diff --git a/contrib/firstboot.sh b/contrib/firstboot.sh index 4e31771..31d69d9 100755 --- a/contrib/firstboot.sh +++ b/contrib/firstboot.sh @@ -30,6 +30,10 @@ InstallCSI () { } InstallRegistry () { helm repo add stable https://kubernetes-charts.storage.googleapis.com/ + helm install registry stable/docker-registry \ + --set ingress.enabled=true \ + --set ingress.hosts[0]="registry.k8s-demo.vm" + echo '100.100.100.15 registry.k8s-demo.vm' >> /etc/hosts } InstallPGSQL () { helm repo add bitnami https://charts.bitnami.com/bitnami diff --git a/contrib/mood.it b/contrib/mood.it deleted file mode 100644 index 3404f51..0000000 Binary files a/contrib/mood.it and /dev/null differ diff --git a/contrib/werf/docker-registry/.helm/templates/NOTES.txt b/contrib/werf/docker-registry/.helm/templates/NOTES.txt deleted file mode 100755 index 4a9152b..0000000 --- a/contrib/werf/docker-registry/.helm/templates/NOTES.txt +++ /dev/null @@ -1,19 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "docker-registry.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "docker-registry.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "docker-registry.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "docker-registry.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8080:5000 -{{- end }} diff --git a/contrib/werf/docker-registry/.helm/templates/_helpers.tpl b/contrib/werf/docker-registry/.helm/templates/_helpers.tpl deleted file mode 100755 index a91077e..0000000 --- a/contrib/werf/docker-registry/.helm/templates/_helpers.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "docker-registry.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "docker-registry.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/contrib/werf/docker-registry/.helm/templates/configmap.yaml b/contrib/werf/docker-registry/.helm/templates/configmap.yaml deleted file mode 100755 index 820bb4f..0000000 --- a/contrib/werf/docker-registry/.helm/templates/configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "docker-registry.fullname" . }}-config - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yml: |- -{{ toYaml .Values.configData | indent 4 }} diff --git a/contrib/werf/docker-registry/.helm/templates/deployment.yaml b/contrib/werf/docker-registry/.helm/templates/deployment.yaml deleted file mode 100755 index a146d76..0000000 --- a/contrib/werf/docker-registry/.helm/templates/deployment.yaml +++ /dev/null @@ -1,221 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ template "docker-registry.name" . }} - release: {{ .Release.Name }} - replicas: {{ .Values.replicaCount }} -{{- if .Values.updateStrategy }} - strategy: -{{ toYaml .Values.updateStrategy | indent 4 }} -{{- end }} - minReadySeconds: 5 - template: - metadata: - labels: - app: {{ template "docker-registry.name" . }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- if $.Values.podAnnotations }} -{{ toYaml $.Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} -{{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" -{{- end }} -{{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /bin/registry - - serve - - /etc/docker/registry/config.yml - ports: - - containerPort: 5000 - livenessProbe: - httpGet: -{{- if .Values.tlsSecretName }} - scheme: HTTPS -{{- end }} - path: / - port: 5000 - readinessProbe: - httpGet: -{{- if .Values.tlsSecretName }} - scheme: HTTPS -{{- end }} - path: / - port: 5000 - resources: -{{ toYaml .Values.resources | indent 12 }} - env: -{{- if .Values.secrets.htpasswd }} - - name: REGISTRY_AUTH - value: "htpasswd" - - name: REGISTRY_AUTH_HTPASSWD_REALM - value: "Registry Realm" - - name: REGISTRY_AUTH_HTPASSWD_PATH - value: "/auth/htpasswd" -{{- end }} - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: haSharedSecret -{{- if .Values.tlsSecretName }} - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: /etc/ssl/docker/tls.crt - - name: REGISTRY_HTTP_TLS_KEY - value: /etc/ssl/docker/tls.key -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: "/var/lib/registry" -{{- else if eq .Values.storage "azure" }} - - name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountName - - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountKey - - name: REGISTRY_STORAGE_AZURE_CONTAINER - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureContainer -{{- else if eq .Values.storage "s3" }} - {{- if and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey }} - - name: REGISTRY_STORAGE_S3_ACCESSKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: s3AccessKey - - name: REGISTRY_STORAGE_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: s3SecretKey - {{- end }} - - name: REGISTRY_STORAGE_S3_REGION - value: {{ required ".Values.s3.region is required" .Values.s3.region }} - {{- if .Values.s3.regionEndpoint }} - - name: REGISTRY_STORAGE_S3_REGIONENDPOINT - value: {{ .Values.s3.regionEndpoint }} - {{- end }} - - name: REGISTRY_STORAGE_S3_BUCKET - value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} - {{- if .Values.s3.encrypt }} - - name: REGISTRY_STORAGE_S3_ENCRYPT - value: {{ .Values.s3.encrypt | quote }} - {{- end }} - {{- if .Values.s3.secure }} - - name: REGISTRY_STORAGE_S3_SECURE - value: {{ .Values.s3.secure | quote }} - {{- end }} -{{- else if eq .Values.storage "swift" }} - - name: REGISTRY_STORAGE_SWIFT_AUTHURL - value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} - - name: REGISTRY_STORAGE_SWIFT_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftUsername - - name: REGISTRY_STORAGE_SWIFT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftPassword - - name: REGISTRY_STORAGE_SWIFT_CONTAINER - value: {{ required ".Values.swift.container is required" .Values.swift.container }} -{{- end }} -{{- if .Values.persistence.deleteEnabled }} - - name: REGISTRY_STORAGE_DELETE_ENABLED - value: "true" -{{- end }} - volumeMounts: -{{- if .Values.secrets.htpasswd }} - - name: auth - mountPath: /auth - readOnly: true -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - mountPath: /var/lib/registry/ -{{- end }} - - name: "{{ template "docker-registry.fullname" . }}-config" - mountPath: "/etc/docker/registry" -{{- if .Values.tlsSecretName }} - - mountPath: /etc/ssl/docker - name: tls-cert - readOnly: true -{{- end }} -{{- with .Values.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - volumes: -{{- if .Values.secrets.htpasswd }} - - name: auth - secret: - secretName: {{ template "docker-registry.fullname" . }}-secret - items: - - key: htpasswd - path: htpasswd -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end -}} -{{- end }} - - name: {{ template "docker-registry.fullname" . }}-config - configMap: - name: {{ template "docker-registry.fullname" . }}-config -{{- if .Values.tlsSecretName }} - - name: tls-cert - secret: - secretName: {{ .Values.tlsSecretName }} -{{- end }} -{{- with .Values.extraVolumes }} - {{- toYaml . | nindent 8 }} -{{- end }} diff --git a/contrib/werf/docker-registry/.helm/templates/ingress.yaml b/contrib/werf/docker-registry/.helm/templates/ingress.yaml deleted file mode 100755 index 58ab5fa..0000000 --- a/contrib/werf/docker-registry/.helm/templates/ingress.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "docker-registry.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $path := .Values.ingress.path -}} -apiVersion: {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} networking.k8s.io/v1beta1 {{- else }} extensions/v1beta1 {{- end }} -kind: Ingress -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ $path }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/contrib/werf/docker-registry/.helm/templates/poddisruptionbudget.yaml b/contrib/werf/docker-registry/.helm/templates/poddisruptionbudget.yaml deleted file mode 100755 index 38eb384..0000000 --- a/contrib/werf/docker-registry/.helm/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ template "docker-registry.name" . }} - release: {{ .Release.Name }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} diff --git a/contrib/werf/docker-registry/.helm/templates/pvc.yaml b/contrib/werf/docker-registry/.helm/templates/pvc.yaml deleted file mode 100755 index 1619617..0000000 --- a/contrib/werf/docker-registry/.helm/templates/pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.persistence.enabled }} -{{- if not .Values.persistence.existingClaim -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} -{{- end -}} diff --git a/contrib/werf/docker-registry/.helm/templates/secret.yaml b/contrib/werf/docker-registry/.helm/templates/secret.yaml deleted file mode 100755 index c22fd30..0000000 --- a/contrib/werf/docker-registry/.helm/templates/secret.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "docker-registry.fullname" . }}-secret - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- if .Values.secrets.htpasswd }} - htpasswd: {{ .Values.secrets.htpasswd | b64enc }} - {{- end }} - {{- if .Values.secrets.haSharedSecret }} - haSharedSecret: {{ .Values.secrets.haSharedSecret | b64enc | quote }} - {{- else }} - haSharedSecret: {{ randAlphaNum 16 | b64enc | quote }} - {{- end }} - - {{- if eq .Values.storage "azure" }} - {{- if and .Values.secrets.azure.accountName .Values.secrets.azure.accountKey .Values.secrets.azure.container }} - azureAccountName: {{ .Values.secrets.azure.accountName | b64enc | quote }} - azureAccountKey: {{ .Values.secrets.azure.accountKey | b64enc | quote }} - azureContainer: {{ .Values.secrets.azure.container | b64enc | quote }} - {{- end }} - {{- else if eq .Values.storage "s3" }} - {{- if and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey }} - s3AccessKey: {{ .Values.secrets.s3.accessKey | b64enc | quote }} - s3SecretKey: {{ .Values.secrets.s3.secretKey | b64enc | quote }} - {{- end }} - {{- else if eq .Values.storage "swift" }} - {{- if and .Values.secrets.swift.username .Values.secrets.swift.password }} - swiftUsername: {{ .Values.secrets.swift.username | b64enc | quote }} - swiftPassword: {{ .Values.secrets.swift.password | b64enc | quote }} - {{- end }} - {{- end }} diff --git a/contrib/werf/docker-registry/.helm/templates/service.yaml b/contrib/werf/docker-registry/.helm/templates/service.yaml deleted file mode 100755 index 1414020..0000000 --- a/contrib/werf/docker-registry/.helm/templates/service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} -{{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} - clusterIP: {{ .Values.service.clusterIP }} -{{- end }} - ports: - - port: {{ .Values.service.port }} - protocol: TCP - name: {{ .Values.service.name }} - targetPort: 5000 -{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{ .Values.service.nodePort }} -{{- end }} - selector: - app: {{ template "docker-registry.name" . }} - release: {{ .Release.Name }} diff --git a/contrib/werf/docker-registry/.helm/values.yaml b/contrib/werf/docker-registry/.helm/values.yaml deleted file mode 100755 index 4354503..0000000 --- a/contrib/werf/docker-registry/.helm/values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -replicaCount: 1 - -image: - repository: registry - tag: 2.7.1 - pullPolicy: IfNotPresent -service: - name: registry - type: ClusterIP - port: 5000 -ingress: - enabled: "true" - hosts: - - registry.k8s-demo.vm - annotations: - kubernetes.io/ingress.class: nginx - -persistence: - accessMode: 'ReadWriteOnce' - enabled: false - size: 10Gi - -configData: - version: 0.1 - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - http: - addr: :5000 - headers: - X-Content-Type-Options: [nosniff] - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - -securityContext: - enabled: true - runAsUser: 1000 - fsGroup: 1000 - -priorityClassName: "" - diff --git a/contrib/werf/docker-registry/werf.yaml b/contrib/werf/docker-registry/werf.yaml deleted file mode 100644 index 7c594c0..0000000 --- a/contrib/werf/docker-registry/werf.yaml +++ /dev/null @@ -1,2 +0,0 @@ -project: docker-registry -configVersion: 1