Hello Guys I thought that project very interesting.
I'm looking for openshift integration too. Thank you 2016-08-16 10:59 GMT-03:00 v <vekt...@gmx.net>: > Hello Jonathan, > > thank you for you input, it is highly valued. > > I have to admit that I did not know of Atomic Registry - looks like a very > promising project. I am looking forward to seeing Atomic Registry being > integrated into OpenShift. :) > > We're using one-registry-per-project because this allows us sell to > customers things like "100 GiB of Registry Storage". Each project registry > gets its own PersistentVolume via NFS and the NFS storage consists of a > thinly provisioned Logical Volume limited to 100 GiB at max. > > I haven't found out how to do something similar like that (i.e. selling > 100 GiB of registry storage to a customer and making sure he can't use more > than 100 GiB) using the integrated docker registry. Will check out whether > this is possible with Atomic Registry. > > Regards > v > > > > Am 2016-08-14 um 00:41 schrieb Jonathan Yu: > > Hi there, > > I'm not an expert regarding the registry by any means, but since nobody > else has replied, I just wanted to share some thoughts. > > On Wed, Aug 3, 2016 at 5:59 AM, v <vekt...@gmx.net> wrote: > >> Hello, >> >> we would like to deploy our first multi-tenant OpenShift Cluster and we'd >> like to have all customers as separated as possible. For this reason we >> would like to give each customer his/her own docker registry and registry >> storage. >> > > OpenShift is designed for multi-tenancy, including the networking stack > (that's why we have OpenShift SDN) and the registry (the registry itself is > shared, but our registry has integrated security for the multi-tenant use > case). It's worth noting that the code in OpenShift Origin eventually > becomes the code that we run on our multi-tenant public cloud, OpenShift > Online. > > There is some ongoing work to integrate our Atomic Registry into OpenShift > as this would provide better management capabilities: > https://trello.com/c/0hsX6B4G/210-enterprise-image-registry- > atomic-registry > > That said, configuring individual registries would indeed give the best > isolation, though at the cost of (potentially significant) administrative > overhead, as you will need to monitor/manage many registries instead of > just one. On the other hand, the advantage is that downtime of the > registry would only affect individual tenants, so it really depends on your > use case. > > >> We thought we'd create a registry-pod in every project. Should we just >> use the official docker registry image from the docker hub or should we use >> openshift/origin-docker-registry? >> > > I'm biased, since I work for Red Hat, but I'd suggest trying the Atomic > Registry as it comes with sophisticated security controls and a management > interface. Just a personal preference - I like graphical interfaces versus > doing stuff on the command line. > > If you do go the route of having individual registries for each project, > you'll need to tell projects where to push images: > https://docs.openshift.org/latest/dev_guide/builds.html#build-output > > I think this also means that our built-in tools for managing registries > will be unusable: https://docs.openshift.org/ > latest/admin_guide/monitoring_images.html > > >> What is the "best practice" concerning the handling of docker registries >> in multi-tenant clusters? >> > > I'd suggest just sticking to what we ship (a multi-tenant-aware registry) > and using that, as it's well-tested and fairly flexible: > https://docs.openshift.org/latest/install_config/install/ > docker_registry.html#advanced-overriding-the-registry-configuration > > -- > Jonathan Yu, P.Eng. / Software Engineer, OpenShift by Red Hat / Twitter > (@jawnsy) is the quickest way to my heart <https://twitter.com/jawnsy> > > *“A master in the art of living draws no sharp distinction between his > work and his play; his labor and his leisure; his mind and his body; his > education and his recreation. He hardly knows which is which. He simply > pursues his vision of excellence through whatever he is doing, and leaves > others to determine whether he is working or playing. To himself, he always > appears to be doing both.”* — L. P. Jacks, Education through Recreation > (1932), p. 1 > > > _______________________________________________ > users mailing > listusers@lists.openshift.redhat.comhttp://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
