Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install Local Registry #19

Closed
j0hnL opened this issue Mar 9, 2020 · 17 comments
Closed

Install Local Registry #19

j0hnL opened this issue Mar 9, 2020 · 17 comments
Assignees
@blesson-james
Labels
enhancement New feature or request stale This issue is in danger of being automatically closed
Projects
Future Features

Comments

@j0hnL
Copy link
Collaborator

j0hnL commented Mar 9, 2020

Is your feature request related to a problem? Please describe.
Omnia needs an option to install a local registry

Describe the solution you'd like
a playbook for installing a local registry such as Harbor - https://github.com/goharbor/harbor

Describe alternatives you've considered
local registry - with simple docker container

Additional context
@lwilson lwilson added this to Under Discussion in Future Features Mar 10, 2020
@lwilson
Copy link
Contributor

lwilson commented Mar 10, 2020

@j0hnL, what are the dependencies for harbor? Are we already installing all of the necessary services?

@lwilson lwilson added the enhancement New feature or request label Mar 10, 2020
@lwilson lwilson moved this from Under Discussion to Wishlist in Future Features Mar 11, 2020
@lwilson lwilson moved this from Wishlist to Will Implement in Future Features Apr 3, 2020
@j0hnL j0hnL mentioned this issue Apr 7, 2020
Closed
@lwilson
Copy link
Contributor

lwilson commented Apr 7, 2020

This issue is now dependent on #50

@lwilson lwilson added this to the v0.3 milestone Jun 5, 2020
@lwilson lwilson removed this from the v0.3 milestone Oct 29, 2020
@stale
Copy link

stale bot commented Apr 29, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale This issue is in danger of being automatically closed label Apr 29, 2021
@lwilson
Copy link
Contributor

lwilson commented May 6, 2021

cert-manager now works on our Kubernetes deployments (it is being used by Kubeflow as well as the Intel FPGA device plugin).

Should we explore deploying Harbor again @j0hnL? I think it makes the most sense to offer a datacenter-wide registry for containers, so installing it on the appliance probably makes the most sense. Thoughts @sujit-jadhav?

@stale stale bot removed the stale This issue is in danger of being automatically closed label May 6, 2021
@sujit-jadhav
Copy link
Collaborator

@lwilson we can host the datacenter-wide registry for containers on the appliance. We can also host the complete repository for all the rpm packages, github, epel etc. on appliance so that it eliminates the requirement of having internet access for all nodes in the cluster.

@lwilson
Copy link
Contributor

lwilson commented May 6, 2021

@sujit-jadhav I think that is going to be the right approach for dealing with both the DockerHub bandwidth limits and any air-gapped deployments.

Harbor has a HA deployment with Helm: https://goharbor.io/docs/2.0.0/install-config/harbor-ha-helm/

@lwilson lwilson mentioned this issue Jun 9, 2021
Closed
@stale
Copy link

stale bot commented Jul 5, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale This issue is in danger of being automatically closed label Jul 5, 2021
@lwilson
Copy link
Contributor

lwilson commented Jul 6, 2021

@sujit-jadhav is the plan to deploy local registry in v1.1.0?

@stale stale bot removed the stale This issue is in danger of being automatically closed label Jul 6, 2021
@sujit-jadhav
Copy link
Collaborator

@lwilson, It is not part of v1.1.0 but it will be part of v1.2.0

@j0hnL
Copy link
Collaborator Author

j0hnL commented Jul 14, 2021
edited
Loading

@sujit-jadhav @lwilson as a temporary (insecure) fix we can setup an internal pull through cache using the Docker registry container: https://docs.docker.com/registry/deploying/

This method is insecure and does not use SSL.

Deploy the registry on the control plane, in this example the IP of control plane is 10.1.1.1

This example registry.yml will use memory for storage. Users will need to fill in their docker credentials to avoid pull limits.

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
auth:
  htpasswd:
    realm: basic-realm
    path: /etc/registry
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
proxy:
  remoteurl: https://registry-1.docker.io
  username: <<dockerhub username>>
  password: <<dockerhub password>>

Deploying the registry on port 5000

 docker run -d -p 5000:5000 --restart=always --name registry -v `pwd`/registry.yaml registry:2

Update /etc/docker/daemon.json on all compute resources to point to the insecure local pull through cache registry mirror:

{ 
  "insecure-registries":["10.1.1.1:5000"],
  "registry-mirrors": ["http://10.1.1.1:5000"]
}

Restart docker daemon.

systemctl restart docker

@lwilson
Copy link
Contributor

lwilson commented Jul 14, 2021

Thanks @j0hnL. What would we need to do to add a self-signed certificate? I think if we could avoid having insecure-registries that would be ideal.

Also, If we were to set the mirror IP/port as variables, it would make this a very flexible solution. Is there any reason to consider using Harbor vs this approach?

@j0hnL
Copy link
Collaborator Author

j0hnL commented Jul 14, 2021
edited
Loading

Just a temporary fix for the release branches if folks hit the pull rate limit of Docker Hub. Harbor should be deployed with the devel release.

What would we need to do to add a self-signed certificate?

Looks like Let's Encrypt might be a good option.

@stale
Copy link

stale bot commented Oct 3, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale This issue is in danger of being automatically closed label Oct 3, 2021
@j0hnL
Copy link
Collaborator Author

j0hnL commented Oct 4, 2021

in progress

@stale stale bot removed the stale This issue is in danger of being automatically closed label Oct 4, 2021
@stale
Copy link

stale bot commented Dec 3, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale This issue is in danger of being automatically closed label Dec 3, 2021
@j0hnL
Copy link
Collaborator Author

j0hnL commented Dec 3, 2021

perhaps we can get @sujit-jadhav to give this one some priority

@stale stale bot removed the stale This issue is in danger of being automatically closed label Dec 3, 2021
@stale
Copy link

stale bot commented Feb 3, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale This issue is in danger of being automatically closed label Feb 3, 2022
@stale stale bot closed this as completed Feb 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@blesson-james blesson-james

Labels
enhancement New feature or request stale This issue is in danger of being automatically closed
Projects
No open projects
Future Features
  
Will Implement
Milestone
No milestone
Development

No branches or pull requests
4 participants
@j0hnL @lwilson @blesson-james @sujit-jadhav