MirrorMirror
/
riju
mirror of https://github.com/radian-software/riju.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adapt docker registry to work on DigitalOcean

This commit is contained in:
Radon Rosborough 2023-04-21 16:41:28 -07:00
parent f0ab2399b9
commit 50bfd755d7
3 changed files with 73 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
env.yaml.bash
View File

@ -12,6 +12,13 @@ networking:
domain: riju.example.com # FIXME domain: riju.example.com # FIXME
ip: x.y.z.w # FIXME ip: x.y.z.w # FIXME
s3:
accessKeyId: fixme
accessKeySecret: fixme
bucket: fixme
region: fixme
endpoint: fixme.digitaloceanspaces.com
contact: contact:
letsEncryptEmail: ops@example.com # FIXME letsEncryptEmail: ops@example.com # FIXME
letsEncryptProductionEnabled: false letsEncryptProductionEnabled: false
@ -22,6 +29,7 @@ metallb:
registry: registry:
password: "${registry_password}" password: "${registry_password}"
htpasswd: "$(htpasswd -nbB admin "${registry_password}")" htpasswd: "$(htpasswd -nbB admin "${registry_password}")"
httpSecret: "$(pwgen -s 16 1)"
minio: minio:
accessKey: "$(head -c16 /dev/urandom | xxd -p)" accessKey: "$(head -c16 /dev/urandom | xxd -p)"

30
k8s/00-base/secrets.in.yaml
View File

@ -7,6 +7,36 @@ metadata:
data: data:
secretkey: "{{ .metallb.secretkey | b64enc }}" secretkey: "{{ .metallb.secretkey | b64enc }}"
---
kind: Secret
apiVersion: v1
metadata:
namespace: riju
name: s3-auth
stringData:
access-key: "{{ .s3.accessKey }}"
secret-key: "{{ .s3.secretKey }}"
---
kind: ConfigMap
apiVersion: v1
metadata:
namespace: riju
name: s3-config
data:
bucket: "{{ .s3.bucket }}"
region: "{{ .s3.region }}"
endpoint: "{{ .s3.endpoint }}"
---
kind: Secret
apiVersion: v1
metadata:
namespace: riju
name: registry-http-secret
stringData:
http-secret: "{{ .registry.httpSecret }}"
--- ---
kind: Secret kind: Secret
apiVersion: v1 apiVersion: v1

48
k8s/02-services/riju-docker-registry.yaml
View File

@ -1,24 +1,14 @@
--- ---
kind: StatefulSet kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
metadata: metadata:
namespace: riju namespace: riju
name: docker-registry name: docker-registry
spec: spec:
replicas: 1 replicas: 1
serviceName: docker-registry
selector: selector:
matchLabels: matchLabels:
app: docker-registry app: docker-registry
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 128Gi
storageClassName: openebs-hostpath
template: template:
metadata: metadata:
labels: labels:
@ -59,14 +49,46 @@ spec:
value: "Registry Realm" value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH - name: REGISTRY_AUTH_HTPASSWD_PATH
value: /var/run/registry/auth/htpasswd value: /var/run/registry/auth/htpasswd
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: registry-http-secret
key: http-secret
- name: REGISTRY_STORAGE
value: s3
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
valueFrom:
configMapKeyRef:
name: s3-config
key: endpoint
- name: REGISTRY_STORAGE_S3_REGION
valueFrom:
configMapKeyRef:
name: s3-config
key: region
- name: REGISTRY_STORAGE_S3_BUCKET
valueFrom:
configMapKeyRef:
name: s3-config
key: bucket
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: s3-auth
key: access-key
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: s3-auth
key: secret-key
- name: REGISTRY_STORAGE_S3_SECURE
value: "true"
ports: ports:
- name: api - name: api
containerPort: 5000 containerPort: 5000
volumeMounts: volumeMounts:
- name: auth - name: auth
mountPath: /var/run/registry/auth mountPath: /var/run/registry/auth
- name: data
mountPath: /var/lib/registry
--- ---
kind: Service kind: Service