Alauda Container Platform

Install Via YAML

TOC

When to Use This Method?

Recommended for:

  • Advanced users with Kubernetes expertise who prefer a manual approach.
  • Production-grade deployments requiring enterprise storage (NAS, AWS S3, Ceph, etc.).
  • Environments needing fine-grained control over TLS, ingress.
  • Full YAML customization for advanced configurations.

Prerequisites

  • Install the Alauda Container Platform Registry cluster plugin to a target cluster.
  • Access to the target Kubernetes cluster with kubectl configured.
  • Cluster admin permissions to create cluster-scoped resources.
  • Obtain a registered domain (e.g., registry.yourcompany.com) Create a Domain
  • Provide valid NAS storage (e.g., NFS, GlusterFS, etc.).
  • (Optional) Provide valid S3 storage (e.g., AWS S3, Ceph, etc.). If no existing S3 storage is available, deploy a MinIO (Built-in S3) instance in the cluster Deploy MinIO.

Installing Alauda Container Platform Registry via YAML

Procedure

  1. Create a YAML configuration file named registry-plugin.yaml with the following template:

    apiVersion: cluster.alauda.io/v1alpha1
kind: ClusterPluginInstance
metadata:
  annotations:
    cpaas.io/display-name: internal-docker-registry
  labels:
    create-by: cluster-transformer
    manage-delete-by: cluster-transformer
    manage-update-by: cluster-transformer
  name: internal-docker-registry
spec:
  config:
    access:
      address: ""
      enabled: false
    fake:
      replicas: 2
    global:
      expose: false
      isIPv6: false
      replicas: 2
      oidc:
        ldapID: ""
      resources:
        limits:
          cpu: 500m
          memory: 512Mi
        requests:
          cpu: 250m
          memory: 256Mi
    ingress:
      enabled: true
      hosts:
        - name: <YOUR-DOMAIN>   # [REQUIRED] Customize domain
          tlsCert: <NAMESPACE>/<TLS-SECRET>  # [REQUIRED] Namespace/SecretName
      ingressClassName: "<INGRESS-CLASS-NAME>"  # [REQUIRED] IngressClassName
      insecure: false
    persistence:
      accessMode: ReadWriteMany
      nodes: ""
      path: <YOUR-HOSTPATH>  # [REQUIRED] Local path for LocalVolume
      size: <STORAGE-SIZE>  # [REQUIRED] Storage size (e.g., 10Gi)
      storageClass: <STORAGE-CLASS-NAME>  # [REQUIRED] StorageClass name
      type: StorageClass
    s3storage:
      bucket: <S3-BUCKET-NAME>             # [REQUIRED] S3 bucket name
      enabled: false                        # Set false for local storage
      env:
        REGISTRY_STORAGE_S3_SKIPVERIFY: false  # Set true for self-signed certs
      region: <S3-REGION>                        # S3 region
      regionEndpoint: <S3-ENDPOINT>  # S3 endpoint
      secretName: <S3-CREDENTIALS-SECRET>             # S3 credentials Secret
    service:
      nodePort: ""
      type: ClusterIP
  pluginName: internal-docker-registry

  2. Customize the following fields according to your environment:

    spec:
  config:
    global:
      oidc:
        ldapID: "<LDAP-ID>"                   # LDAP ID
    ingress:
      hosts:
        - name: "<YOUR-DOMAIN>"                # e.g., registry.your-company.com
          tlsCert: "<NAMESPACE>/<TLS-SECRET>"   # e.g., cpaas-system/tls-secret
      ingressClassName: "<INGRESS-CLASS-NAME>"  # e.g., cluster-alb-1
    persistence:
      size: "<STORAGE-SIZE>"                    # e.g., 10Gi
      storageClass: "<STORAGE-CLASS-NAME>"      # e.g., cpaas-system-storage
    s3storage:
      bucket: "<S3-BUCKET-NAME>"                # e.g., prod-registry
      region: "<S3-REGION>"                    # e.g., us-west-1
      regionEndpoint: "<S3-ENDPOINT>"          # e.g., https://s3.amazonaws.com
      secretName: "<S3-CREDENTIALS-SECRET>"     # Secret containing AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY
      env:
        REGISTRY_STORAGE_S3_SKIPVERIFY: "true"  # Set "true" for self-signed certs

  3. How to create a secret for S3 credentials:

    kubectl create secret generic <S3-CREDENTIALS-SECRET> \
  --from-literal=access-key-id=<YOUR-S3-ACCESS-KEY-ID> \
  --from-literal=secret-access-key=<YOUR-S3-SECRET-ACCESS-KEY> \
  -n cpaas-system

    Replace <S3-CREDENTIALS-SECRET> with the name of your S3 credentials secret.

  4. Apply the configuration to your cluster:

    kubectl apply -f registry-plugin.yaml

Configuration Reference

Mandatory Fields

ParameterDescriptionExample Value
spec.config.global.oidc.ldapIDLDAP ID for OIDC authenticationldap-test
spec.config.ingress.hosts[0].nameCustom domain for registry accessregistry.yourcompany.com
spec.config.ingress.hosts[0].tlsCertTLS certificate secret reference (namespace/secret-name)cpaas-system/registry-tls
spec.config.ingress.ingressClassNameIngress class name for the registrycluster-alb-1
spec.config.persistence.sizeStorage size for the registry10Gi
spec.config.persistence.storageClassStorageClass name for the registrynfs-storage-sc
spec.config.s3storage.bucketS3 bucket name for image storageprod-image-store
spec.config.s3storage.regionAWS region for S3 storageus-west-1
spec.config.s3storage.regionEndpointS3 service endpoint URLhttps://s3.amazonaws.com
spec.config.s3storage.secretNameSecret containing S3 credentialss3-access-keys

Verification

  1. Check plugin: 
    kubectl get clusterplugininstances internal-docker-registry -o yaml
  2. Verify registry pods: 
    kubectl get pods -n cpaas-system -l app=internal-docker-registry

Updating/Uninstalling Alauda Container Platform Registry

Update

Execute the following command on the global cluster and update the values in the resource according to the parameter descriptions provided above to complete the update:

# <CLUSTER-NAME> is the cluster where the plugin is installed
kubectl edit -n cpaas-system \
  $(kubectl get moduleinfo -n cpaas-system -l cpaas.io/cluster-name=<CLUSTER-NAME>,cpaas.io/module-name=internal-docker-registry -o name)

Uninstall

Execute the following command on the global cluster:

# <CLUSTER-NAME> is the cluster where the plugin is installed
kubectl get moduleinfo -n cpaas-system -l cpaas.io/cluster-name=<CLUSTER-NAME>,cpaas.io/module-name=internal-docker-registry -o name | xargs kubectl delete -n cpaas-system

View full docs as PDF