Alauda Container Platform

Install by Using YAML

TOC

Use CasesPrerequisitesInstall Registry Using YAMLProcedureConfiguration ReferenceMandatory FieldsVerificationUpdate Or Uninstall RegistryUpdateUninstall

Use Cases

Use YAML installation for:

  • Advanced users with Kubernetes expertise who prefer a manual approach.
  • Deployments that require externally managed storage, such as NAS, S3-compatible object storage, or Ceph.
  • Environments needing fine-grained control over TLS and ingress.
  • Full YAML customization for advanced configurations.

Prerequisites

  • Install the Registry Cluster Plugin to a target cluster.
  • Access to the target Kubernetes cluster with kubectl configured.
  • Cluster admin permissions to create cluster-scoped resources.
  • Obtain a registered domain, such as registry.example.com. For domain configuration, see Create a Domain.
  • Provide valid NAS storage, such as NFS.
  • Optional: Provide valid S3-compatible storage.

Install Registry Using YAML

Procedure

  1. Create a YAML configuration file named registry-plugin.yaml with the following template:

    apiVersion: cluster.alauda.io/v1alpha1
kind: ClusterPluginInstance
metadata:
  annotations:
    cpaas.io/display-name: image-registry
  labels:
    create-by: cluster-transformer
    manage-delete-by: cluster-transformer
    manage-update-by: cluster-transformer
  name: image-registry
spec:
  config:
    access:
      address: ''
      enabled: false
    fake:
      replicas: 2
    infra:
      enabled: false
    global:
      expose: false
      isIPv6: false
      replicas: 2
      oidc:
        ldapID: ''
      resources:
        limits:
          cpu: 500m
          memory: 512Mi
        requests:
          cpu: 250m
          memory: 256Mi
    ingress:
      enabled: true
      hosts:
        - name: <YOUR-DOMAIN> # [REQUIRED] Customize domain
          tlsCert: <NAMESPACE>/<TLS-SECRET> # [REQUIRED] Namespace/SecretName
      ingressClassName: '<INGRESS-CLASS-NAME>' # [REQUIRED] IngressClassName
      insecure: false
    persistence:
      accessMode: ReadWriteMany
      nodes: ''
      path: <YOUR-HOSTPATH> # [REQUIRED] Local path for LocalVolume
      size: <STORAGE-SIZE> # [REQUIRED] Storage size (e.g., 10Gi)
      storageClass: <STORAGE-CLASS-NAME> # [REQUIRED] StorageClass name
      type: StorageClass
    s3storage:
      bucket: <S3-BUCKET-NAME> # [REQUIRED] S3 bucket name
      enabled: false # Set false for local storage
      env:
        REGISTRY_STORAGE_S3_SKIPVERIFY: false # Set true for self-signed certs
      region: <S3-REGION> # S3 region
      regionEndpoint: <S3-ENDPOINT> # S3 endpoint
      secretName: <S3-CREDENTIALS-SECRET> # S3 credentials Secret
    service:
      nodePort: ''
      type: ClusterIP
  pluginName: image-registry

  2. Customize the following fields according to your environment:

    spec:
  config:
    global:
      oidc:
        ldapID: '<LDAP-ID>' # LDAP ID
    infra:
      enabled: false  # If you want to deploy components to the infra nodes. Default is false means all nodes.
    ingress:
      hosts:
        - name: '<YOUR-DOMAIN>' # e.g., registry.your-company.com
          tlsCert: '<NAMESPACE>/<TLS-SECRET>' # e.g., cpaas-system/tls-secret
      ingressClassName: '<INGRESS-CLASS-NAME>' # e.g., cluster-alb-1
    persistence:
      size: '<STORAGE-SIZE>' # e.g., 10Gi
      storageClass: '<STORAGE-CLASS-NAME>' # e.g., cpaas-system-storage
    s3storage:
      bucket: '<S3-BUCKET-NAME>' # e.g., prod-registry
      region: '<S3-REGION>' # e.g., us-west-1
      regionEndpoint: '<S3-ENDPOINT>' # e.g., https://s3.amazonaws.com
      secretName: '<S3-CREDENTIALS-SECRET>' # Secret containing S3 access credentials
      env:
        REGISTRY_STORAGE_S3_SKIPVERIFY: 'true' # Set "true" for self-signed certs

  3. How to create a secret for S3 credentials:

    kubectl create secret generic <S3-CREDENTIALS-SECRET> \
  --from-literal=access-key-id=<YOUR-S3-ACCESS-KEY-ID> \
  --from-literal=secret-access-key=<YOUR-S3-SECRET-ACCESS-KEY> \
  -n cpaas-system

    Replace <S3-CREDENTIALS-SECRET> with the name of your S3 credentials secret.

  4. Apply the configuration to your cluster:

    kubectl apply -f registry-plugin.yaml

Configuration Reference

Mandatory Fields

ParameterDescriptionExample Value
spec.config.global.oidc.ldapIDLDAP ID for OIDC authenticationldap-test
spec.config.ingress.hosts[0].nameCustom domain for registry accessregistry.yourcompany.com
spec.config.ingress.hosts[0].tlsCertTLS certificate secret reference (namespace/secret-name)cpaas-system/registry-tls
spec.config.ingress.ingressClassNameIngress class name for the registrycluster-alb-1
spec.config.persistence.sizeStorage size for the registry10Gi
spec.config.persistence.storageClassStorageClass name for the registrynfs-storage-sc
spec.config.s3storage.bucketS3 bucket name for image storageprod-image-store
spec.config.s3storage.regionRegion identifier for S3-compatible storageus-west-1
spec.config.s3storage.regionEndpointS3-compatible service endpoint URLhttps://s3.example.com
spec.config.s3storage.secretNameSecret containing S3 credentialss3-access-keys
spec.config.s3storage.env.REGISTRY_STORAGE_S3_SKIPVERIFYSet to true for self-signed certstrue
spec.config.infra.enabledDeploy components to infra nodes or all nodesfalse

Verification

  1. Check plugin: 
    kubectl get clusterplugininstances image-registry -o yaml
  2. Verify registry pods: 
    kubectl get pods -n cpaas-system -l app=image-registry

Update Or Uninstall Registry

Update

Execute the following command on the global cluster and update the values in the resource according to the parameter descriptions provided above to complete the update:

# <CLUSTER-NAME> is the cluster where the plugin is installed
kubectl edit -n cpaas-system \
  $(kubectl get moduleinfo -n cpaas-system -l cpaas.io/cluster-name=<CLUSTER-NAME>,cpaas.io/module-name=image-registry -o name)

Uninstall

Execute the following command on the global cluster:

# <CLUSTER-NAME> is the cluster where the plugin is installed
kubectl get moduleinfo -n cpaas-system -l cpaas.io/cluster-name=<CLUSTER-NAME>,cpaas.io/module-name=image-registry -o name | xargs kubectl delete -n cpaas-system