edsealing
commented
6 years ago ext-packages/edcop-registry/edcop-registry-copy-only.spec : Creates an RPM that puts the docker-registry container onto the system. Currently, the firstboot service loads the registry into docker and starts the container.
Proxy configs have been added to NGINX to provide TLS and forwarding to the registry container.
The CA certificate that is generated to sign the webserver is distributed and trusted to the minions as part of the install.
NOTE: Future TODO is to break-out the nginx into an ingress server.
We have three options:
Create a blank registry in an RPM and deploy as part of the initial build. Once this is done, we would need to build the necessary Tools and push them to the blank registry. BENEFITS: Easier to manage the nginx proxy forwarding and baseline configuration DISADVANTAGES: Tools would need to be built and pushed to the registry every time that you rebuild.
Create a master RPM that deploys a registry with the baseline set of tools already BENEFITS: Fully automated deployment of all tools. DISADVANTAGES: Very large RPM means very large deployment image
Manage an external registry. BENEFITS: Better ability to collaborate quickly on the tools. DISADVANTAGES: Builds would have to have access to the registry to complete.