Alauda Container Platform

Registry v2: ACP Image Registry Overview

Registry v2 is the Operator-managed, OCP-style Registry for ACP clusters. It is deployed and reconciled by cluster-image-registry-operator, and provides an internal integrated registry for application images, ImageStream metadata, namespace-based access control, automatic ServiceAccount pull credentials, and pruning and garbage collection.

TOC

Integrated ACP Image RegistryWhat Changed from the Legacy RegistryCommon TermsAutomatic Image PruningCompatibility Notes

Integrated ACP Image Registry

The Registry runs as a standard cluster workload in image-registry-system. The data plane is served by the image-registry Deployment, while image metadata is served through the aggregated image.alauda.io/v1 Image API.

Image data and image metadata are stored separately:

Data typeStorage location
Image blobs and manifestsThe storage backend configured in Config/cluster.spec.storage, such as PVC, S3-compatible storage, emptyDir, or another supported backend.
Image metadataACP Image API resources such as Image, ImageStream, ImageStreamTag, ImageStreamImage, and ImageSignature.

The Registry integrates with ACP authentication and Kubernetes authorization. Namespace RoleBindings control who can pull, push, delete, list, or prune image content.

What Changed from the Legacy Registry

AreaLegacy RegistryRegistry v2
Runtime namespaceCommonly cpaas-systemimage-registry-system
Internal service addressimage-registry.cpaas-system.svcimage-registry.image-registry-system.svc:5000
Lifecycle managementPlatform plugin or chart-managed Registry resourcesOLM and cluster-image-registry-operator
Desired statePlugin configuration and legacy Registry configurationconfigs.imageregistry.operator.alauda.io/cluster and imagepruners.imageregistry.operator.alauda.io/cluster
Image metadataRegistry HTTP view and legacy metadata APIsAggregated image.alauda.io/v1 Image API
External exposureLegacy ingress or gateway configurationConfig.spec.defaultRoute and Config.spec.routes[], rendered as Kubernetes Ingress
Pull credentialsLegacy ServiceAccount pull secret automationBuilt-in Operator imagePullSecret controller
Image limitsLegacy Registry gateway ConfigMapKubernetes LimitRange and ResourceQuota with alauda.io image resources
Pruning and GCLegacy ac Registry commands and scriptsImagePruner/cluster, image-pruner CronJob, and ac adm prune images / ac adm registry gc

Common Terms

TermMeaning
Image repositoryA namespace-scoped collection of image tags and digests, addressed as <namespace>/<repository>:<tag>.
ImageStreamACP Image API resource that records tag specifications and tag history for a repository.
ImageCluster-scoped image metadata for a digest.
ImagePrunerSingleton custom resource that configures scheduled prune jobs.
Managed pull SecretA ServiceAccount pull credential generated and injected by the Operator.
Registry storageThe backend that stores image blobs and manifests.

Automatic Image Pruning

Registry v2 uses imagepruners.imageregistry.operator.alauda.io/cluster to configure scheduled pruning. The Operator renders an image-pruner CronJob that runs ac adm prune images with the configured retention policy.

Pruning removes unused image metadata first. Registry garbage collection reclaims storage after metadata is removed. Run manual prune and GC only after reviewing the dry-run output.

Compatibility Notes

  • The legacy Registry how-to pages remain valid for environments that have not migrated.
  • Registry v2 Image API resources use the ACP groups image.alauda.io/v1 and imageregistry.operator.alauda.io/v1.
  • OCP-style concepts such as Image, ImageStream, ImageStreamTag, ImagePruner, image puller and pusher roles, and ImageStream layer authorization are preserved where they apply to ACP.
  • OpenShift-specific APIs such as route.openshift.io, image.openshift.io, imageregistry.operator.openshift.io, BuildConfig, and DeploymentConfig are not exposed as ACP APIs.
  • Unmodified oc commands are only a limited discovery aid. Use ac for ACP Registry workflows.