diff --git a/apps/docker-registry/.helmignore b/apps/docker-registry/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/apps/docker-registry/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/apps/docker-registry/Chart.yaml b/apps/docker-registry/Chart.yaml new file mode 100644 index 0000000..b63c20f --- /dev/null +++ b/apps/docker-registry/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: ungleich-docker-registry +description: Docker registry for saving images +type: application + +version: 0.1.1 +appVersion: "2.7.1" diff --git a/apps/docker-registry/README.md b/apps/docker-registry/README.md new file mode 100644 index 0000000..a3f94fa --- /dev/null +++ b/apps/docker-registry/README.md @@ -0,0 +1,3 @@ +## Docker-Registry + +A docker registry saving images diff --git a/apps/docker-registry/nginx/default.conf b/apps/docker-registry/nginx/default.conf new file mode 100644 index 0000000..c3a07ef --- /dev/null +++ b/apps/docker-registry/nginx/default.conf @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ tpl .Values.fqdn . }}; + + ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem; + + client_max_body_size 1024m; + + location / { + proxy_pass http://localhost:5000; + } +} \ No newline at end of file diff --git a/apps/docker-registry/templates/deployment.yaml b/apps/docker-registry/templates/deployment.yaml new file mode 100644 index 0000000..499c135 --- /dev/null +++ b/apps/docker-registry/templates/deployment.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-registry +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-registry + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ .Release.Name }}-registry + use-as-service: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/nginxconf.yaml") . | sha256sum }} + spec: + containers: + - name: nginx + image: ungleich/ungleich-certbot:0.3.2 + ports: + - containerPort: 443 + name: https + - containerPort: 80 + name: http + env: + - name: DOMAIN + value: "{{ tpl .Values.fqdn . }}" + - name: EMAIL + value: "{{ .Values.email }}" + - name: NGINX + value: "yes" + {{ if eq .Values.letsencryptStaging "no" }} + - name: STAGING + value: "no" + {{ end }} + volumeMounts: + - name: nginx-config + mountPath: "/etc/nginx/conf.d/" + - name: etcletsencrypt + mountPath: "/etc/letsencrypt" + - name: registry + image: registry:{{ .Chart.AppVersion }} + ports: + - containerPort: 5000 + env: + - name: REGISTRY_AUTH_HTPASSWD_PATH + value: "/auth/auth" + - name: REGISTRY_AUTH_HTPASSWD_REALM + value: "registry" + volumeMounts: + - name: data + mountPath: "/var/lib/registry" + - name: auth + mountPath: "/auth" + volumes: + - name: etcletsencrypt + persistentVolumeClaim: + claimName: {{ .Release.Name }}-letsencrypt-certs + - name: nginx-config + configMap: + name: {{ .Release.Name }}-nginx-config + - name: data + persistentVolumeClaim: + claimName: {{ .Release.Name }}-data + - name: auth + secret: + secretName: {{ .Release.Name }}-auth + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + labels: + app: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + # Required for letsencrypt + - port: 80 + name: http + - port: 443 + name: https + selector: + use-as-service: {{ .Release.Name }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-auth + annotations: + secret-generator.v1.mittwald.de/type: basic-auth +data: {} diff --git a/apps/docker-registry/templates/nginxconf.yaml b/apps/docker-registry/templates/nginxconf.yaml new file mode 100644 index 0000000..81633cc --- /dev/null +++ b/apps/docker-registry/templates/nginxconf.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-nginx-config +data: +{{ tpl (.Files.Glob "nginx/*").AsConfig . | indent 2 }} diff --git a/apps/docker-registry/templates/pvc.yaml b/apps/docker-registry/templates/pvc.yaml new file mode 100644 index 0000000..bd1671c --- /dev/null +++ b/apps/docker-registry/templates/pvc.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-letsencrypt-certs +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.storage.letsencrypt.size }} + storageClassName: {{ .Values.storage.letsencrypt.storageClass }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.storage.data.size }} + storageClassName: {{ .Values.storage.data.storageClass }} diff --git a/apps/docker-registry/values.yaml b/apps/docker-registry/values.yaml new file mode 100644 index 0000000..c32b040 --- /dev/null +++ b/apps/docker-registry/values.yaml @@ -0,0 +1,14 @@ +clusterDomain: c2.k8s.ooo +email: technik@ungleich.ch +letsencryptStaging: "yes" +fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + +registry: https://registry-1.docker.io! + +storage: + data: + size: 100Gi + storageClass: rook-ceph-block + letsencrypt: + size: 50Mi + storageClass: rook-ceph-block