Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add GCS support #231

Merged
merged 1 commit into from
Oct 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions docs/high-availability.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ The registry supports various storage solutions, some of which enable high avail
| PVC (RWX) | Yes | `registry.persistence.enabled=true`, `registry.persistence.accessModes='ReadWriteMany'` |
| MinIO | Yes | `minio.enabled=true` |
| S3-compatible | Yes | `registry.persistence.s3=...` |
| GCS | Yes | `registry.persistence.gcs=...` |

HA-compatible backends uses a deployment whereas other backends relies on a statefulset.

Expand Down Expand Up @@ -73,6 +74,27 @@ kubectl create secret generic secret-name \

If you want to use MinIO and self-host MinIO on your Kubernetes cluster, the kuik Helm chart can help with that! Check the next section for details.

## GCS

Google Cloud Storage can also be used as a storage backend for the registry. Here is an example of values to use GCS:

```yaml
registry:
persistence:
gcsExistingSecret: secret-name
gcs:
bucket: registry
```

Please refer to the [Docker registry documentation](https://distribution.github.io/distribution/about/configuration/) for more details.

Note that you will need to create a Secret holding the associated service account secret:

```
kubectl create secret generic secret-name \
--from-literal=credentials.json=${GCS_KEY}
```

## MinIO

The kuik Helm chart has an optional dependency on the [bitnami MinIO chart](https://artifacthub.io/packages/helm/bitnami/minio). The subchart can be enabled by setting `minio.enabled` to `true`, and it can be configured by passing values under the `minio.*` path; for instance, with the following values YAML:
Expand Down
2 changes: 1 addition & 1 deletion helm/kube-image-keeper/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -110,5 +110,5 @@ Create the name of the service account to use
{{- end }}

{{- define "kube-image-keeper.registry-stateless-mode" -}}
{{- ternary "true" "false" (or .Values.minio.enabled (not (empty .Values.registry.persistence.s3))) }}
{{- ternary "true" "false" (or .Values.minio.enabled (not (empty .Values.registry.persistence.s3)) (not (empty .Values.registry.persistence.gcs))) }}
{{- end }}
26 changes: 26 additions & 0 deletions helm/kube-image-keeper/templates/registry-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,16 @@ spec:
key: secret
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
{{- if (not (empty .Values.registry.persistence.s3))}}
- name: REGISTRY_STORAGE
value: s3
{{- end}}
{{- if (not (empty .Values.registry.persistence.gcs))}}
- name: REGISTRY_STORAGE
value: gcs
- name: REGISTRY_STORAGE_GCS_KEYFILE
paullaffitte marked this conversation as resolved.
Show resolved Hide resolved
value: "/etc/registry/keys/credentials.json"
{{- end}}
{{- if .Values.registry.serviceMonitor.create }}
- name: REGISTRY_HTTP_DEBUG_ADDR
value: 0.0.0.0:5001
Expand All @@ -70,11 +78,16 @@ spec:
- name: {{ printf "%s_%s" "REGISTRY_STORAGE_S3" ($k | upper) }}
value: {{ $v | quote }}
{{- end }}
{{- range $k, $v := omit .Values.registry.persistence.gcs }}
- name: {{ printf "%s_%s" "REGISTRY_STORAGE_GCS" ($k | upper) }}
value: {{ $v | quote }}
{{- end }}
{{- if .Values.registry.persistence.disableS3Redirections }}
- name: REGISTRY_STORAGE_REDIRECT_DISABLE
value: "true"
{{- end }}
{{- end }}
{{- if (not (empty .Values.registry.persistence.s3ExistingSecret)) }}
{{ $s3KeysSecretName := .Values.registry.persistence.s3ExistingSecret | default "kube-image-keeper-s3-registry-keys" }}
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
Expand All @@ -86,10 +99,17 @@ spec:
secretKeyRef:
name: {{ $s3KeysSecretName }}
key: secretKey
{{- end }}
{{- range .Values.registry.env }}
- name: {{ .name }}
value: {{ .value | quote }}
{{- end }}
{{- if .Values.registry.persistence.gcsExistingSecret }}
volumeMounts:
- name: gcs-key
mountPath: /etc/registry/keys
readOnly: true
{{- end }}
{{- with .Values.registry.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
Expand All @@ -98,6 +118,12 @@ spec:
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.registry.persistence.gcsExistingSecret }}
volumes:
- name: gcs-key
secret:
secretName: {{ . }}
{{- end }}
{{- with .Values.registry.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
6 changes: 5 additions & 1 deletion helm/kube-image-keeper/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ registry:
# -- Registry image pull policy
pullPolicy: IfNotPresent
# -- Registry image tag
tag: "2.8"
tag: "2.8.3"
# -- Number of replicas for the registry pod
replicas: 1
persistence:
Expand All @@ -225,6 +225,10 @@ registry:
s3ExistingSecret: ""
# -- Disable blobs redirection to S3 bucket (useful if your S3 instance is not accessible from kubelet)
disableS3Redirections: false
# -- GCS configuration (see https://github.com/distribution/distribution/blob/main/docs/content/storage-drivers/gcs.md)
gcs: {}
# use service account secret in JSON format
gcsExistingSecret: ""
garbageCollection:
# -- Garbage collector cron schedule. Use standard crontab format.
schedule: "0 0 * * 0"
Expand Down