_KEY

# If there is no pre-existing secret, create new:
vault kv put "${key}" \
  http_secret=$(pwgen 32 1) \
  proxy_username=DOCKER_HUB_USERNAME \
  proxy_password=DOCKER_HUB_PASSWORD \
  s3_accesskey=S3_ACCESS_KEY \
  s3_secretkey=S3_SECRET_KEY