docker-registry app setup

ansible-5/roles/prod.k3s/templates/dkregistry/deployment.yaml

@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: docker-registry-pod
+  namespace: "{{apps.dkregistry.namespace}}"
+  labels:
+    app: registry
+spec:
+  containers:
+    - name: registry
+      image: registry:2.6.2
+      volumeMounts:
+        - name: repo-vol
+          mountPath: "/var/lib/registry"
+#        - name: certs-vol
+#          mountPath: "/certs"
+#          readOnly: true
+        - name: auth-vol
+          mountPath: "/auth"
+          readOnly: true
+      env:
+        - name: REGISTRY_AUTH
+          value: "htpasswd"
+        - name: REGISTRY_AUTH_HTPASSWD_REALM
+          value: "Registry Realm"
+        - name: REGISTRY_AUTH_HTPASSWD_PATH
+          value: "/auth/htpasswd"
+#        - name: REGISTRY_HTTP_TLS_CERTIFICATE
+#          value: "/certs/tls.crt"
+#        - name: REGISTRY_HTTP_TLS_KEY
+#          value: "/certs/tls.key"
+  volumes:
+    - name: repo-vol
+      persistentVolumeClaim:
+        claimName: data-dkregistry-0
+#    - name: certs-vol
+#      secret:
+#        secretName: default/xai-corp-production-tls
+    - name: auth-vol
+      persistentVolumeClaim:
+        claimName: data-dkregistry-auth-0

ansible-5/roles/prod.k3s/templates/dkregistry/ingress.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dkregistry
+  namespace: "{{apps.dkregistry.namespace}}"
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+    - host: www.xai-corp.net
+      http:
+        paths:
+          - path: /v2/
+            pathType: Prefix
+            backend:
+              service:
+                name: docker-registry
+                port:
+                  number: 5000
+
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls

ansible-5/roles/prod.k3s/templates/dkregistry/pv-auth-claim.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: data-dkregistry-auth-0
+  namespace: "{{apps.dkregistry.namespace}}"
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

ansible-5/roles/prod.k3s/templates/dkregistry/pv-auth.yaml

@@ -0,0 +1,17 @@
+---
+# persistent volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: dkregistry-pv-auth-local
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/data/shared/dkregistry/auth"
+

ansible-5/roles/prod.k3s/templates/dkregistry/pv-claim.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "{{apps.dkregistry.pvc}}"
+  namespace: "{{apps.dkregistry.namespace}}"
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

ansible-5/roles/prod.k3s/templates/dkregistry/pv.yaml

@@ -0,0 +1,17 @@
+---
+# persistent volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: dkregistry-pv-local
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/data/shared/dkregistry/data"
+

ansible-5/roles/prod.k3s/templates/dkregistry/service.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: docker-registry
+  namespace: "{{apps.dkregistry.namespace}}"
+spec:
+  selector:
+    app: registry
+  ports:
+    - port: 5000
+      targetPort: 5000