Skip to content

Commit

Permalink
Document registry storage (#61)
Browse files Browse the repository at this point in the history 
* document how to configure storage

* Apply suggestions from code review

Co-authored-by: Grzegorz Karaluch <[email protected]>

* Apply suggestions from code review

Co-authored-by: Grzegorz Karaluch <[email protected]>

---------

Co-authored-by: Grzegorz Karaluch <[email protected]>
  • Loading branch information
@pPrecel @grego952
pPrecel and grego952 authored Jun 21, 2024
1 parent bb72cce commit 8637a8b
Show file tree
Hide file tree
Showing 2 changed files with 113 additions and 4 deletions.
20 changes: 16 additions & 4 deletions docs/user/resources/06-20-docker-registry-cr.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ The following Docker Registry custom resource (CR) shows configuration of Docker
reason: Installed
status: "True"
type: Installed
storage: filesystem
secretName: dockerregistry-config
served: "True"
state: Ready
Expand All @@ -51,8 +52,18 @@ For details, see the [Docker Registry specification file](https://github.com/kym
**Spec:**
| Parameter | Type | Description |
|-------------------------------------------|---------|-------------|
| Parameter | Type | Description |
|-----------------------------------------|--------|-----------------------------------------------------------------------------------------|
| **storage** | object | Contains configuration of the registry images storage. |
| **storage.azure** | object | Contains configuration of the Azure storage. |
| **storage.azure.secretName** (required) | string | Specifies the name of the Secret that contains data needed to connect to the Azure storage. |
| **storage.s3** | object | Contains configuration of the s3 storage. |
| **storage.s3.bucket** (required) | string | Specifies the name of the s3 bucket. |
| **storage.s3.region** (required) | string | Specifies the region of the s3 bucket. |
| **storage.s3.regionEndpoint** | string | Specifies the endpoint of the s3 region. |
| **storage.s3.encrypt** | string | Specifies if data in the bucket is encrypted. |
| **storage.s3.secure** | string | Specifies if registry uses the TLS communication with the s3. |
| **storage.s3.secretName** | string | Specifies the name of the Secret that contains data needed to connect to the s3 storage. |
**Status:**
Expand All @@ -61,12 +72,13 @@ For details, see the [Docker Registry specification file](https://github.com/kym
| **conditions** | \[\]object | Conditions associated with CustomStatus. |
| **conditions.&#x200b;lastTransitionTime** (required) | string | Specifies the last time the condition transitioned from one status to another. This should be when the underlying condition changes. If that is not known, then using the time when the API field changed is acceptable. |
| **conditions.&#x200b;message** (required) | string | Provides a human-readable message indicating details about the transition. This may be an empty string. |
| **conditions.&#x200b;observedGeneration** | integer | Represents **.metadata.generation** that the condition was set based upon. For instance, if **.metadata.generation** is currently `12`, but the **.status.conditions[x].observedGeneration** is `9`, the condition is out of date with respect to the current state of the instance. |
| **conditions.&#x200b;observedGeneration** | integer | Represents **.metadata.generation** that the condition was set based upon. For instance, if **.metadata.generation** is currently `12`, but the **.status.conditions[x].observedGeneration** is `9`, the condition is out of date with respect to the current state of the instance. |
| **conditions.&#x200b;reason** (required) | string | Contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field and whether the values are considered a guaranteed API. The value should be a camelCase string. This field may not be empty. |
| **conditions.&#x200b;status** (required) | string | Specifies the status of the condition. The value is either `True`, `False`, or `Unknown`. |
| **conditions.&#x200b;type** (required) | string | Specifies the condition type in camelCase or in `foo.example.com/CamelCase`. Many **.conditions.type** values are consistent across resources like `Available`, but because arbitrary conditions can be useful (see **.node.status.conditions**), the ability to deconflict is important. The regex it matches is `(dns1123SubdomainFmt/)?(qualifiedNameFmt)`. |
| **storage** | string | Type of the used registry images storage. |
| **secretName** | string | Name of Secret with data needed to connect to Docker Registry. |
| **served** (required) | string | Signifies if the current Serverless is managed. Value can be one of `True`, or `False`. |
| **served** (required) | string | Signifies if the current Serverless is managed. Value can be one of `True`, or `False`. |
| **state** | string | Signifies the current state of Serverless. Value can be one of `Ready`, `Processing`, `Error`, or `Deleting`. |

<!-- TABLE-END -->
Expand Down
97 changes: 97 additions & 0 deletions docs/user/technical-reference/04-30-storage-configuration.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
# Registry Storage Configuration

The DockerRegistry CR allows you to store images in three ways: filesystem, Azure, and s3. This document describes how to configure DockerRegistry CR to cooperate with all these storage types.

## Filesystem

The filesystem storage is a built-in storage type based on the PersistentVolumeClaim CR, which is part of the Kubernetes functionality. This is a default DockerRegistry CR configuration, and no additional configuration is needed.

All images pushed to this storage are removed when the Docker Registry is uninstalled or the cluster is removed. Stored images can't be shared between clusters.

### Sample CR

```yaml
apiVersion: operator.kyma-project.io/v1alpha1
kind: DockerRegistry
metadata:
name: default
namespace: kyma-system
spec: {}
```
## Azure
The Azure storage can be configured in the DockerRegistry `spec.storage.azure` field. The only thing that is required is the `secretName` field that must contain the name of the Secret with Azure configuration located in the same namespace. The following Secret must have three values inside:

* `container` - contains the name of the storage container
* `accountKey` - contains the key used to authenticate to the Azure Storage
* `accountName` - contains the name used to authenticate to the Azure Storage

The images can be stored centrally and shared between clusters so that different registries can reuse specific layers or whole images. After deleting the cluster or uninstalling the registry module, images will not be removed.

### Sample CR

```yaml
apiVersion: operator.kyma-project.io/v1alpha1
kind: DockerRegistry
metadata:
name: default
namespace: kyma-system
spec:
storage:
azure:
secretName: azure-storage
```

### Sample Secret

```yaml
apiVersion: v1
kind: Secret
metadata:
name: azure-storage
namespace: kyma-system
data:
accountKey: "YWNjb3VudEtleQ=="
accountName: "YWNjb3VudE5hbWU="
container: "Y29udGFpbmVy"
```

## s3

Similarly to Azure, the s3 storage can be configured in the DockerRegistry `spec.storage.s3` field. The only required field is `bucket` which contains the s3 bucket name and `region` which specifies where the bucket is located. This storage type allows you to provide additional optional configuration, which is described in [DockerRegistry CR](../resources/06-20-docker-registry-cr.md). One of the optional configurations is the `secretName` that contains the authentication method to the s3 storage in the following format:

* `accountKey` - contains the key used to authenticate to the s3 storage
* `secretKey` - contains the name used to authenticate to the s3 storage

### Sample CR

```yaml
apiVersion: operator.kyma-project.io/v1alpha1
kind: DockerRegistry
metadata:
name: default
namespace: kyma-system
spec:
storage:
s3:
bucket: "bucketName"
region: "eu-central-1"
regionEndpoint: "s3-eu-central-1.amazonaws.com"
encrypt: false
secure: true
secretName: "s3-storage"
```

### Sample Secret

```yaml
apiVersion: v1
kind: Secret
metadata:
name: s3-storage
namespace: kyma-system
data:
accessKey: "YWNjZXNzS2V5"
secretKey: "c2VjcmV0S2V5"
```

0 comments on commit 8637a8b

Please sign in to comment.