forked from canonical/docker-registry-charm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yaml
279 lines (279 loc) · 9.56 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
options:
auth-basic-password:
type: string
default: ""
description: |
Password for basic (htpasswd) authentication. Set this to something
other than an empty string to configure basic auth for the registry.
auth-basic-user:
type: string
default: "admin"
description: Username for basic (htpasswd) authentication.
auth-token-issuer:
type: string
default: ""
description: The name on the certificate that authentication tokens must me signed by.
auth-token-realm:
type: string
default: ""
description: The location from which clients should fetch authentication tokens.
auth-token-root-certs:
type: string
default: ""
description: The root certificate bundle (base64 encoded) for the authentication tokens.
auth-token-service:
type: string
default: ""
description: The name of the server which authentication tokens will be addressed to.
cache-password:
type: string
default: ""
description: Password for the remote registry when configured as a pull-through cache.
cache-remoteurl:
type: string
default: ""
description: |
Configures the registry as a pull through cache of the registry at the
given url. See https://docs.docker.com/registry/recipes/mirror/ for more
information the limitations of this mode.
cache-username:
type: string
default: ""
description: Username for the remote registry when configured as a pull-through cache.
debug-port:
type: int
default: 5001
description: The external port on which the docker registry debug server listens.
http-host:
type: string
default: ""
description: |
The external URL where the docker registry is hosted. This URL will
be prepended to all locations generated by the docker registry to
ensure that those URLs are reachable by the client. For example
"https://example.com/docker-registry/". Any path component must
include a trailing "/". If this is not configured then the docker
registry will derive its location from the incoming requests.
log-level:
type: string
default: "info"
description: Logging output level ('error', 'warn', 'info', or 'debug').
prometheus-metrics:
type: boolean
default: false
description: Enable/disable prometheus metrics.
registry-image:
type: string
default: "registry:2"
description: Registry image.
registry-name:
type: string
default: "registry"
description: Name of the registry container.
registry-port:
type: int
default: 5000
description: The external port on which the docker registry listens.
registry-http-proxy:
type: string
default:
description: |
The HTTP proxy the registry server should use to access the upstream registry.
registry-https-proxy:
type: string
default:
description: |
The HTTPS proxy the registry server should use to access the upstream registry.
storage-cache:
type: string
default: "inmemory"
description: |
Cache provider for image layer metadata. Valid options are "inmemory" or
"disabled".
storage-delete:
type: boolean
default: false
description: |
Enable/disable the "delete" storage option. False, the default, disables
this option in the registry config file.
storage-redirect-disable:
type: boolean
default: true
description: |
For backends that support it(swift, s3), redirecting is disabled by default.
All data routed through the Registry, rather than redirecting to the backend.
If you want to redirect client requests directly to content storage,
set this option to false.
storage-read-only:
type: boolean
default: false
description: |
Enable/disable the "readonly" storage maintenance option. False, the
default, disables this option in the registry config file.
storage-swift-authurl:
type: string
default: ""
description: The URL of the keystone used to authenticate to swift.
storage-swift-container:
type: string
default: "docker-registry"
description: The name of the swift container that will hold the images.
storage-swift-password:
type: string
default: ""
description: The password to use to access swift.
storage-swift-region:
type: string
default: ""
description: The region containing the swift service.
storage-swift-tenant:
type: string
default: ""
description: The tenant containing the swift service.
storage-swift-username:
type: string
default: ""
description: The username to use to access swift.
storage-swift-domain:
type: string
default: ""
description: OpenStack Identity v3 API domain.
tls-ca-blob:
type: string
default: ""
description: Base64 encoded TLS CA certificate (overwrites tls-cert-path file).
tls-cert-blob:
type: string
default: ""
description: Base64 encoded TLS certificate (overwrites tls-cert-path file).
tls-key-blob:
type: string
default: ""
description: Base64 encoded TLS certificate private key (overwrites tls-key-path file).
tls-ca-path:
type: string
default: "/etc/docker/registry/ca.crt"
description: Path to the TLS CA certificate.
tls-cert-path:
type: string
default: "/etc/docker/registry/registry.crt"
description: Path to the TLS certificate.
tls-key-path:
type: string
default: "/etc/docker/registry/registry.key"
description: Path to the TLS certificate private key.
storage-s3-accesskey:
type: string
default:
description: |
S3 storage access key. More info about S3 storage configuration could be found here:
https://distribution.github.io/distribution/storage-drivers/s3/ .
storage-s3-secretkey:
type: string
default:
description: S3 storage secret key.
storage-s3-region:
type: string
default:
description: The region containing the S3 service.
storage-s3-regionendpoint:
type: string
default:
description: Endpoint for S3 compatible storage services (Minio, etc).
storage-s3-forcepathstyle:
type: boolean
default: false
description: To enable path-style addressing when the value is set to "true".
storage-s3-bucket:
type: string
default:
description: The bucket name in which you want to store the registry’s data.
storage-s3-encrypt:
type: boolean
default: false
description: Specifies whether the registry stores the image in encrypted format or not.
storage-s3-keyid:
type: string
default:
description: |
Optional KMS key ID to use for encryption
(encrypt must be true, or this parameter is ignored).
storage-s3-secure:
type: boolean
default: true
description: Indicates whether to use HTTPS instead of HTTP.
storage-s3-skip-verify:
type: boolean
default: false
description: Skips TLS verification when the value is set to "true".
storage-s3-skip-v4-auth:
type: boolean
default: true
description: Indicates whether the registry uses Version 4 of AWS’s authentication.
storage-s3-chunksize:
type: int
default: 10485760
description: |
The S3 API requires multipart upload chunks to be at least 5MB.
This value should be a number that is larger than 5 * 1024 * 1024.
storage-s3-multipartcopychunksize:
type: int
default: 33554432
description: |
The default chunk size for all but the last Upload Part in the S3 Multipart Upload
operation when copying stored objects.
storage-s3-multipartcopymaxconcurrency:
type: int
default: 100
description: |
The default maximum number of concurrent Upload Part operations in the
S3 Multipart Upload when copying stored objects.
storage-s3-multipartcopythresholdsize:
type: int
default: 33554432
description: |
The default S3 object size above which multipart copy will be used when copying the
object. Otherwise the object is copied with a single S3 API operation.
storage-s3-rootdirectory:
type: string
default:
description: The root directory tree in which all registry files are stored.
storage-s3-storageclass:
type: string
default: "STANDARD"
description: |
The storage class applied to each registry file.
Valid options are STANDARD and REDUCED_REDUNDANCY.
storage-s3-useragent:
type: string
default:
description: The User-Agent header value for S3 API operations.
storage-s3-usedualstack:
type: boolean
default: false
description: |
Use AWS dual-stack API endpoints which support requests to
S3 buckets over IPv6 and IPv4.
storage-s3-accelerate:
type: boolean
default: false
description: |
Enable S3 transfer acceleration for faster transfers of files over
long distances.
storage-s3-objectacl:
type: string
default: "private"
description: |
The canned object ACL to be applied to each registry object.
If you are using a bucket owned by another AWS account, it is recommended that you set this
to "bucket-owner-full-control" so that the bucket owner can access your objects.
Other valid options are available in the AWS S3 documentation:
https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
storage-s3-loglevel:
type: string
default: "off"
description: |
Valid values are: off (default), debug, debugwithsigning, debugwithhttpbody,
debugwithrequestretries, debugwithrequesterrors and debugwitheventstreambody.
See the AWS SDK for Go API reference for details:
https://docs.aws.amazon.com/sdk-for-go/api/aws/#LogLevelType