GHP publish

2021-01-09 20:54:42 +03:00
commit b4b740a239
173 changed files with 5392 additions and 0 deletions
--- a/roles/registry/defaults/main.yaml
+++ b/roles/registry/defaults/main.yaml
@ -0,0 +1,59 @@
+registry_enabled: true
+registry_publish: false
+registry_default_values:
+  service:
+    type: ClusterIP
+  ingress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: "{{ external_ingress_class if registry_publish else internal_ingress_class }}"
+      cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      cert-manager.io/acme-dns01-provider: "rfc2136"
+      cert-manager.io/acme-challenge-type: "dns01"
+      nginx.ingress.kubernetes.io/proxy-body-size: "0"
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    hosts:
+      - registry.{{ domain }}
+    tls:
+     - secretName: registry.{{ domain }}-tls
+       hosts:
+         - registry.{{ domain }}
+  persistence:
+    enabled: true
+    storageClass: "{{ registry_storage | default('nfs-hdd') }}"
+    size: "{{ registry_size | default('15Gi') }}"
+    accessMode: "{{ registry_storage_mode | default('ReadWriteMany') }}"
+
+registry_readonly_ingress_definition: |
+  apiVersion: extensions/v1beta1
+  kind: Ingress
+  metadata:
+    annotations:
+      cert-manager.io/acme-challenge-type: dns01
+      cert-manager.io/acme-dns01-provider: rfc2136
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      kubernetes.io/ingress.class: "{{ external_ingress_class }}"
+      nginx.ingress.kubernetes.io/proxy-body-size: "0"
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+      nginx.ingress.kubernetes.io/configuration-snippet: |-
+        limit_except GET {
+            deny all;
+        }
+    name: docker-registry-public
+    namespace: "{{ registry_namespace | default(namespace) }}"
+  spec:
+    rules:
+    - host: "{{ registry_readonly_ingress }}"
+      http:
+        paths:
+        - backend:
+            serviceName: docker-registry
+            servicePort: 5000
+          path: /
+    tls:
+    - hosts:
+      - "{{ registry_readonly_ingress }}"
+      secretName: "{{ registry_readonly_ingress }}-tls"
+
--- a/roles/registry/tasks/main.yaml
+++ b/roles/registry/tasks/main.yaml
@ -0,0 +1,19 @@
+- set_fact:
+    registry_combined_values: "{{ registry_default_values | combine(registry_values, recursive=true) }}"
+
+- name: Deploy Docker registry
+  community.kubernetes.helm:
+    create_namespace: true
+    release_namespace: "{{ registry_namespace | default(namespace) }}"
+    release_name: "{{ registry_name | default('docker-registry') }}"
+    chart_ref: "{{ registry_chart | default('ghp/docker-registry') }}"
+    chart_version: "{{ registry_version | default(omit) }}"
+    release_values: "{{ registry_combined_values | from_yaml }}"
+    wait: true
+
+- name: Deploy readonly public ingress for Docker registry
+  when: registry_readonly_ingress is defined
+  k8s:
+    state: present
+    definition:
+      "{{ registry_readonly_ingress_definition }}"