Registry: using upstream container
Add/Clean Registry sub-chart
This uses the upstream registry:2.6.2
container, and configures it for inter-communication with a deployed GitLab container.
Currently:
-
Deployment
with a defaultreplicas
count of 1. - Contains a dedicated
Ingress
that can be enabled/disabled/configured separately from the top-level chart - Can be entirely disabled via
.Values.enabled
(registry.enabled: false
in parent) -
No defaults for Registry's
storage:
values, because they could collide with conflicting values when the YAML is merged. This must be configured by the user.
Requirements:
- external
Secret
for Registry'sauth.token.rootcertbundle
(registry['rootcertbundle'] = "/var/opt/gitlab/registry/gitlab-registry.crt"
in Omnibus) - If using TLS, secret containing valid SSL certificate for configured hostname.
- If using
replicas:
value greater than one, shared storage should be used (S3, shared PVC, et al).
I have tested this to be able to authenticate against my external GitLab Omnibus VM. While I could not get Minikube to allow communication for the GitLab instance to access the registry (thanks VirtualBox), I was able to confirm JWT authentication to function and be able to push/pull to verify ACLs (scopes) were functioning.
Edited by Jason Plum