Commit f074c578 authored by Jason Plum's avatar Jason Plum

Merge branch '1115-upgrade-registry-2.7.1' into 'master'

Upgrade registry to version 2.7.1

Closes #1115

See merge request charts/gitlab!681
parents ea8c1fa3 0955849a
Pipeline #48569487 passed with stages
in 20 minutes and 40 seconds
---
title: Upgrade registry to version 2.7.1
merge_request: 681
author:
type: changed
apiVersion: v1
name: registry
version: 0.1.0
appVersion: 2.6.2
version: 0.2.0
appVersion: 2.7.1
description: Stateless, highly scalable application that stores and lets you
distribute Docker images
details: Container Registry used as part of GitLab deployment.
......
Forked from https://github.com/helm/charts/tree/master/stable/docker-registry
With a few tweaks to make it play nicely with GitLab, including Minio S3
storage and GitLab authentication endpoint.
## Configuration
In addition to the original configuration that are inherited from the upstream,
this chart also introduces some additional configuration. See [additional options](../../doc/charts/registry/index.md#installation-command-line-options)
## Development
For more details, see [development notes](../../doc/development/index.md#verifying-registry)
\ No newline at end of file
......@@ -36,6 +36,7 @@ data:
issuer: {{ .Values.tokenIssuer | quote }}
# This is provided from the initContainer execution, at a known path.
rootcertbundle: /etc/docker/registry/certificate.crt
autoredirect: {{ .Values.authAutoRedirect }}
storage:
{{- if .Values.storage }}
{{- else if .Values.global.minio.enabled }}
......
image:
repository: registry
tag: '2.6.2'
tag: '2.7.1'
pullPolicy: 'IfNotPresent'
pullSecrets: []
service:
......@@ -111,6 +111,10 @@ authEndpoint:
tokenService: 'container_registry'
# This must match your GitLab Rails configuration
tokenIssuer: 'gitlab-issuer'
# Must to be `false` to support Windows clients
# See https://gitlab.com/gitlab-org/omnibus-gitlab/issues/3964
authAutoRedirect: false
# if replicas is >1, shared storage MUST be used.
minReplicas: 2
maxReplicas: 10
......
......@@ -54,19 +54,20 @@ Table below contains all the possible charts configurations that can be supplied
| Parameter | Description | Default |
| --- | --- | --- |
| image.repository | Registry image | registry |
| image.tag | Version of the image to use | 2.6 |
| image.tag | Version of the image to use | 2.7.1 |
| image.pullPolicy | Pull policy for the registry image | |
| image.pullSecrets | Secrets to use for image repository | |
| init.image | initContainer image | busybox |
| init.tag | initContainer image tag | latest |
| enabled | Enable registry flag | true |
| httpSecret | Https secret | |
| authEndpoint | Auth endpoint | Undefined by default |
| authEndpoint | Auth endpoint (only host and port) | global.hosts.gitlab.name |
| authAutoRedirect | Auth auto-redirect (must be true for Windows clients to work) | true |
| tokenService | JWT token service | container_registry |
| tokenIssuer | JWT token issuer | gitlab-issuer |
| certificate.secret | JWT certificate | gitlab-registry |
| replicas | Number of replicas | 1 |
| minio.bucket | Legacy registry bucket name | Undefined by default |
| minio.bucket | Legacy registry bucket name | global.registry.bucket |
| annotations | Pod annotations | |
## Chart configuration examples
......
......@@ -241,8 +241,20 @@ such a way that an upstream may not accept.
There are times in a development where changes in behavior require a functionally breaking change. We try to avoid such changes, but some items can not be handled without such a change.
To handle this, we have implemented the [deprecations template][]. This template is designed to recogonize properties that need to be replaced or relocated, and inform the user of the actions they need to take. This template will compile all messages into a list, and then cause the deployment to stop via a `fail` call. This provides a method to inform the user at the same time as preventing the deployment the chart in a broken or unexpected state.
To handle this, we have implemented the [deprecations template][]. This template is designed to recognize properties that need to be replaced or relocated, and inform the user of the actions they need to take. This template will compile all messages into a list, and then cause the deployment to stop via a `fail` call. This provides a method to inform the user at the same time as preventing the deployment the chart in a broken or unexpected state.
See the documentation of the [deprecations template][] for further information on the design, functionality, and how to add new deprecations.
[deprecations template]: deprecations.md
## Verifying registry
In development mode, verifying Registry with Docker clients can be difficult. This is partly due to issues with certificate of
the registry. You can either [add the certificate](https://docs.docker.com/registry/insecure/#use-self-signed-certificates) or
[expose the registry over HTTP](https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry) (see `global.hosts.registry.https`).
Note that adding the certificate is more secure than the insecure registry solution.
Please keep in mind that Registry uses the external domain name of Minio service (see `global.hosts.minio.name`). You may
encounter an error when using internal domain names, e.g. with custom TLDs for development environment. The common symptom
is that you can login to the Registry but you can't push or pull images. This is generally because the Registry container(s)
can not resolve the Minio domain name and find the correct endpoint (you can see the errors in container logs).
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment