WIP: WKS Airgapped Registry user story #144
Conversation
|
I think I might still add one more section, unless there's a way to provide all this info a bit more concisely... the one gotcha/detail that's still missing is that, while you can give the registry a Service endpoint in the cluster, ...that service discovery which makes addressing the registry by name possible, won't be available until after the cluster is bootstrapped (so the registry IP really has to go into the cluster.yaml and setup.js, can't unfortunately be abstracted behind a service). |
|
Re: "Addressing registry by name from within the Kubernetes cluster" This selectorless-service trick doesn't actually work, for basically the same reason it doesn't work at bootstrap time. The Docker daemon is outside of the cluster, does not allow discovery with kube-dns. (And that's a shame, unless I can somehow arrange for an externally provided DNS record to point at the registry IP, I'm stuck hardcoding the Registry IP into manifests.) The workaround (or maybe just, the answer) is to go ahead and put a (stable, insecure) registry running somewhere on the private network, then I can refer to it by its DNS name and port. (I've done that for now, but the document still reflects the strategy that doesn't work...) |
kingdonb
changed the title
|
This PR is stale, I have rebased it to be in sync with master I did not check it for currency, not sure if it would still be relevant today. (I needed to refer to this doc for another reason.) |
kingdonb
force-pushed
the
wks-airgapped-registry-docs
branch
from
90f98c6
to
4d1f2ae
Compare
This is some documentation that I wrote in response to my own issue #140
I've written somewhat past what I tested and tried out for myself, the first two sections describe what I needed to get my application started on WKS with a private registry and Footloose
The section called "Addressing registry by name from within the Kubernetes cluster" describes something I haven't actually tried yet, but foresee will also be needed. Using an External Service Endpoint (aka Service with no pod selectors) to address the docker registry container.
It should work... I wanted to get all of this written down before anything else!