e507c7e5c4
There are some minor modifications in the content of the files Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: If315582a3213d121712c45f2ed5817899b76ded9
2.0 KiB
2.0 KiB
Set up a Public Repository
There will likely be scenarios where you need to make images publicly available to all users.
The suggested method to do that is to create a keystone tenant/user = 'registry'/'public', which will therefore have access to images in the registry.local:9001/public/ repository. Then share access to those images by sharing the registry/public user's credentials with other users.
Create the keystone tenant/user of registry/public.
~(keystone_admin)]$ openstack project create registry ~(keystone_admin)]$ TENANTNAME="registry" ~(keystone_admin)]$ TENANTID=`openstack project list | grep ${TENANTNAME} | awk '{print $2}'` ~(keystone_admin)]$ USERNAME="public" ~(keystone_admin)]$ USERPASSWORD="${USERNAME}K8*" ~(keystone_admin)]$ openstack user create --password ${USERPASSWORD} --project ${TENANTID} ${USERNAME} ~(keystone_admin)]$ openstack role add --project ${TENANTNAME} --user ${USERNAME} _memberCreate a secret containing the credentials of the public repository in kube-system namespace.
% kubectl create secret docker-registry registry-local-public-key --docker-server=registry.local:9001 --docker-username=public --docker-password=public --docker-email=noreply@windriver.com -n kube-systemShare the credentials of the public repository with other namespaces.
Copy the secret to the other namespace and add it as an ImagePullSecret to the namespace's default serviceAccount.
% kubectl get secret registry-local-public-key -n kube-system -o yaml | grep -v '^\s*namespace:\s' | kubectl apply --namespace=<USERNAMESPACE> -f - % kubectl patch serviceaccount default -p "{\"imagePullSecrets\": [{\"name\": \"registry-local-public-key\"}]}" -n <USERNAMESPACE>