mirror of
https://github.com/twuni/docker-registry.helm.git
synced 2026-02-14 12:49:51 +00:00
b7a3239c0c
Annotations copied from https://github.com/bitnami/charts/blob/main/bitnami/keycloak/README.md?plain=1 ## License Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at <http://www.apache.org/licenses/LICENSE-2.0> Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Docker Registry Helm Chart
This directory contains a Kubernetes chart to deploy a private Docker Registry.
Prerequisites Details
- PV support on underlying infrastructure (if persistence is required)
Chart Details
This chart will do the following:
- Implement a Docker registry deployment
Installing the Chart
First, add the repo:
$ helm repo add twuni https://helm.twun.io
To install the chart, use the following:
$ helm install twuni/docker-registry
Configuration
The following table lists the configurable parameters of the docker-registry chart and their default values.
| Parameter | Description | Default |
|---|---|---|
image.pullPolicy |
Container pull policy | IfNotPresent |
image.repository |
Container image to use | registry |
image.tag |
Container image tag to deploy | 2.8.1 |
imagePullSecrets |
Specify image pull secrets | nil (does not add image pull secrets to deployed pods) |
persistence.accessMode |
Access mode to use for PVC | ReadWriteOnce |
persistence.enabled |
Whether to use a PVC for the Docker storage | false |
persistence.deleteEnabled |
Enable the deletion of image blobs and manifests by digest | nil |
persistence.size |
Amount of space to claim for PVC | 10Gi |
persistence.storageClass |
Storage Class to use for PVC | - |
persistence.existingClaim |
Name of an existing PVC to use for config | nil |
serviceAccount.create |
Create ServiceAccount | false |
serviceAccount.name |
ServiceAccount name | nil |
serviceAccount.annotations |
Annotations to add to the ServiceAccount | {} |
deployment.annotations |
Annotations to add to the Deployment | {} |
service.port |
TCP port on which the service is exposed | 5000 |
service.type |
service type | ClusterIP |
service.clusterIP |
if service.type is ClusterIP and this is non-empty, sets the cluster IP of the service |
nil |
service.nodePort |
if service.type is NodePort and this is non-empty, sets the node port of the service |
nil |
service.loadBalancerIP |
if service.type is LoadBalancer and this is non-empty, sets the loadBalancerIP of the service |
nil |
service.loadBalancerSourceRanges |
if service.type is LoadBalancer and this is non-empty, sets the loadBalancerSourceRanges of the service |
nil |
service.sessionAffinity |
service session affinity | nil |
service.sessionAffinityConfig |
service session affinity config | nil |
replicaCount |
k8s replicas | 1 |
updateStrategy |
update strategy for deployment | {} |
podAnnotations |
Annotations for pod | {} |
podLabels |
Labels for pod | {} |
podDisruptionBudget |
Pod disruption budget | {} |
podSecurityContext.enabled |
Enabled Keycloak pods' Security Context | true |
podSecurityContext.fsGroupChangePolicy |
Set filesystem group change policy | Always |
podSecurityContext.sysctls |
Set kernel settings using the sysctl interface | [] |
podSecurityContext.supplementalGroups |
Set filesystem extra groups | [] |
podSecurityContext.fsGroup |
Set Keycloak pod's Security Context fsGroup | 1001 |
containerSecurityContext.enabled |
Enabled containers' Security Context | true |
containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
containerSecurityContext.runAsUser |
Set containers' Security Context runAsUser | 1001 |
containerSecurityContext.runAsGroup |
Set containers' Security Context runAsGroup | 1001 |
containerSecurityContext.runAsNonRoot |
Set container's Security Context runAsNonRoot | true |
containerSecurityContext.privileged |
Set container's Security Context privileged | false |
containerSecurityContext.readOnlyRootFilesystem |
Set container's Security Context readOnlyRootFilesystem | true |
containerSecurityContext.allowPrivilegeEscalation |
Set container's Security Context allowPrivilegeEscalation | false |
containerSecurityContext.capabilities.drop |
List of capabilities to be dropped | ["ALL"] |
containerSecurityContext.seccompProfile.type |
Set container's Security Context seccomp profile | RuntimeDefault |
resources.limits.cpu |
Container requested CPU | nil |
resources.limits.memory |
Container requested memory | nil |
autoscaling.enabled |
Enable autoscaling using HorizontalPodAutoscaler | false |
autoscaling.minReplicas |
Minimal number of replicas | 1 |
autoscaling.maxReplicas |
Maximal number of replicas | 2 |
autoscaling.targetCPUUtilizationPercentage |
Target average utilization of CPU on Pods | 60 |
autoscaling.targetMemoryUtilizationPercentage |
(Kubernetes ≥1.23) Target average utilization of Memory on Pods | 60 |
autoscaling.behavior |
(Kubernetes ≥1.23) Configurable scaling behavior | {} |
priorityClassName |
priorityClassName | "" |
storage |
Storage system to use | filesystem |
tlsSecretName |
Name of secret for TLS certs | nil |
secrets.htpasswd |
Htpasswd authentication | nil |
secrets.s3.accessKey |
Access Key for S3 configuration | nil |
secrets.s3.secretKey |
Secret Key for S3 configuration | nil |
secrets.s3.secretRef |
The ref for an external secret containing the s3AccessKey and s3SecretKey keys | "" |
secrets.swift.username |
Username for Swift configuration | nil |
secrets.swift.password |
Password for Swift configuration | nil |
secrets.haSharedSecret |
Shared secret for Registry | nil |
configData |
Configuration hash for docker | nil |
s3.region |
S3 region | nil |
s3.regionEndpoint |
S3 region endpoint | nil |
s3.bucket |
S3 bucket name | nil |
s3.rootdirectory |
S3 prefix that is applied to allow you to segment data | nil |
s3.encrypt |
Store images in encrypted format | nil |
s3.secure |
Use HTTPS | nil |
swift.authurl |
Swift authurl | nil |
swift.container |
Swift container | nil |
proxy.enabled |
If true, registry will function as a proxy/mirror | false |
proxy.remoteurl |
Remote registry URL to proxy requests to | https://registry-1.docker.io |
proxy.username |
Remote registry login username | nil |
proxy.password |
Remote registry login password | nil |
proxy.secretRef |
The ref for an external secret containing the proxyUsername and proxyPassword keys | "" |
namespace |
specify a namespace to install the chart to - defaults to .Release.Namespace |
{{ .Release.Namespace }} |
nodeSelector |
node labels for pod assignment | {} |
affinity |
affinity settings | {} |
tolerations |
pod tolerations | [] |
ingress.enabled |
If true, Ingress will be created | false |
ingress.annotations |
Ingress annotations | {} |
ingress.labels |
Ingress labels | {} |
ingress.path |
Ingress service path | / |
ingress.hosts |
Ingress hostnames | [] |
ingress.tls |
Ingress TLS configuration (YAML) | [] |
ingress.className |
Ingress controller class name | nginx |
metrics.enabled |
Enable metrics on Service | false |
metrics.port |
TCP port on which the service metrics is exposed | 5001 |
metrics.serviceMonitor.annotations |
Prometheus Operator ServiceMonitor annotations | {} |
metrics.serviceMonitor.enable |
If true, Prometheus Operator ServiceMonitor will be created | false |
metrics.serviceMonitor.labels |
Prometheus Operator ServiceMonitor labels | {} |
metrics.prometheusRule.annotations |
Prometheus Operator PrometheusRule annotations | {} |
metrics.prometheusRule.enable |
If true, Prometheus Operator prometheusRule will be created | false |
metrics.prometheusRule.labels |
Prometheus Operator prometheusRule labels | {} |
metrics.prometheusRule.rules |
PrometheusRule defining alerting rules for a Prometheus instance | {} |
extraVolumeMounts |
Additional volumeMounts to the registry container | [] |
extraVolumes |
Additional volumes to the pod | [] |
extraEnvVars |
Additional environment variables to the pod | [] |
initContainers |
Init containers to be created in the pod | [] |
garbageCollect.enabled |
If true, will deploy garbage-collector cronjob | false |
garbageCollect.deleteUntagged |
If true, garbage-collector will delete manifests that are not currently referenced via tag | true |
garbageCollect.schedule |
CronTab schedule, please use standard crontab format | 0 1 * * * |
garbageCollect.resources |
garbage-collector requested resources | {} |
Specify each parameter using the --set key=value[,key=value] argument to
helm install.
To generate htpasswd file, run this docker command:
docker run --entrypoint htpasswd registry:2 -Bbn user password > ./htpasswd.