rancher / rancher

Complete container management platform
http://rancher.com
Apache License 2.0
23.53k stars 2.98k forks source link

RFE: Downstream cluster level registry - Extend to all components deployed in Rancher #29723

Open deniseschannon opened 4 years ago

deniseschannon commented 4 years ago

Currently, Rancher supports a Global registry setting and a RKE cluster registry for RKE clusters.

Global registry is a global setting with no credentials.

The RKE cluster registry is only available for RKE clusters and only intended to pull RKE system images using the private registry and with authentication.

We have already extended the RKE provisioning to use this cluster registry for custom RKE clusters https://github.com/rancher/rancher/issues/20029 and are planning to extend it for RKE node driver provisioned clusters https://github.com/rancher/rancher/issues/26366

But with 2.5, there are other components that are now deployed automatically during cluster provisioning that are not going to use this private registry.

List of additional components: Busybox shell pause

Option 1: Extending RKE cluster private registry to start deploying the extra components with the registry.

Option 2: Extending cluster private registry to all cluster types so that any apps deployed from the helm chart automatically picks up from this private registry. Note: Issues that could arise is how do you know which registry you want to use for different charts if it's cluster leve.

deniseschannon commented 3 years ago

We want to moev forward with a cluster level registry that applies to anything that Rancher deploys within a cluster.

kinarashah commented 3 years ago

@deniseschannon Currently private registries are for RKE clusters, so now we'd want this for all clusters + for everything deployed for that cluster should use that registry? Does this also include the helm stuff the original comment mentions?

deniseschannon commented 3 years ago

Yes, it'd be for everything including helm charts

philomory commented 3 years ago

Just to add an extra voice here, our team is interested in using a private, cluster-wide registry specifically for our internally-developed applications. That is, we're not looking to replace docker.io or any other public registry with out own mirror, we just want a way to manage registries.yaml (we're using k3os) to add auth config for an extra, private registry.

Basically, I just want to point out that it'd be nice to be able to manage additional private registries centrally via Rancher, even if you're not actually intending to deploy everything from a private registry. Per-cluster would be ok, though being able to do it globally would be even better.