Стадия жизненного цикла модуля: Preview
Пример конфигурации PVC
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: payload-registry
spec:
version: 1
enabled: true
settings:
users: {}
persistence:
storageClass: network-ssd # Неизменяемый параметр
size: 10Gi
Пример конфигурации пользователей
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: payload-registry
spec:
version: 1
enabled: true
settings:
users:
# Пользователь: user-catalog
# Уровень доступа: catalog
user-catalog:
# bcrypt хеш: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects: []
# Пользователь: user-frontend-push
# Уровень доступа: push и pull
# Доступ к реестрам:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/*/*:tag
# Примеры:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/firstapp/image:latest
user-frontend-push:
# bcrypt хеш: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-1"
subPath: "frontend/*"
access: FULL
- name: "project-1"
subPath: "frontend/*/*"
access: FULL
# Пользователь: user-frontend-pull
# Уровень доступа: pull
# Доступ к реестрам:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/*/*:tag
# Примеры:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/firstapp/image:latest
user-frontend-pull:
# bcrypt хеш: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-1"
subPath: "frontend/*"
access: READ
- name: "project-1"
subPath: "frontend/*/*"
access: READ
# Пользователь: user-backend-push
# Уровень доступа: push и pull
# Доступ к реестрам:
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/*/*:tag
# Примеры:
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/firstapp/image:latest
user-backend-push:
# bcrypt хеш: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-2"
subPath: "backend/*"
access: FULL
- name: "project-2"
subPath: "backend/*/*"
access: FULL
# Пользователь: user-backend-pull
# Уровень доступа: pull
# Доступ к реестрам:
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/*/*:tag
# Примеры:
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/firstapp/image:latest
user-backend-pull:
# bcrypt хеш: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-2"
subPath: "backend/*"
access: READ
- name: "project-2"
subPath: "backend/*/*"
access: READ
# Пользователь: user-admin
# Уровень доступа: push и pull
# Доступ к реестрам:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-1/*/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-2/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-2/*/*:tag
# Примеры:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/firstapp/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/firstapp/image:latest
user-admin:
# bcrypt хеш: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-1"
subPath: "*"
access: FULL
- name: "project-1"
subPath: "*/*"
access: FULL
- name: "project-2"
subPath: "*"
access: FULL
- name: "project-2"
subPath: "*/*"
access: FULL
# Пользователь: user-ro-admin
# Уровень доступа: pull
# Доступ к реестрам:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-1/*/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-2/*:tag
# - payload-registry.${PUBLIC_DOMAIN}/project-2/*/*:tag
# Примеры:
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-1/frontend/firstapp/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/image:latest
# - payload-registry.${PUBLIC_DOMAIN}/project-2/backend/firstapp/image:latest
user-ro-admin:
# bcrypt хеш: `echo -n 'password123' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo`
passwordHash: "$2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2"
projects:
- name: "project-1"
subPath: "*"
access: READ
- name: "project-1"
subPath: "*/*"
access: READ
- name: "project-2"
subPath: "*"
access: READ
- name: "project-2"
subPath: "*/*"
access: READ
Пример конфигурации GC
При выполнении операции GC registry переводится в режим «только для чтения». В этом режиме операции push недоступны, операции pull продолжают работать.
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: payload-registry
spec:
version: 1
enabled: true
settings:
users: {}
gc:
enabled: true
# Каждый понедельник в 20:00
# https://crontab.guru/#0_20_*_*_1
schedule: "0 20 * * 1"
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: payload-registry
spec:
version: 1
enabled: true
settings:
users: {}
gc:
enabled: true
# Каждый день в 03:05
# https://crontab.guru/#5_3_*_*_*
schedule: "5 3 * * *"