Alauda Container Platform

Install Via YAML

TOC

When to Use This Method?

Recommended for:

  • Advanced users with Kubernetes expertise who prefer a manual approach.
  • Production-grade deployments requiring enterprise storage (NAS, AWS S3, Ceph, etc.).
  • Environments needing fine-grained control over TLS, ingress.
  • Full YAML customization for advanced configurations.

Prerequisites

  • Install the Alauda Container Platform Registry cluster plugin to a target cluster.
  • Access to the target Kubernetes cluster with kubectl configured.
  • Cluster admin permissions to create cluster-scoped resources.
  • Obtain a registered domain (e.g., registry.yourcompany.com) Create a Domain
  • Provide valid NAS storage (e.g., NFS, GlusterFS, etc.).
  • (Optional) Provide valid S3 storage (e.g., AWS S3, Ceph, etc.). If no existing S3 storage is available, deploy a MinIO (Built-in S3) instance in the cluster Deploy MinIO.

Installing Alauda Container Platform Registry via YAML

Procedure

  1. Create a YAML configuration file named registry-plugin.yaml with the following template:

    apiVersion: cluster.alauda.io/v1alpha1
kind: ClusterPluginInstance
metadata:
  annotations:
    cpaas.io/display-name: internal-docker-registry
  labels:
    create-by: cluster-transformer
    manage-delete-by: cluster-transformer
    manage-update-by: cluster-transformer
  name: internal-docker-registry
spec:
  config:
    access:
      address: ""
      enabled: false
    fake:
      replicas: 2
    global:
      expose: false
      isIPv6: false
      replicas: 2
      resources:
        limits:
          cpu: 500m
          memory: 512Mi
        requests:
          cpu: 250m
          memory: 256Mi
    ingress:
      enabled: true
      hosts:
        - name: <YOUR-DOMAIN>   # [REQUIRED] Customize domain
          tlsCert: <NAMESPACE>/<TLS-SECRET>  # [REQUIRED] Namespace/SecretName
      ingressClassName: "<INGRESS-CLASS-NAME>"  # [REQUIRED] IngressClassName
      insecure: false
    persistence:
      accessMode: ReadWriteMany
      nodes: ""
      path: <YOUR-HOSTPATH>  # [REQUIRED] Local path for LocalVolume
      size: <STORAGE-SIZE>  # [REQUIRED] Storage size (e.g., 10Gi)
      storageClass: <STORAGE-CLASS-NAME>  # [REQUIRED] StorageClass name
      type: StorageClass
    s3storage:
      bucket: <S3-BUCKET-NAME>             # [REQUIRED] S3 bucket name
      enabled: false                        # Set false for local storage
      env:
        REGISTRY_STORAGE_S3_SKIPVERIFY: false  # Set true for self-signed certs
      region: <S3-REGION>                        # S3 region
      regionEndpoint: <S3-ENDPOINT>  # S3 endpoint
      secretName: <S3-CREDENTIALS-SECRET>             # S3 credentials Secret
    service:
      nodePort: ""
      type: ClusterIP
  pluginName: internal-docker-registry

  2. Customize the following fields according to your environment:

    spec:
  config:
    ingress:
      hosts:
        - name: "<YOUR-DOMAIN>"                # e.g., registry.your-company.com
          tlsCert: "<NAMESPACE>/<TLS-SECRET>"   # e.g., cpaas-system/tls-secret
      ingressClassName: "<INGRESS-CLASS-NAME>"  # e.g., cluster-alb-1
    persistence:
      size: "<STORAGE-SIZE>"                    # e.g., 10Gi
      storageClass: "<STORAGE-CLASS-NAME>"      # e.g., cpaas-system-storage
    s3storage:
      bucket: "<S3-BUCKET-NAME>"                # e.g., prod-registry
      region: "<S3-REGION>"                    # e.g., us-west-1
      regionEndpoint: "<S3-ENDPOINT>"          # e.g., https://s3.amazonaws.com
      secretName: "<S3-CREDENTIALS-SECRET>"     # Secret containing AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY
      env:
        REGISTRY_STORAGE_S3_SKIPVERIFY: "true"  # Set "true" for self-signed certs

  3. How to create a secret for S3 credentials:

    kubectl create secret generic <S3-CREDENTIALS-SECRET> \
  --from-literal=access-key-id=<YOUR-S3-ACCESS-KEY-ID> \
  --from-literal=secret-access-key=<YOUR-S3-SECRET-ACCESS-KEY> \
  -n cpaas-system

    Replace <S3-CREDENTIALS-SECRET> with the name of your S3 credentials secret.

  4. Apply the configuration to your cluster:

    kubectl apply -f registry-plugin.yaml

Configuration Reference

Mandatory Fields

ParameterDescriptionExample Value
spec.config.ingress.hosts[0].nameCustom domain for registry accessregistry.yourcompany.com
spec.config.ingress.hosts[0].tlsCertTLS certificate secret reference (namespace/secret-name)cpaas-system/registry-tls
spec.config.ingress.ingressClassNameIngress class name for the registrycluster-alb-1
spec.config.persistence.sizeStorage size for the registry10Gi
spec.config.persistence.storageClassStorageClass name for the registrynfs-storage-sc
spec.config.s3storage.bucketS3 bucket name for image storageprod-image-store
spec.config.s3storage.regionAWS region for S3 storageus-west-1
spec.config.s3storage.regionEndpointS3 service endpoint URLhttps://s3.amazonaws.com
spec.config.s3storage.secretNameSecret containing S3 credentialss3-access-keys

Verification

  1. Check plugin:

    kubectl get clusterplugininstances internal-docker-registry -o yaml

  2. Verify registry pods:

    kubectl get pods -n cpaas-system -l app=internal-docker-registry

Updating/Uninstalling Alauda Container Platform Registry

Update

Execute the following command on the global cluster::

# <CLUSTER-NAME> is the cluster where the plugin is installed
kubectl edit -n cpaas-system \
  $(kubectl get moduleinfo -n cpaas-system -l cpaas.io/cluster-name=<CLUSTER-NAME>,cpaas.io/module-name=internal-docker-registry -o name)

Uninstall

Execute the following command on the global cluster:

# <CLUSTER-NAME> is the cluster where the plugin is installed
kubectl get moduleinfo -n cpaas-system -l cpaas.io/cluster-name=<CLUSTER-NAME>,cpaas.io/module-name=internal-docker-registry -o name | xargs kubectl delete -n cpaas-system