Registry v2: Setting Up and Configuring the Registry
Use this page to configure storage, registry request behavior, service account pull credentials, image limits, and scheduled image cleanup for Registry v2.
TOC
PrerequisitesConfigure Development StorageConfigure PVC StorageConfigure S3-Compatible Storage CredentialsConfigure Managed Service Account Pull SecretsConfigure Image LimitsConfigure Scheduled Image PruningOperate StoragePrerequisites
- Registry v2 is installed, and
Config/clusterexists. - You have permission to update
configs.imageregistry.operator.alauda.io,imagepruners.imageregistry.operator.alauda.io,LimitRange,ResourceQuota, and related Kubernetes resources. - For persistent storage, prepare the storage backend and required credentials before configuring
Config/cluster.
Configure Development Storage
emptyDir stores image data on ephemeral Pod storage. Use it only for development or test environments where all pushed image data can be discarded when the Registry Pod is recreated. Do not use emptyDir for production or for any environment that must retain images.
Patch Config/cluster. The null fields remove mutually exclusive storage backends from the current configuration:
Verify the configuration and rollout:
Expected results:
Config/clusterreportsAvailable=True,Progressing=False, andDegraded=False.- The
image-registryDeployment rolls out successfully.
Configure PVC Storage
Use a persistent backend for production. Create a file named image-registry-pvc.yaml:
Apply the PVC:
Patch Config/cluster to use the PVC. Use a merge patch so that other Config/cluster.spec fields, such as routes or pull-secret settings, are not removed. The null fields remove mutually exclusive storage backends from the current configuration:
Verify the PVC, configuration, and rollout:
Expected results:
- The
image-registryPVC isBound. Config/clusterreportsAvailable=True,Progressing=False, andDegraded=False.- The
image-registryDeployment rolls out successfully.
Configure S3-Compatible Storage Credentials
Create the user-managed storage Secret before configuring Config/cluster. The Operator merges this Secret into the Registry private configuration:
Use disableRedirect: true when clients cannot reach the object storage endpoint directly and all content must be served through the Registry.
Patch Config/cluster. The null fields remove mutually exclusive storage backends from the current configuration:
Verify the configuration and rollout:
Expected results:
Config/clusterreportsAvailable=True,Progressing=False, andDegraded=False.- The Registry logs do not show storage authentication, bucket, endpoint, or certificate errors.
Configure Managed Service Account Pull Secrets
The Operator includes a managed imagePullSecret controller. When Config/cluster is managed, the controller can create, inject, refresh, and remove service account pull secrets for the internal registry.
Patch Config/cluster with additional hosts or ignored namespaces. The array fields in this patch replace the current arrays, so include every host and namespace that must remain configured:
Verify the configuration:
Expected result:
Config/cluster.spec.imagePullSecretcontains the configured management state, additional hosts, and ignored namespace settings.
Configure Image Limits
In Registry v2, image size and tag-count limits are represented with Kubernetes LimitRange and ResourceQuota objects. Do not use the legacy Registry gateway limit ConfigMap for Registry v2 deployments.
Create a file named team-a-image-quota.yaml for namespace-level quota:
Apply the quota:
Create a file named team-a-image-limits.yaml for per-image and per-ImageStream limits:
Apply the limits:
Verify the quota and limits:
Expected results:
- The
ResourceQuotacontains the configured Image API limits. - The
LimitRangecontains the configuredalauda.io/Imageandalauda.io/ImageStreamlimits.
Configure Scheduled Image Pruning
Create or update the singleton ImagePruner/cluster to configure scheduled image pruning. Confirm the retention policy before enabling the schedule because pruning removes unused image metadata.
Create a file named image-pruner.yaml:
Apply the configuration:
Verify the pruner resource and rendered CronJob:
Expected results:
ImagePruner/clustercontains the configured schedule and retention policy.- The Operator renders the
image-prunerCronJob inimage-registry-system.
Pruning removes unused image metadata. Run registry garbage collection separately when blob storage reclamation is required.
For manual pruning and registry garbage collection commands, see Managing access and cleanup.
Operate Storage
For PVC-backed Registry storage:
Common actions:
- If a PVC is pending, check StorageClass, access mode, capacity, quotas, and events.
- If a Registry Pod cannot mount storage, check PV binding, node attachment, and backend storage availability.
- If image metadata exists but blob data is missing, verify whether the Registry used
emptyDiror whether the storage backend was changed. - Do not delete PVCs, PVs, or object storage data until the data retention decision is confirmed.