我使用 gitlab cloudnative helm 图表在 AWS EKS 上使用 NGINX 入口自行托管 gitlab 和由 s3 支持的对象存储。对象存储正常工作,但我无法让注册表对象存储与下面的各种配置一起使用。当涉及到values.yml 时,我看到了两种不同的配置。无论我尝试过哪种配置,我都会收到
blob upload unknown
,其中包含以下错误消息:
{"content_type":"application/json","correlation_id":"41ffa7b8b1e69bcd20d10a962cbce957","duration_ms":1,"host":"self-hosted-redacted.com","level":"info","method":"PATCH","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"10.4.73.112:41348","remote_ip":"10.4.73.112","status":404,"system":"http","time":"2024-09-09T03:43:49.489Z","ttfb_ms":0,"uri":"/v2/repo/repo/elx-tutorial/blobs/uploads/c70be522-6bb7-408b-9478-1eade0e45b18?_state=7ls38sWs9i_lrMjKq5Gs8ydBIJxpYHRGVskCcPq0SRN7Ik5hbWUiOiIwNzJfY3MvMDcyLW1vbm9yZXBvL2VseC10dXRvcmlhbCIsIlVVSUQiOiJjNzBiZTUyMi02YmI3LTQwOGItOTQ3OC0xZWFkZTBlNDViMTgiLCJPZmZzZXQiOjAsIlN0YXJ0ZWRBdCI6IjIwMjQtMDktMDlUMDM6NDM6NDkuMTg5NzMwNDgyWiJ9","user_agent":"docker/26.1.4 go/go1.21.11 git-commit/de5c9cf kernel/6.6.31-linuxkit os/linux arch/arm64 UpstreamClient(Docker-Client/26.1.4 \\(darwin\\))","written_bytes":100}
首先是 Registry 文档,其中显示它是 cloudnative 注册表的子图。
registry:
enabled:
maintenance:
readonly:
enabled: false
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
image:
tag: 'v4.8.0-gitlab'
pullPolicy: IfNotPresent
annotations:
service:
type: ClusterIP
name: registry
httpSecret:
secret:
key:
authEndpoint:
tokenIssuer:
certificate:
secret: gitlab-registry
key: registry-auth.crt
deployment:
terminationGracePeriodSeconds: 30
draintimeout: '0'
hpa:
minReplicas: 2
maxReplicas: 10
cpu:
targetAverageUtilization: 75
behavior:
scaleDown:
stabilizationWindowSeconds: 300
storage:
secret:
key: storage
extraKey:
validation:
disabled: true
manifests:
referencelimit: 0
payloadsizelimit: 0
urls:
allow: []
deny: []
notifications: {}
tolerations: []
affinity: {}
ingress:
enabled: false
tls:
enabled: true
secretName: redis
annotations:
configureCertmanager:
proxyReadTimeout:
proxyBodySize:
proxyBuffering:
networkpolicy:
enabled: false
egress:
enabled: false
rules: []
ingress:
enabled: false
rules: []
serviceAccount:
create: false
automountServiceAccountToken: false
tls:
enabled: false
secretName:
verify: true
caSecretName:
第二个是 cloudnative value.yml 默认图表中的实际内容
[值](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/values.yaml?ref_type=heads)
## https://docs.gitlab.com/charts/charts/globals#configure-registry-settings
registry:
bucket: registry
certificate: {}
# secret:
httpSecret: {}
# secret:
# key:
notificationSecret: {}
# secret:
# key:
tls:
enabled: false
# secretName:
redis:
cache:
password: {}
rateLimiting:
password: {}
# https://docs.docker.com/registry/notifications/#configuration
notifications: {}
# endpoints:
# - name: FooListener
# url: https://foolistener.com/event
# timeout: 500ms
# threshold: 10 # DEPRECATED: use maxretries instead https://gitlab.com/gitlab-org/container-registry/-/issues/1243.
# maxretries: 5
# backoff: 1s
# headers:
# FooBar: ['1', '2']
# Authorization:
# secret: gitlab-registry-authorization-header
# SpecificPassword:
# secret: gitlab-registry-specific-password
# key: password
# events: {}
# Settings utilized by other services referencing registry:
enabled: true
host:
# port: 443
api:
protocol: http
serviceName: registry
port: 5000
tokenIssuer: gitlab-issuer
第三个基本上是#1,但只是存储桶和存储选项[s3驱动程序](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/examples/objectstorage/registry.s3。 yaml)
s3:
bucket: gitlab-registry-storage
accesskey: AWS_ACCESS_KEY
secretkey: AWS_SECRET_KEY
region: us-east-1
# regionendpoint: "https://minio.example.com:9000"
v4auth: true
和
storage:
secret: gitlab-object-storage
key: connection
我的对象存储配置遵循文档,看起来像
provider: AWS
region: region
aws_access_key_id: key
aws_secret_access_key: secret-key
和
object_store:
enabled: true
proxy_download: true
storage_options: {}
# server_side_encryption:
# server_side_encryption_kms_key_id
connection:
secret: gitlab-object-storage
尝试各种配置后,我可以托管注册表,使用 gitlab 身份验证进行 docker 登录,但是当我标记并推送图像时,它似乎是 404。如果有人有好主意,我在 us-gov-west-1 .
所以我的问题是,无论我输入什么配置,cloudnative 图表中的注册表子图表都不起作用。最终,我注释掉了注册表子图表,并将我的配置移至注册表全局图表(位于默认值.yaml 的底部),该图表立即生效。