# 集群镜像 registry 配置
集群镜像在制作时将依赖的镜像缓存在集群镜像之中,通过集群镜像安装集群时将启动包含镜像缓存数据的registry
# 自定义config文件配置集群registry:
Clusterfile:
apiVersion: sealer.aliyun.com/v1alpha1
kind: Cluster
metadata:
name: my-cluster
spec:
image: registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.8
provider: BAREMETAL
...
...
---
apiVersion: sealer.aliyun.com/v1alpha1
kind: Config
metadata:
name: registry_config
spec:
path: etc/registry_config.yml
data: |
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
proxy:
on: true
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
#sealer将会在registry启动前将data中的数据写入到`$rootfs/etc/registry_config.yml`文件,在启动registry时将该文件挂载到registry的config文件`/etc/docker/registry/config.yml`。
#docker run ... -v $rootfs/etc/registry_config.yml:/etc/docker/registry/config.yml registry:2.7.1
sealer apply -f Clusterfile
# 自定义registry域名,端口,用户名及密码:
Clusterfile:
apiVersion: sealer.aliyun.com/v1alpha1
kind: Cluster
metadata:
name: my-cluster
spec:
image: registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.8
provider: BAREMETAL
...
...
---
apiVersion: sealer.aliyun.com/v1alpha1
kind: Config
metadata:
name: registry_passwd
spec:
path: etc/registry.yml
data: |
domain: sea.hub
port: "5000"
username: sealerUser
password: sealerPWD
#sealer将生成该认证的加密密码并写入`$rootfs/etc/registry_htpasswd`文件,在registry启动时将会挂载该文件并设置认证为htpasswd。
#docker run ... \
# -v $rootfs/etc/registry_htpasswd:/htpasswd \
# -e REGISTRY_AUTH=htpasswd \
# -e REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd \
# -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" registry:2.7.1
sealer apply -f Clusterfile