diff --git a/apps/docker-cache/.helmignore b/apps/docker-cache/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/apps/docker-cache/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/apps/docker-cache/Chart.yaml b/apps/docker-cache/Chart.yaml new file mode 100644 index 0000000..7927e2e --- /dev/null +++ b/apps/docker-cache/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: ungleich-docker-cache +description: A docker registry usable as a cache +type: application + +version: 0.1.1 +appVersion: "2.7.1" diff --git a/apps/docker-cache/README.md b/apps/docker-cache/README.md new file mode 100644 index 0000000..d4a78c8 --- /dev/null +++ b/apps/docker-cache/README.md @@ -0,0 +1,3 @@ +## Docker-Cache + +A cache for a certain registry diff --git a/apps/docker-cache/nginx/default.conf b/apps/docker-cache/nginx/default.conf new file mode 100644 index 0000000..c3a07ef --- /dev/null +++ b/apps/docker-cache/nginx/default.conf @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ tpl .Values.fqdn . }}; + + ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem; + + client_max_body_size 1024m; + + location / { + proxy_pass http://localhost:5000; + } +} \ No newline at end of file diff --git a/apps/docker-cache/templates/deployment.yaml b/apps/docker-cache/templates/deployment.yaml new file mode 100644 index 0000000..0efcf11 --- /dev/null +++ b/apps/docker-cache/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-registry +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-registry + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ .Release.Name }}-registry + use-as-service: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/nginxconf.yaml") . | sha256sum }} + spec: + containers: + - name: nginx + image: ungleich/ungleich-certbot:0.3.2 + ports: + - containerPort: 443 + name: https + - containerPort: 80 + name: http + env: + - name: DOMAIN + value: "{{ tpl .Values.fqdn . }}" + - name: EMAIL + value: "{{ .Values.email }}" + - name: NGINX + value: "yes" + {{ if eq .Values.letsencryptStaging "no" }} + - name: STAGING + value: "no" + {{ end }} + volumeMounts: + - name: nginx-config + mountPath: "/etc/nginx/conf.d/" + - name: etcletsencrypt + mountPath: "/etc/letsencrypt" + - name: registry + image: registry:{{ .Chart.AppVersion }} + ports: + - containerPort: 5000 + env: + - name: REGISTRY_PROXY_REMOTEURL + value: https://registry-1.docker.io + volumeMounts: + - name: data + mountPath: "/var/lib/registry" + volumes: + - name: etcletsencrypt + persistentVolumeClaim: + claimName: {{ .Release.Name }}-letsencrypt-certs + - name: nginx-config + configMap: + name: {{ .Release.Name }}-nginx-config + - name: data + persistentVolumeClaim: + claimName: {{ .Release.Name }}-data + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + labels: + app: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + # Required for letsencrypt + - port: 80 + name: http + - port: 443 + name: https + selector: + use-as-service: {{ .Release.Name }} diff --git a/apps/docker-cache/templates/nginxconf.yaml b/apps/docker-cache/templates/nginxconf.yaml new file mode 100644 index 0000000..81633cc --- /dev/null +++ b/apps/docker-cache/templates/nginxconf.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-nginx-config +data: +{{ tpl (.Files.Glob "nginx/*").AsConfig . | indent 2 }} diff --git a/apps/docker-cache/templates/pvc.yaml b/apps/docker-cache/templates/pvc.yaml new file mode 100644 index 0000000..bd1671c --- /dev/null +++ b/apps/docker-cache/templates/pvc.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-letsencrypt-certs +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.storage.letsencrypt.size }} + storageClassName: {{ .Values.storage.letsencrypt.storageClass }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.storage.data.size }} + storageClassName: {{ .Values.storage.data.storageClass }} diff --git a/apps/docker-cache/values.yaml b/apps/docker-cache/values.yaml new file mode 100644 index 0000000..c32b040 --- /dev/null +++ b/apps/docker-cache/values.yaml @@ -0,0 +1,14 @@ +clusterDomain: c2.k8s.ooo +email: technik@ungleich.ch +letsencryptStaging: "yes" +fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + +registry: https://registry-1.docker.io! + +storage: + data: + size: 100Gi + storageClass: rook-ceph-block + letsencrypt: + size: 50Mi + storageClass: rook-ceph-block