4dd4fa7463
Acted on Greg's comments Patch 1: Acted on Greg's comments and added the missing files. Patch 2: Solved merge conflicts Signed-off-by: egoncalv <elisamaraaoki.goncalves@windriver.com> Change-Id: I70c5d3b9c3927320f977b62878ee60ab9956fc91
2.1 KiB
2.1 KiB
Set up a Public Repository in Local Docker Registry
There will likely be scenarios where you need to make images publicly available to all users.
The suggested method to do that is to create a keystone tenant/user = 'registry'/'public', which will therefore have access to images in the registry.local:9001/public/ repository. Then share access to those images by sharing the registry/public user's credentials with other users.
Create the keystone tenant/user of registry/public.
~(keystone_admin)]$ openstack project create registry ~(keystone_admin)]$ TENANTNAME="registry" ~(keystone_admin)]$ TENANTID=`openstack project list | grep ${TENANTNAME} | awk '{print $2}'` ~(keystone_admin)]$ USERNAME="public" ~(keystone_admin)]$ USERPASSWORD="${USERNAME}K8*" ~(keystone_admin)]$ openstack user create --password ${USERPASSWORD} --project ${TENANTID} ${USERNAME} ~(keystone_admin)]$ openstack role add --project ${TENANTNAME} --user ${USERNAME} _memberCreate a secret containing the credentials of the public repository in kube-system namespace.
% kubectl create secret docker-registry registry-local-public-key --docker-server=registry.local:9001 --docker-username=public --docker-password=public --docker-email=noreply@windriver.com -n kube-systemShare the credentials of the public repository with other namespaces.
Copy the secret to the other namespace and add it as an ImagePullSecret to the namespace's default serviceAccount.
% kubectl get secret registry-local-public-key -n kube-system -o yaml | grep -v '^\s*namespace:\s' | kubectl apply --namespace=<USERNAMESPACE> -f - % kubectl patch serviceaccount default -p "{\"imagePullSecrets\": [{\"name\": \"registry-local-public-key\"}]}" -n <USERNAMESPACE>