The Kubernetes-native platform (v2).
The Package manager for Kubernetes.
The Kubernetes-native Service Broker.
Deis Workflow's builder component relies on registry for storing the application docker images.
Deis Workflow ships with a registry component by default, which provides an in-cluster Docker registry backed by the platform-configured object storage. Operators might want to use an off-cluster registry for performance or security reasons.
Every component that relies on registry uses two inputs for configuration:
The Helm chart for Deis Workflow can be easily configured to connect Workflow components to off-cluster registry. Deis Workflow supports external registries which provide either short-lived tokens which are valid only for a specified amount of time or long-lived tokens (basic username/password) which are valid forever for authenticating to them. For those registries which provide short lived tokens for authentication, Deis Workflow will generate and refresh them such that the deployed apps will only have access to the short-lived tokens and not to the actual credentials for the registries.
When using a private registry the docker images are no longer pulled by Deis Workflow Controller but rather is managed by Kubernetes. This will increase security and overall speed, however the
port information can no longer be discovered. Instead the
port information can be set via
deis config:set PORT=<port> prior to deploying the application.
Deis Workflow currently supports
1. Google Container Registry(gcr).
2. EC2 Container Registry(ecr).
3. off-cluster: Any provider which supports long-lived username/password authentication, such as Azure Container Registry, Docker Hub, quay.io, or a self-hosted Docker registry.
helm inspect values deis/workflow | sed -n '1!p' > values.yaml
registry_locationparameter to reference the registry location you are using:
You are now ready to
helm install deis/workflow --namespace deis -f values.yaml using your desired registry.