Launch a cluster-local registry.

This registry can be accessed through proxies that run on each node listening on port 5000. We send the proxy images to the nodes directly to avoid requests that hit the network during cluster launch. For now, we continue to pull the registry itself over the network, especially given its large size (we should be able to dramatically shrink the image). On GCE we create a PD and use that for storage, otherwise we use an emptyDir. The registry is not enabled outside of GCE. All communication is currently plain HTTP. In order to use SSL, we will need to be able to request a certificate/key from the apiserver signed by the apiserver's CA cert.
2026-01-07 15:51:45 +00:00 · 2015-07-27 11:50:31 -07:00
parent 9b01580946
commit 7129d477d3
20 changed files with 319 additions and 0 deletions
--- a/cluster/saltbase/salt/kube-registry-proxy/init.sls
+++ b/cluster/saltbase/salt/kube-registry-proxy/init.sls
@@ -0,0 +1,8 @@
+/etc/kubernetes/manifests/kube-registry-proxy.yaml:
+  file.managed:
+    - source: salt://kube-registry-proxy/kube-registry-proxy.yaml
+    - user: root
+    - group: root
+    - mode: 644
+    - makedirs: True
+    - dir_mode: 755
--- a/cluster/saltbase/salt/kube-registry-proxy/kube-registry-proxy.yaml
+++ b/cluster/saltbase/salt/kube-registry-proxy/kube-registry-proxy.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kube-registry-proxy
+  namespace: kube-system
+spec:
+  containers:
+  - name: kube-registry-proxy
+    image: uluyol/kube-registry-proxy:0.2.3
+    resources:
+      limits:
+        cpu: 100m
+        memory: 50Mi
+    env:
+    - name: REGISTRY_HOST
+      value: kube-registry.kube-system.svc.cluster.local
+    - name: REGISTRY_PORT
+      value: "5000"
+    - name: FORWARD_PORT
+      value: "5000"
+    ports:
+    - name: registry
+      containerPort: 5000
+      hostPort: 5000