c12s-kubespray/roles/kubernetes-apps/registry/templates/gcs/README.md

2.4 KiB

Kube-Registry with GCS storage backend

Besides local file system, docker registry also supports a number of cloud storage backends. Full list of supported backend can be found here. This document describes how to enable GCS for kube-registry as storage backend.

A few preparation steps are needed.

  1. Create a bucket named kube-registry in GCS.
  2. Create a service account for GCS access and create key file in json format. Detail instruction can be found here.

Pack Keyfile into a Secret

Assuming you have downloaded the keyfile as keyfile.json. Create secret with the keyfile.json...

$ kubectl --namespace=kube-system create secret generic gcs-key-secret --from-file=keyfile=keyfile.json

Run Registry

apiVersion: v1
kind: ReplicationController
metadata:
  name: kube-registry-v0
  namespace: kube-system
  labels:
    k8s-app: kube-registry
    version: v0
#    kubernetes.io/cluster-service: "true"
spec:
  replicas: 1
  selector:
    k8s-app: kube-registry
    version: v0
  template:
    metadata:
      labels:
        k8s-app: kube-registry
        version: v0
#        kubernetes.io/cluster-service: "true"
    spec:
      containers:
      - name: registry
        image: registry:2
        resources:
          # keep request = limit to keep this container in guaranteed class
          limits:
            cpu: 100m
            memory: 100Mi
          requests:
            cpu: 100m
            memory: 100Mi
        env:
        - name: REGISTRY_HTTP_ADDR
          value: :5000
        - name: REGISTRY_STORAGE
          value: gcs
        - name: REGISTRY_STORAGE_GCS_BUCKET
          value: kube-registry
        - name: REGISTRY_STORAGE_GCS_KEYFILE
          value: /gcs/keyfile
        ports:
        - containerPort: 5000
          name: registry
          protocol: TCP
        volumeMounts:
        - name: gcs-key
          mountPath: /gcs
      volumes:
      - name: gcs-key
        secret:
          secretName: gcs-key-secret

No changes are needed for other components (kube-registry service and proxy).

Analytics