rancher/osbuilder
1
0
Fork 0
mirror of https://github.com/kairos-io/osbuilder.git synced 2025-09-19 09:34:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

update osbuilder chart to use custom docker registry

Browse Source
This commit is contained in:
Sebastian Florek
2025-01-23 13:04:03 +01:00
parent b7de6843bb
commit 56c1dc4c2d
17 changed files with 408 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Makefile
View File

@@ -287,3 +287,18 @@ kubesplit: manifests kustomize
rm -rf helm-chart rm -rf helm-chart
mkdir helm-chart mkdir helm-chart
$(KUSTOMIZE) build config/default | kubesplit -helm helm-chart $(KUSTOMIZE) build config/default | kubesplit -helm helm-chart
helm:
helm upgrade \
--install \
--create-namespace \
--namespace test-registry \
--set registry.storage.s3.accessKey=${AWS_ACCESSKEY} \
--set registry.storage.s3.secretKey=${AWS_SECRETKEY} \
--set registry.storage.s3.region=${AWS_BUCKET_REGION} \
--set registry.storage.s3.bucket=${AWS_BUCKET_NAME} \
--set registry.storage.s3.endpoint=${AWS_BUCKET_ENDPOINT} \
--set registry.auth.htpasswd.secret.name=registry-default-user-password \
--set registry.ingress.dns=osbuilder.plrl-dev-aws.onplural.sh \
--set builder.replicas=0 \
osbuilder ./charts/osbuilder

3
charts/osartifact/Chart.yaml
View File

@@ -1,5 +1,8 @@
apiVersion: v2 apiVersion: v2
name: osartifact name: osartifact
description: A Helm chart for OSArtifact CRD deployment description: A Helm chart for OSArtifact CRD deployment
maintainers:
- name: Plural
email: support@plural.sh
type: application type: application
version: 0.3.0 version: 0.3.0

9
charts/osbuilder/Chart.lock
View File

@@ -1,3 +1,6 @@
dependencies: [] dependencies:
digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 - name: cert-manager
generated: "2025-01-10T15:08:39.051068115Z" repository: https://charts.jetstack.io
version: v1.16.3
digest: sha256:1ce80837e63f45e983685469e3af7c684b95ce548feadbb96a0519825a37bc8a
generated: "2025-01-22T12:30:56.241307222+01:00"

17
charts/osbuilder/Chart.yaml
View File

@@ -1,11 +1,16 @@
apiVersion: v2 apiVersion: v2
name: osbuilder name: osbuilder
description: A Helm chart for osbuilder description: A Helm chart for osbuilder
maintainers:
- name: Plural
email: support@plural.sh
home: https://github.com/pluralsh/osbuilder
type: application
appVersion: 0.1.5 appVersion: 0.1.5
version: 0.1.5 version: 0.1.5
dependencies: [] dependencies:
maintainers: - name: cert-manager
- name: Ettore Di Giacinto alias: certManager
email: mudler@kairos.io repository: https://charts.jetstack.io
home: https://kairos.io/ version: v1.16.3
type: application condition: certManager.enabled

BIN
charts/osbuilder/charts/cert-manager-v1.16.3.tgz Normal file
View File

Binary file not shown.

2
charts/osbuilder/templates/NOTES.txt
View File

@@ -6,7 +6,7 @@ template:
restartPolicy: Never restartPolicy: Never
containers: containers:
- name: upload - name: upload
image: {{ .Values.image.toolsRepository | default "quay.io/kairos/osbuilder-tools" }}:{{ .Values.image.tag | default .Chart.AppVersion }} image: {{ .Values.builder.toolsRepository | default "quay.io/kairos/osbuilder-tools" }}:{{ .Values.builder.image.tag | default .Chart.AppVersion }}
command: command:
- bash - bash
args: args:

1
charts/osbuilder/templates/_helpers.tpl
View File

@@ -50,7 +50,6 @@ app.kubernetes.io/name: {{ include "helm-chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }} {{- end }}
{{/*
Create the name of the service account to use Create the name of the service account to use
*/}} */}}
{{- define "helm-chart.serviceAccountName" -}} {{- define "helm-chart.serviceAccountName" -}}

47
charts/osbuilder/templates/configmap.yaml
View File

@@ -1,6 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap
metadata:
name: osartifactbuilder-operator-manager-config
namespace: '{{.Release.Namespace}}'
data: data:
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind:
ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n
\ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: \ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect:
true\n resourceName: 98ca89ca.kairos.io\n# leaderElectionReleaseOnCancel true\n resourceName: 98ca89ca.kairos.io\n# leaderElectionReleaseOnCancel
@@ -12,43 +16,4 @@ data:
after \n# the manager stops, so would be fine to enable this option. However, after \n# the manager stops, so would be fine to enable this option. However,
\n# if you are doing or is intended to do any operation such as perform \n# if you are doing or is intended to do any operation such as perform
cleanups \n# after the manager stops then its usage might be unsafe.\n# cleanups \n# after the manager stops then its usage might be unsafe.\n#
\ leaderElectionReleaseOnCancel: true\n" \ leaderElectionReleaseOnCancel: true\n"
kind: ConfigMap
metadata:
name: osartifactbuilder-operator-manager-config
namespace: '{{.Release.Namespace}}'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
data:
nginx.conf: |
server {
listen 80;
server_name localhost;
client_max_body_size 21000M;
#access_log /var/log/nginx/host.access.log main;
location ~ "/upload/([0-9a-zA-Z-.]*)$" {
alias /usr/share/nginx/html/$1;
client_body_temp_path /tmp;
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;
dav_access group:rw all:r;
}
location / {
root /usr/share/nginx/html;
autoindex on;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

194
charts/osbuilder/templates/deployment.yaml
View File

@@ -1,133 +1,69 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: '{{ include "helm-chart.fullname" . }}' name: '{{ include "helm-chart.fullname" . }}'
namespace: '{{.Release.Namespace}}' namespace: '{{.Release.Namespace}}'
labels: labels:
{{- include "helm-chart.labels" . | nindent 8 }} {{- include "helm-chart.labels" . | nindent 4 }}
spec: spec:
replicas: {{ .Values.replicas | default 1}} replicas: {{ .Values.builder.replicas }}
selector: selector:
matchLabels: matchLabels:
{{- include "helm-chart.selectorLabels" . | nindent 10 }} {{- include "helm-chart.selectorLabels" . | nindent 6 }}
template: template:
metadata: metadata:
annotations: annotations:
{{- range keys .Values.podAnnotations }} {{- range keys .Values.builder.podAnnotations }}
{{ . | quote }}: {{ get $.Values.podAnnotations . | quote}} {{ . | quote }}: {{ get $.Values.builder.podAnnotations . | quote}}
{{- end }} {{- end }}
labels: labels:
{{- include "helm-chart.selectorLabels" . | nindent 14}} {{- include "helm-chart.selectorLabels" . | nindent 8 }}
spec: spec:
{{- with .Values.imagePullSecrets }} {{- with .Values.builder.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- toYaml . | nindent 14 }} {{- toYaml . | nindent 14 }}
{{- end }} {{- end }}
containers: containers:
- args: - name: manager
- --secure-listen-address=0.0.0.0:8443 image: '{{ .Values.builder.image.repository | default "ghcr.io/pluralsh/osbuilder" }}:{{ .Values.builder.image.tag | default .Chart.AppVersion }}'
- --upstream=http://127.0.0.1:8080/ command: [ '/manager' ]
- --logtostderr=true args:
- --v=0 - --pvc-storage-size={{ .Values.builder.pvcStorageSize }}
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 - --health-probe-bind-address=:8081
name: kube-rbac-proxy - --metrics-bind-address=127.0.0.1:8080
ports: - --leader-elect
- containerPort: 8443 - '--tool-image={{ .Values.builder.toolsImage.repository | default "quay.io/kairos/auroraboot" }}:{{ .Values.builder.toolsImage.tag | default "latest" }}'
name: https livenessProbe:
protocol: TCP httpGet:
resources: path: /healthz
limits: port: 8081
cpu: 500m initialDelaySeconds: 15
memory: 128Mi periodSeconds: 20
requests: readinessProbe:
cpu: 5m httpGet:
memory: 64Mi path: /readyz
securityContext: port: 8081
allowPrivilegeEscalation: false initialDelaySeconds: 5
- args: periodSeconds: 10
- --pvc-storage-size={{ .Values.pvcStorageSize }} {{- if and .Values.builder.resources .Values.builder.resources.controller }}
- --health-probe-bind-address=:8081 resources:
- --metrics-bind-address=127.0.0.1:8080 {{- toYaml .Values.builder.resources.controller | nindent 12 }}
- --leader-elect {{- end }}
- '--tool-image={{ .Values.toolsImage.repository | default "quay.io/kairos/auroraboot" }}:{{ .Values.toolsImage.tag | default "latest" }}' securityContext:
command: allowPrivilegeEscalation: false
- /manager securityContext:
image: '{{ .Values.image.repository | default "ghcr.io/pluralsh/osbuilder" }}:{{ .Values.image.tag | default .Chart.AppVersion }}' runAsNonRoot: true
livenessProbe: serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}'
httpGet: terminationGracePeriodSeconds: 10
path: /healthz {{- with .Values.builder.nodeSelector }}
port: 8081 nodeSelector:
initialDelaySeconds: 15 {{- toYaml . | nindent 14 }}
periodSeconds: 20 {{- end }}
name: manager {{- with .Values.builder.affinity }}
readinessProbe: affinity:
httpGet: {{- toYaml . | nindent 14 }}
path: /readyz {{- end }}
port: 8081 {{- with .Values.builder.tolerations }}
initialDelaySeconds: 5 tolerations:
periodSeconds: 10 {{- toYaml . | nindent 14 }}
{{- if and .Values.resources .Values.resources.controller }} {{- end }}
resources:
{{ toYaml .Values.resources.controller | indent 20 }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}'
terminationGracePeriodSeconds: 10
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 14 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 14 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 14 }}
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: osbuilder-nginx
name: 'osbuilder-nginx'
namespace: '{{.Release.Namespace}}'
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: osbuilder-nginx
template:
metadata:
labels:
app.kubernetes.io/name: osbuilder-nginx
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
volumeMounts:
- mountPath: /usr/share/nginx/html
name: nginx-public
- mountPath: /etc/nginx/conf.d
name: config
readOnly: true
serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}'
terminationGracePeriodSeconds: 10
securityContext:
fsGroup: 101
volumes:
- name: nginx-public
persistentVolumeClaim:
claimName: osartifactbuilder-operator-nginx-public
- name: config
configMap:
name: nginx-config
items:
- key: nginx.conf
path: default.conf

12
charts/osbuilder/templates/nginx-pvc.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: osartifactbuilder-operator-nginx-public
namespace: '{{.Release.Namespace}}'
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: '{{ .Values.nginx.pvcSize }}'

34
charts/osbuilder/templates/registry/certificate.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if not .Values.registry.ingress.enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ include "helm-chart.fullname" . }}-registry-selfsigned-issuer
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "helm-chart.fullname" . }}-registry-tls
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
secretName: {{ include "helm-chart.fullname" . }}-registry-tls
isCA: false
usages:
- server auth
- client auth
dnsNames:
- "{{ include "helm-chart.fullname" . }}-registry.{{.Release.Namespace}}.svc.cluster.local"
- "{{ include "helm-chart.fullname" . }}-registry"
issuerRef:
name: {{ include "helm-chart.fullname" . }}-registry-selfsigned-issuer
{{- end }}

82
charts/osbuilder/templates/registry/deployment.yaml Normal file
View File

@@ -0,0 +1,82 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "helm-chart.fullname" . }}-registry
namespace: {{.Release.Namespace}}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.registry.replicas }}
selector:
matchLabels:
app.kubernetes.io/component: registry
{{- include "helm-chart.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- range keys .Values.registry.podAnnotations }}
{{ . | quote }}: {{ get $.Values.registry.podAnnotations . | quote }}
{{- end }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.selectorLabels" . | nindent 8 }}
spec:
containers:
- name: registry
image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}
env:
- name: REGISTRY_STORAGE
value: {{ .Values.registry.storage.driver }}
{{- if eq .Values.registry.storage.driver "s3" }}
- name: REGISTRY_STORAGE_S3_BUCKET
value: {{ .Values.registry.storage.s3.bucket }}
- name: REGISTRY_STORAGE_S3_ACCESSKEY
value: {{ .Values.registry.storage.s3.accessKey }}
- name: REGISTRY_STORAGE_S3_SECRETKEY
value: {{ .Values.registry.storage.s3.secretKey }}
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: {{ .Values.registry.storage.s3.endpoint }}
- name: REGISTRY_STORAGE_S3_REGION
value: {{ .Values.registry.storage.s3.region }}
- name: REGISTRY_STORAGE_S3_SECURE
value: 'true'
{{- end }}
{{- if .Values.registry.debug }}
- name: REGISTRY_LOG_LEVEL
value: debug
{{- end }}
{{- if and (eq .Values.registry.auth.realm "basic-realm") (or .Values.registry.auth.htpasswd.existingSecret.name .Values.registry.auth.htpasswd.secret.name) }}
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: {{ .Values.registry.auth.realm }}
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: /etc/htpasswd/htpasswd
{{- end }}
{{- range $envKey, $envValue := .Values.registry.extraEnvVars }}
- name: {{ $envKey }}
value: {{ $envValue }}
{{- end }}
ports:
- name: registry
containerPort: 5000
protocol: TCP
{{- if .Values.registry.debug }}
- name: debug
containerPort: 5001
protocol: TCP
{{- end }}
volumeMounts:
- name: tls-volume
mountPath: /etc/tls
readOnly: true
{{- if and (eq .Values.registry.auth.realm "basic-realm") (or .Values.registry.auth.htpasswd.existingSecret.name .Values.registry.auth.htpasswd.secret.name) }}
- name: htpasswd-volume
mountPath: /etc/htpasswd
readOnly: true
{{- end }}
volumes:
{{- if and (eq .Values.registry.auth.realm "basic-realm") (or .Values.registry.auth.htpasswd.existingSecret.name .Values.registry.auth.htpasswd.secret.name) }}
- name: htpasswd-volume
secret:
secretName: {{ .Values.registry.auth.htpasswd.existingSecret.name | default (printf "%s-%s" (include "helm-chart.fullname" .) "htpasswd") }}
{{- end }}

34
charts/osbuilder/templates/registry/ingress.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if .Values.registry.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "helm-chart.fullname" . }}-registry
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
{{- with .Values.registry.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.registry.ingress.ingressClass }}
{{ if .Values.registry.ingress.tls.enabled }}
tls:
- hosts:
- {{ .Values.registry.ingress.dns | quote }}
secretName: {{ include "helm-chart.fullname" . }}-registry-tls
{{ end }}
rules:
- host: {{ .Values.registry.ingress.dns | quote }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "helm-chart.fullname" . }}-registry
port:
name: registry
{{- end }}

30
charts/osbuilder/templates/registry/secret.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if and (eq .Values.registry.auth.realm "basic-realm") (not .Values.registry.auth.htpasswd.existingSecret.name) }}
{{- if not .Values.registry.auth.htpasswd.secret.name }}
{{- fail "A valid .Values.registry.auth.htpasswd.secret.name required when auth realm set to 'basic-realm'" }}
{{- end }}
{{ $passwordSecret := lookup "v1" "Secret" .Release.Namespace .Values.registry.auth.htpasswd.secret.name }}
{{- if not $passwordSecret.data }}
{{- fail "Could not find secret provided via .Values.registry.auth.htpasswd.secret.name" }}
{{- end }}
{{ $password := index $passwordSecret.data .Values.registry.auth.htpasswd.secret.key | b64dec }}
{{- if not $password }}
{{- fail "Could not find password key value in the provided secret" }}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "helm-chart.fullname" . }}-htpasswd
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
stringData:
htpasswd: {{ htpasswd .Values.registry.auth.htpasswd.username $password }}
{{- end }}

21
charts/osbuilder/templates/registry/service.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "helm-chart.fullname" . }}-registry
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
selector:
app.kubernetes.io/component: registry
{{- include "helm-chart.selectorLabels" . | nindent 4 }}
ports:
- name: registry
port: 5000
protocol: TCP
targetPort: registry
- name: debug
port: 5001
protocol: TCP
targetPort: debug

29
charts/osbuilder/templates/service.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: '{{ include "helm-chart.fullname" . }}-metrics-service'
namespace: '{{.Release.Namespace}}'
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
{{- include "helm-chart.selectorLabels" . | nindent 6 }}
---
apiVersion: v1
kind: Service
metadata:
name: osartifactbuilder-operator-osbuilder-nginx
namespace: '{{.Release.Namespace}}'
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app.kubernetes.io/name: osbuilder-nginx
type: NodePort

140
charts/osbuilder/values.yaml
View File

@@ -6,51 +6,111 @@ nameOverride: ""
# fullnameOverride completely replaces the generated release name # fullnameOverride completely replaces the generated release name
fullnameOverride: "" fullnameOverride: ""
# Secrets to pull container images from private registries builder:
imagePullSecrets: [] # Secrets to pull container images from private registries
imagePullSecrets: []
image:
# osbuilder image to be used. Leave empty to use the default
repository: ghcr.io/pluralsh/osbuilder
# tag of the osbuilder image. Leave empty to use chart's AppVersion
tag: ~
image: replicas: 1
# controller image to be used. Leave empty to use
repository: ghcr.io/pluralsh/osbuilder
# tag of the controller image. Leave empty to use chart's AppVersion
tag:
replicas: 1 # The PVC storage size for the build process
pvcStorageSize: "30Gi"
# The PVC storage size for the build process toolsImage:
pvcStorageSize: "20Gi" repository: "quay.io/kairos/auroraboot"
tag: "latest"
toolsImage: podAnnotations: {}
repository: "quay.io/kairos/auroraboot" nodeSelector: {}
tag: "latest" tolerations: []
affinity: {}
podAnnotations: {} ## Resource limits & requests
nodeSelector: {} ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
tolerations: [] resources:
affinity: {} controller:
limits:
cpu: 500m
memory: 50Mi
requests:
cpu: 250m
memory: 50Mi
tls: registry:
# source options: # Secrets to pull container images from private registries
# - "cert-manager-self-signed": Scaffold cert-manager integration, and create imagePullSecrets: []
# a self-signed certificate with a cert-manager self-signed Issuer. Depends image:
# on cert-manager. (default) # docker container registry image to be used. Leave empty to use the default
# - "cert-manager": Scafffold cert-manager integration. User configures their repository: registry
# own Issuer. Depends on cert-manager. Set tls.certManagerIssuerName to the # tag of the docker container registry image. Leave empty to use chart's AppVersion
# desired Issuer. tag: 2
source: cert-manager-self-signed
# "cert-manager"-only options:
certManagerIssuerName: ""
nginx: # Number of replicas for the registry
pvcSize: 30Gi replicas: 1
## Resource limits & requests # Whether registry should be set to debug level and expose debug server on port 5001
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ debug: false
resources:
controller: storage:
limits: # Currently only s3 is supported
cpu: 500m driver: s3
memory: 50Mi s3:
requests: accessKey: ~
cpu: 250m secretKey: ~
memory: 50Mi region: ~
bucket: ~
endpoint: ~
auth:
# Currently only 'basic-realm' with htpasswd file is supported. Use "~" to disable auth.
realm: basic-realm
htpasswd:
# When existingSecret is provided it will ignore the rest of htpasswd configuration
# and not generate the secret. It should provide a valid htpasswd file under the "htpasswd" secret key.
existingSecret:
name: ~
# Default username embedded in autogenerated htpasswd secret.
username: plural
# Secret that stores a password that should be encrypted and stored in autogenerated htpasswd file.
secret:
name: ~
key: password
ingress:
enabled: true
ingressClass: nginx
dns: ~
tls:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
nginx.ingress.kubernetes.io/proxy-read-timeout: '3600'
nginx.ingress.kubernetes.io/proxy-send-timeout: '3600'
# Defines extra env vars that should be passed to the registry containers.
# Can be used to customize the configuration
#
# Example format (<ENV_VAR_NAME>: <ENV_VAR_VALUE>):
#
# extraEnvVars:
# REGISTRY_HTTP_ADDR: ':5000'
# REGISTRY_HTTP_DEBUG_ADDR: ':5000'
# WEIRD_TEXT_WITH_SPECIAL_CHARTS: '":-g*_Asd123gj$$"'
extraEnvVars: {}
podAnnotations: {}
nodeSelector: {}
tolerations: []
affinity: {}
# It is required to create certificates.
certManager:
enabled: false