diff --git a/Makefile b/Makefile index 59fccf6..d9f65b7 100644 --- a/Makefile +++ b/Makefile @@ -287,3 +287,18 @@ kubesplit: manifests kustomize rm -rf helm-chart mkdir helm-chart $(KUSTOMIZE) build config/default | kubesplit -helm helm-chart + +helm: + helm upgrade \ + --install \ + --create-namespace \ + --namespace test-registry \ + --set registry.storage.s3.accessKey=${AWS_ACCESSKEY} \ + --set registry.storage.s3.secretKey=${AWS_SECRETKEY} \ + --set registry.storage.s3.region=${AWS_BUCKET_REGION} \ + --set registry.storage.s3.bucket=${AWS_BUCKET_NAME} \ + --set registry.storage.s3.endpoint=${AWS_BUCKET_ENDPOINT} \ + --set registry.auth.htpasswd.secret.name=registry-default-user-password \ + --set registry.ingress.dns=osbuilder.plrl-dev-aws.onplural.sh \ + --set builder.replicas=0 \ + osbuilder ./charts/osbuilder diff --git a/charts/osartifact/Chart.yaml b/charts/osartifact/Chart.yaml index 681fbec..1b2698f 100644 --- a/charts/osartifact/Chart.yaml +++ b/charts/osartifact/Chart.yaml @@ -1,5 +1,8 @@ apiVersion: v2 name: osartifact description: A Helm chart for OSArtifact CRD deployment +maintainers: + - name: Plural + email: support@plural.sh type: application version: 0.3.0 \ No newline at end of file diff --git a/charts/osbuilder/Chart.lock b/charts/osbuilder/Chart.lock index 0de6a5f..f73cb7e 100644 --- a/charts/osbuilder/Chart.lock +++ b/charts/osbuilder/Chart.lock @@ -1,3 +1,6 @@ -dependencies: [] -digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 -generated: "2025-01-10T15:08:39.051068115Z" +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: v1.16.3 +digest: sha256:1ce80837e63f45e983685469e3af7c684b95ce548feadbb96a0519825a37bc8a +generated: "2025-01-22T12:30:56.241307222+01:00" diff --git a/charts/osbuilder/Chart.yaml b/charts/osbuilder/Chart.yaml index 7e33653..6c96e7e 100644 --- a/charts/osbuilder/Chart.yaml +++ b/charts/osbuilder/Chart.yaml @@ -1,11 +1,16 @@ apiVersion: v2 name: osbuilder description: A Helm chart for osbuilder +maintainers: + - name: Plural + email: support@plural.sh +home: https://github.com/pluralsh/osbuilder +type: application appVersion: 0.1.5 version: 0.1.5 -dependencies: [] -maintainers: - - name: Ettore Di Giacinto - email: mudler@kairos.io -home: https://kairos.io/ -type: application +dependencies: + - name: cert-manager + alias: certManager + repository: https://charts.jetstack.io + version: v1.16.3 + condition: certManager.enabled diff --git a/charts/osbuilder/charts/cert-manager-v1.16.3.tgz b/charts/osbuilder/charts/cert-manager-v1.16.3.tgz new file mode 100644 index 0000000..9c4c326 Binary files /dev/null and b/charts/osbuilder/charts/cert-manager-v1.16.3.tgz differ diff --git a/charts/osbuilder/templates/NOTES.txt b/charts/osbuilder/templates/NOTES.txt index dc1ef81..077e8cb 100644 --- a/charts/osbuilder/templates/NOTES.txt +++ b/charts/osbuilder/templates/NOTES.txt @@ -6,7 +6,7 @@ template: restartPolicy: Never containers: - name: upload - image: {{ .Values.image.toolsRepository | default "quay.io/kairos/osbuilder-tools" }}:{{ .Values.image.tag | default .Chart.AppVersion }} + image: {{ .Values.builder.toolsRepository | default "quay.io/kairos/osbuilder-tools" }}:{{ .Values.builder.image.tag | default .Chart.AppVersion }} command: - bash args: diff --git a/charts/osbuilder/templates/_helpers.tpl b/charts/osbuilder/templates/_helpers.tpl index 2583e11..a865940 100644 --- a/charts/osbuilder/templates/_helpers.tpl +++ b/charts/osbuilder/templates/_helpers.tpl @@ -50,7 +50,6 @@ app.kubernetes.io/name: {{ include "helm-chart.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} -{{/* Create the name of the service account to use */}} {{- define "helm-chart.serviceAccountName" -}} diff --git a/charts/osbuilder/templates/configmap.yaml b/charts/osbuilder/templates/configmap.yaml index f7e1282..14aae5d 100644 --- a/charts/osbuilder/templates/configmap.yaml +++ b/charts/osbuilder/templates/configmap.yaml @@ -1,6 +1,10 @@ apiVersion: v1 +kind: ConfigMap +metadata: + name: osartifactbuilder-operator-manager-config + namespace: '{{.Release.Namespace}}' data: - controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: + controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n \ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: true\n resourceName: 98ca89ca.kairos.io\n# leaderElectionReleaseOnCancel @@ -12,43 +16,4 @@ data: after \n# the manager stops, so would be fine to enable this option. However, \n# if you are doing or is intended to do any operation such as perform cleanups \n# after the manager stops then its usage might be unsafe.\n# - \ leaderElectionReleaseOnCancel: true\n" -kind: ConfigMap -metadata: - name: osartifactbuilder-operator-manager-config - namespace: '{{.Release.Namespace}}' ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-config -data: - nginx.conf: | - server { - listen 80; - server_name localhost; - - client_max_body_size 21000M; - - #access_log /var/log/nginx/host.access.log main; - - location ~ "/upload/([0-9a-zA-Z-.]*)$" { - alias /usr/share/nginx/html/$1; - client_body_temp_path /tmp; - dav_methods PUT DELETE MKCOL COPY MOVE; - create_full_put_path on; - dav_access group:rw all:r; - } - - location / { - root /usr/share/nginx/html; - autoindex on; - } - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } + \ leaderElectionReleaseOnCancel: true\n" \ No newline at end of file diff --git a/charts/osbuilder/templates/deployment.yaml b/charts/osbuilder/templates/deployment.yaml index 151ee44..072edf1 100644 --- a/charts/osbuilder/templates/deployment.yaml +++ b/charts/osbuilder/templates/deployment.yaml @@ -1,133 +1,69 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: '{{ include "helm-chart.fullname" . }}' - namespace: '{{.Release.Namespace}}' - labels: - {{- include "helm-chart.labels" . | nindent 8 }} + name: '{{ include "helm-chart.fullname" . }}' + namespace: '{{.Release.Namespace}}' + labels: + {{- include "helm-chart.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicas | default 1}} - selector: - matchLabels: - {{- include "helm-chart.selectorLabels" . | nindent 10 }} - template: - metadata: - annotations: - {{- range keys .Values.podAnnotations }} - {{ . | quote }}: {{ get $.Values.podAnnotations . | quote}} - {{- end }} - labels: - {{- include "helm-chart.selectorLabels" . | nindent 14}} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 14 }} - {{- end }} - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=0 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - - args: - - --pvc-storage-size={{ .Values.pvcStorageSize }} - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - '--tool-image={{ .Values.toolsImage.repository | default "quay.io/kairos/auroraboot" }}:{{ .Values.toolsImage.tag | default "latest" }}' - command: - - /manager - image: '{{ .Values.image.repository | default "ghcr.io/pluralsh/osbuilder" }}:{{ .Values.image.tag | default .Chart.AppVersion }}' - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - {{- if and .Values.resources .Values.resources.controller }} - resources: -{{ toYaml .Values.resources.controller | indent 20 }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - securityContext: - runAsNonRoot: true - serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}' - terminationGracePeriodSeconds: 10 - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 14 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 14 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 14 }} - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: osbuilder-nginx - name: 'osbuilder-nginx' - namespace: '{{.Release.Namespace}}' -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: osbuilder-nginx - template: - metadata: - labels: - app.kubernetes.io/name: osbuilder-nginx - spec: - containers: - - image: nginx - name: nginx - ports: - - containerPort: 80 - volumeMounts: - - mountPath: /usr/share/nginx/html - name: nginx-public - - mountPath: /etc/nginx/conf.d - name: config - readOnly: true - serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}' - terminationGracePeriodSeconds: 10 - securityContext: - fsGroup: 101 - volumes: - - name: nginx-public - persistentVolumeClaim: - claimName: osartifactbuilder-operator-nginx-public - - name: config - configMap: - name: nginx-config - items: - - key: nginx.conf - path: default.conf + replicas: {{ .Values.builder.replicas }} + selector: + matchLabels: + {{- include "helm-chart.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- range keys .Values.builder.podAnnotations }} + {{ . | quote }}: {{ get $.Values.builder.podAnnotations . | quote}} + {{- end }} + labels: + {{- include "helm-chart.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.builder.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 14 }} + {{- end }} + containers: + - name: manager + image: '{{ .Values.builder.image.repository | default "ghcr.io/pluralsh/osbuilder" }}:{{ .Values.builder.image.tag | default .Chart.AppVersion }}' + command: [ '/manager' ] + args: + - --pvc-storage-size={{ .Values.builder.pvcStorageSize }} + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - '--tool-image={{ .Values.builder.toolsImage.repository | default "quay.io/kairos/auroraboot" }}:{{ .Values.builder.toolsImage.tag | default "latest" }}' + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + {{- if and .Values.builder.resources .Values.builder.resources.controller }} + resources: + {{- toYaml .Values.builder.resources.controller | nindent 12 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}' + terminationGracePeriodSeconds: 10 + {{- with .Values.builder.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 14 }} + {{- end }} + {{- with .Values.builder.affinity }} + affinity: + {{- toYaml . | nindent 14 }} + {{- end }} + {{- with .Values.builder.tolerations }} + tolerations: + {{- toYaml . | nindent 14 }} + {{- end }} diff --git a/charts/osbuilder/templates/nginx-pvc.yaml b/charts/osbuilder/templates/nginx-pvc.yaml deleted file mode 100644 index 6bb4507..0000000 --- a/charts/osbuilder/templates/nginx-pvc.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: osartifactbuilder-operator-nginx-public - namespace: '{{.Release.Namespace}}' -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: '{{ .Values.nginx.pvcSize }}' diff --git a/charts/osbuilder/templates/registry/certificate.yaml b/charts/osbuilder/templates/registry/certificate.yaml new file mode 100644 index 0000000..cd375e7 --- /dev/null +++ b/charts/osbuilder/templates/registry/certificate.yaml @@ -0,0 +1,34 @@ +{{- if not .Values.registry.ingress.enabled }} + +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "helm-chart.fullname" . }}-registry-selfsigned-issuer + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: registry + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "helm-chart.fullname" . }}-registry-tls + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: registry + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + secretName: {{ include "helm-chart.fullname" . }}-registry-tls + isCA: false + usages: + - server auth + - client auth + dnsNames: + - "{{ include "helm-chart.fullname" . }}-registry.{{.Release.Namespace}}.svc.cluster.local" + - "{{ include "helm-chart.fullname" . }}-registry" + issuerRef: + name: {{ include "helm-chart.fullname" . }}-registry-selfsigned-issuer + +{{- end }} \ No newline at end of file diff --git a/charts/osbuilder/templates/registry/deployment.yaml b/charts/osbuilder/templates/registry/deployment.yaml new file mode 100644 index 0000000..371f42e --- /dev/null +++ b/charts/osbuilder/templates/registry/deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm-chart.fullname" . }}-registry + namespace: {{.Release.Namespace}} + labels: + app.kubernetes.io/component: registry + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.registry.replicas }} + selector: + matchLabels: + app.kubernetes.io/component: registry + {{- include "helm-chart.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- range keys .Values.registry.podAnnotations }} + {{ . | quote }}: {{ get $.Values.registry.podAnnotations . | quote }} + {{- end }} + labels: + app.kubernetes.io/component: registry + {{- include "helm-chart.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: registry + image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }} + env: + - name: REGISTRY_STORAGE + value: {{ .Values.registry.storage.driver }} + {{- if eq .Values.registry.storage.driver "s3" }} + - name: REGISTRY_STORAGE_S3_BUCKET + value: {{ .Values.registry.storage.s3.bucket }} + - name: REGISTRY_STORAGE_S3_ACCESSKEY + value: {{ .Values.registry.storage.s3.accessKey }} + - name: REGISTRY_STORAGE_S3_SECRETKEY + value: {{ .Values.registry.storage.s3.secretKey }} + - name: REGISTRY_STORAGE_S3_REGIONENDPOINT + value: {{ .Values.registry.storage.s3.endpoint }} + - name: REGISTRY_STORAGE_S3_REGION + value: {{ .Values.registry.storage.s3.region }} + - name: REGISTRY_STORAGE_S3_SECURE + value: 'true' + {{- end }} + {{- if .Values.registry.debug }} + - name: REGISTRY_LOG_LEVEL + value: debug + {{- end }} + {{- if and (eq .Values.registry.auth.realm "basic-realm") (or .Values.registry.auth.htpasswd.existingSecret.name .Values.registry.auth.htpasswd.secret.name) }} + - name: REGISTRY_AUTH_HTPASSWD_REALM + value: {{ .Values.registry.auth.realm }} + - name: REGISTRY_AUTH_HTPASSWD_PATH + value: /etc/htpasswd/htpasswd + {{- end }} + {{- range $envKey, $envValue := .Values.registry.extraEnvVars }} + - name: {{ $envKey }} + value: {{ $envValue }} + {{- end }} + ports: + - name: registry + containerPort: 5000 + protocol: TCP + {{- if .Values.registry.debug }} + - name: debug + containerPort: 5001 + protocol: TCP + {{- end }} + volumeMounts: + - name: tls-volume + mountPath: /etc/tls + readOnly: true + {{- if and (eq .Values.registry.auth.realm "basic-realm") (or .Values.registry.auth.htpasswd.existingSecret.name .Values.registry.auth.htpasswd.secret.name) }} + - name: htpasswd-volume + mountPath: /etc/htpasswd + readOnly: true + {{- end }} + volumes: + {{- if and (eq .Values.registry.auth.realm "basic-realm") (or .Values.registry.auth.htpasswd.existingSecret.name .Values.registry.auth.htpasswd.secret.name) }} + - name: htpasswd-volume + secret: + secretName: {{ .Values.registry.auth.htpasswd.existingSecret.name | default (printf "%s-%s" (include "helm-chart.fullname" .) "htpasswd") }} + {{- end }} \ No newline at end of file diff --git a/charts/osbuilder/templates/registry/ingress.yaml b/charts/osbuilder/templates/registry/ingress.yaml new file mode 100644 index 0000000..965d077 --- /dev/null +++ b/charts/osbuilder/templates/registry/ingress.yaml @@ -0,0 +1,34 @@ +{{- if .Values.registry.ingress.enabled }} + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "helm-chart.fullname" . }}-registry + labels: + app.kubernetes.io/component: registry + {{- include "helm-chart.labels" . | nindent 4 }} + {{- with .Values.registry.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.registry.ingress.ingressClass }} + {{ if .Values.registry.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.registry.ingress.dns | quote }} + secretName: {{ include "helm-chart.fullname" . }}-registry-tls + {{ end }} + rules: + - host: {{ .Values.registry.ingress.dns | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ include "helm-chart.fullname" . }}-registry + port: + name: registry + +{{- end }} diff --git a/charts/osbuilder/templates/registry/secret.yaml b/charts/osbuilder/templates/registry/secret.yaml new file mode 100644 index 0000000..78a6ae9 --- /dev/null +++ b/charts/osbuilder/templates/registry/secret.yaml @@ -0,0 +1,30 @@ +{{- if and (eq .Values.registry.auth.realm "basic-realm") (not .Values.registry.auth.htpasswd.existingSecret.name) }} + +{{- if not .Values.registry.auth.htpasswd.secret.name }} + {{- fail "A valid .Values.registry.auth.htpasswd.secret.name required when auth realm set to 'basic-realm'" }} +{{- end }} + +{{ $passwordSecret := lookup "v1" "Secret" .Release.Namespace .Values.registry.auth.htpasswd.secret.name }} + +{{- if not $passwordSecret.data }} + {{- fail "Could not find secret provided via .Values.registry.auth.htpasswd.secret.name" }} +{{- end }} + +{{ $password := index $passwordSecret.data .Values.registry.auth.htpasswd.secret.key | b64dec }} + +{{- if not $password }} + {{- fail "Could not find password key value in the provided secret" }} +{{- end }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "helm-chart.fullname" . }}-htpasswd + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: registry + {{- include "helm-chart.labels" . | nindent 4 }} +stringData: + htpasswd: {{ htpasswd .Values.registry.auth.htpasswd.username $password }} + +{{- end }} \ No newline at end of file diff --git a/charts/osbuilder/templates/registry/service.yaml b/charts/osbuilder/templates/registry/service.yaml new file mode 100644 index 0000000..ed100dd --- /dev/null +++ b/charts/osbuilder/templates/registry/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm-chart.fullname" . }}-registry + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: registry + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + selector: + app.kubernetes.io/component: registry + {{- include "helm-chart.selectorLabels" . | nindent 4 }} + ports: + - name: registry + port: 5000 + protocol: TCP + targetPort: registry + - name: debug + port: 5001 + protocol: TCP + targetPort: debug diff --git a/charts/osbuilder/templates/service.yaml b/charts/osbuilder/templates/service.yaml deleted file mode 100644 index d2518cd..0000000 --- a/charts/osbuilder/templates/service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: '{{ include "helm-chart.fullname" . }}-metrics-service' - namespace: '{{.Release.Namespace}}' -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - {{- include "helm-chart.selectorLabels" . | nindent 6 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: osartifactbuilder-operator-osbuilder-nginx - namespace: '{{.Release.Namespace}}' -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 80 - selector: - app.kubernetes.io/name: osbuilder-nginx - type: NodePort diff --git a/charts/osbuilder/values.yaml b/charts/osbuilder/values.yaml index d25b07a..0972dc6 100644 --- a/charts/osbuilder/values.yaml +++ b/charts/osbuilder/values.yaml @@ -6,51 +6,111 @@ nameOverride: "" # fullnameOverride completely replaces the generated release name fullnameOverride: "" -# Secrets to pull container images from private registries -imagePullSecrets: [] +builder: + # Secrets to pull container images from private registries + imagePullSecrets: [] + image: + # osbuilder image to be used. Leave empty to use the default + repository: ghcr.io/pluralsh/osbuilder + # tag of the osbuilder image. Leave empty to use chart's AppVersion + tag: ~ -image: - # controller image to be used. Leave empty to use - repository: ghcr.io/pluralsh/osbuilder - # tag of the controller image. Leave empty to use chart's AppVersion - tag: + replicas: 1 -replicas: 1 + # The PVC storage size for the build process + pvcStorageSize: "30Gi" -# The PVC storage size for the build process -pvcStorageSize: "20Gi" + toolsImage: + repository: "quay.io/kairos/auroraboot" + tag: "latest" -toolsImage: - repository: "quay.io/kairos/auroraboot" - tag: "latest" + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} -podAnnotations: {} -nodeSelector: {} -tolerations: [] -affinity: {} + ## Resource limits & requests + ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: + controller: + limits: + cpu: 500m + memory: 50Mi + requests: + cpu: 250m + memory: 50Mi -tls: - # source options: - # - "cert-manager-self-signed": Scaffold cert-manager integration, and create - # a self-signed certificate with a cert-manager self-signed Issuer. Depends - # on cert-manager. (default) - # - "cert-manager": Scafffold cert-manager integration. User configures their - # own Issuer. Depends on cert-manager. Set tls.certManagerIssuerName to the - # desired Issuer. - source: cert-manager-self-signed - # "cert-manager"-only options: - certManagerIssuerName: "" +registry: + # Secrets to pull container images from private registries + imagePullSecrets: [] + image: + # docker container registry image to be used. Leave empty to use the default + repository: registry + # tag of the docker container registry image. Leave empty to use chart's AppVersion + tag: 2 -nginx: - pvcSize: 30Gi + # Number of replicas for the registry + replicas: 1 -## Resource limits & requests -## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ -resources: - controller: - limits: - cpu: 500m - memory: 50Mi - requests: - cpu: 250m - memory: 50Mi + # Whether registry should be set to debug level and expose debug server on port 5001 + debug: false + + storage: + # Currently only s3 is supported + driver: s3 + s3: + accessKey: ~ + secretKey: ~ + region: ~ + bucket: ~ + endpoint: ~ + + auth: + # Currently only 'basic-realm' with htpasswd file is supported. Use "~" to disable auth. + realm: basic-realm + htpasswd: + # When existingSecret is provided it will ignore the rest of htpasswd configuration + # and not generate the secret. It should provide a valid htpasswd file under the "htpasswd" secret key. + existingSecret: + name: ~ + # Default username embedded in autogenerated htpasswd secret. + username: plural + # Secret that stores a password that should be encrypted and stored in autogenerated htpasswd file. + secret: + name: ~ + key: password + + ingress: + enabled: true + ingressClass: nginx + dns: ~ + + tls: + enabled: true + + annotations: + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/force-ssl-redirect: 'true' + nginx.ingress.kubernetes.io/proxy-read-timeout: '3600' + nginx.ingress.kubernetes.io/proxy-send-timeout: '3600' + + # Defines extra env vars that should be passed to the registry containers. + # Can be used to customize the configuration + # + # Example format (: ): + # + # extraEnvVars: + # REGISTRY_HTTP_ADDR: ':5000' + # REGISTRY_HTTP_DEBUG_ADDR: ':5000' + # WEIRD_TEXT_WITH_SPECIAL_CHARTS: '":-g*_Asd123gj$$"' + extraEnvVars: {} + + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# It is required to create certificates. +certManager: + enabled: false \ No newline at end of file