xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

docker-registry app setup

Browse Source
This commit is contained in:
richard
2022-10-30 13:52:42 -04:00
parent 3d038800ef
commit 2720a8b221
13 changed files with 262 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ansible-5/roles/prod.k3s/defaults/main.yml
View File

@@ -14,9 +14,9 @@ fstab:
- name: gitea
path: "/opt/data/gitea"
state: mounted
# - name: vmshares
# path: "/opt/shared"
# state: mounted
- name: vmshares
path: "/opt/data/shared"
state: mounted
- name: mariadb
path: "/opt/data/db"
state: mounted
@@ -36,11 +36,12 @@ helm:
apps:
stash:
enabled: false
state: present
namespace: stashapp
mariadb:
enabled: true
enabled: false
namespace: mariadb
pvc: data-mariadb-0
state: present
@@ -54,3 +55,8 @@ apps:
namespace: gitea
state: present
dkregistry:
enabled: true
namespace: default
pvc: data-dkregistry-0
state: present

1
ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml
View File

@@ -20,6 +20,7 @@ spec:
- sql.xai-corp.net
- cik.xai-corp.net
- stash.xai-corp.net
- dkregistry.xai-corp.net
acme:
config:
- http01:

27
ansible-5/roles/prod.k3s/files/dkregistry/values.yaml Normal file
View File

@@ -0,0 +1,27 @@
---
# Docker Registry values
# https://github.com/twuni/docker-registry.helm/blob/main/values.yaml
image:
repository: registry
tag: 2.8.1
ingress:
enabled: true
# className: traefik
tls:
- secretName: xai-corp-production-tls
hosts:
- dkregistry.xai-corp.net
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-production
## kubernetes.io/ingress.class: traefik
# traefik.ingress.kubernetes.io/router.entrypoints: websecure
# traefik.ingress.kubernetes.io/router.tls: 'true'
persistence:
enabled: true
existingClaim: data-dkregistry-0
secrets:
htpasswd: false

79
ansible-5/roles/prod.k3s/tasks/deployments/dkregistry.yaml Normal file
View File

@@ -0,0 +1,79 @@
---
#https://github.com/twuni/docker-registry.helm
#- name: Create a namespace for docker registry
# k8s:
# kubeconfig: "/etc/rancher/k3s/k3s.yaml"
# name: "{{apps.dkregistry.namespace}}"
# api_version: v1
# kind: Namespace
# state: "{{apps.dkregistry.state}}"
# become: true
- name: create persistent volume resources
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
state: "{{apps.dkregistry.state}}"
definition: "{{ lookup('template', item) | from_yaml }}"
loop:
- dkregistry/pv.yaml
- dkregistry/pv-claim.yaml
- dkregistry/pv-auth.yaml
- dkregistry/pv-auth-claim.yaml
become: true
- name: create secret for dkregistry
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
state: "{{apps.dkregistry.state}}"
definition:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: auth-secret
namespace: "{{apps.dkregistry.namespace}}"
stringData:
htpassword: "richard:$2y$05$Zp.GEiUbsGYYVOYWE71truuERCAE.D5wwGzU3Xi3wIVAWjH60t/U."
become: true
- name: create docker-registry resources
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
state: "{{apps.dkregistry.state}}"
definition: "{{ lookup('template', item) | from_yaml }}"
loop:
# - dkregistry/configmap.yaml
- dkregistry/ingress.yaml
- dkregistry/service.yaml
- dkregistry/deployment.yaml
become: true
#- name: Install dkregistry globally available
# block:
# - name: Add dkregistry chart helm repo
# local_action:
# module: kubernetes.core.helm_repository
# name: twuni
# repo_url: https://helm.twun.io
#
# - name: load variables files/dkregistry/values.yaml
# ansible.builtin.include_vars:
# file: files/dkregistry/values.yaml
# name: stash_values
#
# - name: Install dkregistry Release
# local_action:
# module: kubernetes.core.helm
# release_state: "{{apps.dkregistry.state}}"
# name: dkregistry
# namespace: "{{apps.dkregistry.namespace}}"
# create_namespace: yes
# update_repo_cache: True
# chart_ref: twuni/docker-registry
# values: "{{stash_values}}"
# wait: true

5
ansible-5/roles/prod.k3s/tasks/main.yml
View File

@@ -15,6 +15,7 @@
- name: deploy stash
include_tasks: deployments/stash.yaml
when: apps.stash.enabled
- name: deploy mariadb
include_tasks: deployments/mariadb.yaml
@@ -24,6 +25,10 @@
include_tasks: deployments/gitea.yaml
when: apps.gitea.enabled
- name: deploy dkregistry
include_tasks: deployments/dkregistry.yaml
when: apps.dkregistry.enabled
#-----------------------------------------------------
#- include_tasks: mariadb.yaml
#

41
ansible-5/roles/prod.k3s/templates/dkregistry/deployment.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: v1
kind: Pod
metadata:
name: docker-registry-pod
namespace: "{{apps.dkregistry.namespace}}"
labels:
app: registry
spec:
containers:
- name: registry
image: registry:2.6.2
volumeMounts:
- name: repo-vol
mountPath: "/var/lib/registry"
# - name: certs-vol
# mountPath: "/certs"
# readOnly: true
- name: auth-vol
mountPath: "/auth"
readOnly: true
env:
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: "/auth/htpasswd"
# - name: REGISTRY_HTTP_TLS_CERTIFICATE
# value: "/certs/tls.crt"
# - name: REGISTRY_HTTP_TLS_KEY
# value: "/certs/tls.key"
volumes:
- name: repo-vol
persistentVolumeClaim:
claimName: data-dkregistry-0
# - name: certs-vol
# secret:
# secretName: default/xai-corp-production-tls
- name: auth-vol
persistentVolumeClaim:
claimName: data-dkregistry-auth-0

25
ansible-5/roles/prod.k3s/templates/dkregistry/ingress.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dkregistry
namespace: "{{apps.dkregistry.namespace}}"
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: www.xai-corp.net
http:
paths:
- path: /v2/
pathType: Prefix
backend:
service:
name: docker-registry
port:
number: 5000
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
- secretName: xai-corp-production-tls

13
ansible-5/roles/prod.k3s/templates/dkregistry/pv-auth-claim.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-dkregistry-auth-0
namespace: "{{apps.dkregistry.namespace}}"
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

17
ansible-5/roles/prod.k3s/templates/dkregistry/pv-auth.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
# persistent volume
apiVersion: v1
kind: PersistentVolume
metadata:
name: dkregistry-pv-auth-local
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/data/shared/dkregistry/auth"

13
ansible-5/roles/prod.k3s/templates/dkregistry/pv-claim.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: "{{apps.dkregistry.pvc}}"
namespace: "{{apps.dkregistry.namespace}}"
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

17
ansible-5/roles/prod.k3s/templates/dkregistry/pv.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
# persistent volume
apiVersion: v1
kind: PersistentVolume
metadata:
name: dkregistry-pv-local
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/data/shared/dkregistry/data"

12
ansible-5/roles/prod.k3s/templates/dkregistry/service.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: docker-registry
namespace: "{{apps.dkregistry.namespace}}"
spec:
selector:
app: registry
ports:
- port: 5000
targetPort: 5000