1585d2ecb5
Moved all Kubernetes admintasks content under a kubernetes directory. This is needed to allow title versioning distinctions in partner builds Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: I38b9b0bc01096f8ef513dad15daff2add2a812a8
2.1 KiB
2.1 KiB
Set up a Public Repository in Local Docker Registry
There will likely be scenarios where you need to make images publicly available to all users.
The suggested method to do that is to create a keystone tenant/user = 'registry'/'public', which will therefore have access to images in the registry.local:9001/public/ repository. Then share access to those images by sharing the registry/public user's credentials with other users.
Create the keystone tenant/user of registry/public.
~(keystone_admin)]$ openstack project create registry ~(keystone_admin)]$ TENANTNAME="registry" ~(keystone_admin)]$ TENANTID=`openstack project list | grep ${TENANTNAME} | awk '{print $2}'` ~(keystone_admin)]$ USERNAME="public" ~(keystone_admin)]$ USERPASSWORD="${USERNAME}K8*" ~(keystone_admin)]$ openstack user create --password ${USERPASSWORD} --project ${TENANTID} ${USERNAME} ~(keystone_admin)]$ openstack role add --project ${TENANTNAME} --user ${USERNAME} _memberCreate a secret containing the credentials of the public repository in kube-system namespace.
% kubectl create secret docker-registry registry-local-public-key --docker-server=registry.local:9001 --docker-username=public --docker-password=public --docker-email=noreply@windriver.com -n kube-systemShare the credentials of the public repository with other namespaces.
Copy the secret to the other namespace and add it as an ImagePullSecret to the namespace's default serviceAccount.
% kubectl get secret registry-local-public-key -n kube-system -o yaml | grep -v '^\s*namespace:\s' | kubectl apply --namespace=<USERNAMESPACE> -f - % kubectl patch serviceaccount default -p "{\"imagePullSecrets\": [{\"name\": \"registry-local-public-key\"}]}" -n <USERNAMESPACE>