Conversation
![kodiak-appscode[bot]](https://avatars.githubusercontent.com/in/92481?s=60&v=4){kind=small}
Add an optional CNCF Distribution (registry:2) pull-through cache to the platform-api chart, gated behind regproxy.enabled (default false). When enabled it proxies the upstream registry (ghcr.io by default) so that ghcr.io/appscode-charts images can be served from within the cluster. Because the ace umbrella chart embeds platform-api as a subchart, the cache is reachable from ace via platform-api.regproxy.* values. Routing node/client pulls to the cache (e.g. via containerd registry mirror configuration) is left to the cluster operator. Signed-off-by: Tamal Saha <tamal@appscode.com>
tamalsaha
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds an optional in-cluster pull-through Docker registry cache to
charts/platform-api, gated behindregproxy.enabled(defaultfalse). When enabled it runs CNCF Distribution (registry:2) configured as a pull-through cache for the upstream registry (https://ghcr.ioby default), soghcr.io/appscode-charts(and any other ghcr.io) images can be served transparently from within the cluster.Because the
aceumbrella chart embedsplatform-apias a subchart, the cache is reachable fromaceviaplatform-api.regproxy.*values.Routing node/client pulls to the cache (e.g. via containerd registry mirror configuration) is left to the cluster operator — this PR only deploys the cache and its Service.
Changes
apis/installer/v1alpha1/ace_platform_api.go): newregproxyfield onPlatformApiSpec, backed byRegproxy/RegproxyPersistencetypes (image,remoteURL, optionalusername/password, replicas, service, persistence, securityContext, scheduling).charts/platform-api/templates/regproxy/):configmap.yaml— registryconfig.yml(proxy.remoteurl, filesystem storage, health checks)secret.yaml— upstream credentials, rendered only whenusernameis setdeployment.yaml— registry container; config/data/tmp volumes;/v2/liveness+readiness; auth env injected only when credentials are set; OpenShift-aware securityContextservice.yaml— ClusterIP onservice.port→ container port 5000pvc.yaml— created only whenpersistence.enabled(otherwise an emptyDir is used)_helpers.tpl):regproxy.registry, resolvingghcr.io/appscode/registryvia the chart'sregistryFQDN+regproxy.image.registry(consistent with the other image helpers).regproxy:block with documented defaults.ghcr.io/appscode/registry:2.8.3so the image is mirrored on release.make gen— regeneratedzz_generated.deepcopy.go, the platform-apivalues.openapiv3_schema.yaml/README.md, and theacevalues.openapiv3_schema.yaml(which now carries the inheritedplatform-api.regproxyblock).Verification
go build ./...cleanhelm templaterenders all five manifests correctly across enabled / anonymous / persistence-disabled paths, and renders nothing when disabledNotes
ghcr.io/appscode/registry:2.8.3assumes the release pipeline mirrors upstreamregistry:2.8.3(imagelist entry added to drive that). Overrideregproxy.image.*if needed.registry:2config layout (/etc/docker/registry/config.yml). Switching to Distribution v3 would require a different config path/schema.