diff --git a/.gitignore b/.gitignore index e382ff4..5d1728b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /*.yaml /*.yml +/*.tgz diff --git a/chartmuseum/.helmignore b/chartmuseum/.helmignore deleted file mode 100755 index 46fd899..0000000 --- a/chartmuseum/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# OWNERS file for Kubernetes -OWNERS diff --git a/chartmuseum/Chart.yaml b/chartmuseum/Chart.yaml deleted file mode 100755 index 917a6f6..0000000 --- a/chartmuseum/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: 0.12.0 -deprecated: true -description: DEPRECATED Host your own Helm Chart Repository -home: https://github.com/helm/chartmuseum -icon: https://raw.githubusercontent.com/helm/chartmuseum/master/logo2.png -keywords: -- chartmuseum -- helm -- charts repo -name: chartmuseum -version: 2.14.2 diff --git a/chartmuseum/README.md b/chartmuseum/README.md deleted file mode 100755 index cb3774a..0000000 --- a/chartmuseum/README.md +++ /dev/null @@ -1,749 +0,0 @@ -# ⚠️ Repo Archive Notice - -As of Nov 13, 2020, charts in this repo will no longer be updated. -For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). - -# ChartMuseum Helm Chart - -Deploy your own private ChartMuseum. - -Please also see https://github.com/kubernetes-helm/chartmuseum - -## DEPRECATION NOTICE - -This chart is deprecated and no longer supported. - -## Table of Content - - - - - -- [ChartMuseum Helm Chart](#chartmuseum-helm-chart) - - [Table of Content](#table-of-content) - - [Prerequisites](#prerequisites) - - [Configuration](#configuration) - - [Installation](#installation) - - [Using with Amazon S3](#using-with-amazon-s3) - - [permissions grant with access keys](#permissions-grant-with-access-keys) - - [permissions grant with IAM instance profile](#permissions-grant-with-iam-instance-profile) - - [permissions grant with IAM assumed role](#permissions-grant-with-iam-assumed-role) - - [permissions grant with IAM Roles for Service Accounts](#permissions-grant-with-iam-roles-for-service-accounts) - - [Using with Google Cloud Storage](#using-with-google-cloud-storage) - - [Using with Google Cloud Storage and a Google Service Account](#using-with-google-cloud-storage-and-a-google-service-account) - - [Using with Microsoft Azure Blob Storage](#using-with-microsoft-azure-blob-storage) - - [Using with Alibaba Cloud OSS Storage](#using-with-alibaba-cloud-oss-storage) - - [Using with Openstack Object Storage](#using-with-openstack-object-storage) - - [Using with Oracle Object Storage](#using-with-oracle-object-storage) - - [Using an existing secret](#using-an-existing-secret) - - [Using with local filesystem storage](#using-with-local-filesystem-storage) - - [Setting local storage permissions with initContainers](#setting-local-storage-permissions-with-initcontainers) - - [Example storage class](#example-storage-class) - - [Authentication](#authentication) - - [Basic Authentication](#basic-authentication) - - [Bearer/Token auth](#bearertoken-auth) - - [Ingress](#ingress) - - [Hosts](#hosts) - - [Extra Paths](#extra-paths) - - [Annotations](#annotations) - - [Example Ingress configuration](#example-ingress-configuration) - - [Uninstall](#uninstall) - - - - -## Prerequisites - -* [If enabled] A persistent storage resource and RW access to it -* [If enabled] Kubernetes StorageClass for dynamic provisioning - -## Configuration - -By default this chart will not have persistent storage, and the API service -will be *DISABLED*. This protects against unauthorized access to the API -with default configuration values. - -In addition, by default, pod `securityContext.fsGroup` is set to `1000`. This -is the user/group that the ChartMuseum container runs as, and is used to -enable local persitant storage. If your cluster has DenySecurityContext enabled, -you can set `securityContext` to `{}` and still use this chart with one of -the cloud storage options. - -For a more robust solution supply helm install with a custom values.yaml -You are also required to create the StorageClass resource ahead of time: -``` -kubectl create -f /path/to/storage_class.yaml -``` - -The following table lists common configurable parameters of the chart and -their default values. See values.yaml for all available options. - -| Parameter | Description | Default | -| --------------------------------------- | --------------------------------------------------------------------------- | ------------------------------------ | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.repository` | Container image to use | `chartmuseum/chartmuseum` | -| `image.tag` | Container image tag to deploy | `v0.12.0` | -| `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` | -| `persistence.enabled` | Whether to use a PVC for persistent storage | `false` | -| `persistence.path` | PV mount path | `/storage` | -| `persistence.size` | Amount of space to claim for PVC | `8Gi` | -| `persistence.labels` | Additional labels for PVC | `{}` | -| `persistence.storageClass` | Storage Class to use for PVC | `-` | -| `persistence.volumeName` | Volume to use for PVC | `` | -| `persistence.pv.enabled` | Whether to use a PV for persistent storage | `false` | -| `persistence.pv.capacity.storage` | Storage size to use for PV | `8Gi` | -| `persistence.pv.accessMode` | Access mode to use for PV | `ReadWriteOnce` | -| `persistence.pv.nfs.server` | NFS server for PV | `` | -| `persistence.pv.nfs.path` | Storage Path | `` | -| `persistence.pv.pvname` | Custom name for private volume | `` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `replicaCount` | k8s replicas | `1` | -| `resources.limits.cpu` | Container maximum CPU | `100m` | -| `resources.limits.memory` | Container maximum memory | `128Mi` | -| `resources.requests.cpu` | Container requested CPU | `80m` | -| `resources.requests.memory` | Container requested memory | `64Mi` | -| `secret.labels` | Additional labels for secret | `false` | -| `serviceAccount.create` | If true, create the service account | `false` | -| `serviceAccount.name` | Name of the serviceAccount to create or use | `{{ chartmuseum.fullname }}` | -| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | -| `securityContext.enabled` | Enable securityContext | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1000` | -| `securityContext.runAsNonRoot` | Running Pods as non-root | `` | -| `securityContext.supplementalGroups` | Control which group IDs containers add | `` | -| `containerSecurityContext` | Additional Container securityContext (ex. allowPrivilegeEscalation) | `{}` | -| `priorityClassName ` | priorityClassName | `""` | -| `nodeSelector` | Map of node labels for pod assignment | `{}` | -| `tolerations` | List of node taints to tolerate | `[]` | -| `affinity` | Map of node/pod affinities | `{}` | -| `schedulerName` | Kubernetes scheduler to use | `default` | -| `env.open.STORAGE` | Storage Backend to use | `local` | -| `env.open.STORAGE_ALIBABA_BUCKET` | Bucket to store charts in for Alibaba | `` | -| `env.open.STORAGE_ALIBABA_PREFIX` | Prefix to store charts under for Alibaba | `` | -| `env.open.STORAGE_ALIBABA_ENDPOINT` | Alternative Alibaba endpoint | `` | -| `env.open.STORAGE_ALIBABA_SSE` | Server side encryption algorithm to use | `` | -| `env.open.STORAGE_AMAZON_BUCKET` | Bucket to store charts in for AWS | `` | -| `env.open.STORAGE_AMAZON_ENDPOINT` | Alternative AWS endpoint | `` | -| `env.open.STORAGE_AMAZON_PREFIX` | Prefix to store charts under for AWS | `` | -| `env.open.STORAGE_AMAZON_REGION` | Region to use for bucket access for AWS | `` | -| `env.open.STORAGE_AMAZON_SSE` | Server side encryption algorithm to use | `` | -| `env.open.STORAGE_GOOGLE_BUCKET` | Bucket to store charts in for GCP | `` | -| `env.open.STORAGE_GOOGLE_PREFIX` | Prefix to store charts under for GCP | `` | -| `env.open.STORAGE_MICROSOFT_CONTAINER` | Container to store charts under for MS | `` | -| `env.open.STORAGE_MICROSOFT_PREFIX` | Prefix to store charts under for MS | `` | -| `env.open.STORAGE_OPENSTACK_CONTAINER` | Container to store charts for openstack | `` | -| `env.open.STORAGE_OPENSTACK_PREFIX` | Prefix to store charts for openstack | `` | -| `env.open.STORAGE_OPENSTACK_REGION` | Region of openstack container | `` | -| `env.open.STORAGE_OPENSTACK_CACERT` | Path to a CA cert bundle for openstack | `` | -| `env.open.STORAGE_ORACLE_COMPARTMENTID` | Compartment ID for Oracle Object Store | `` | -| `env.open.STORAGE_ORACLE_BUCKET` | Bucket to store charts in Oracle Object Store | `` | -| `env.open.STORAGE_ORACLE_PREFIX` | Prefix to store charts for Oracle object Store | `` | -| `env.open.CHART_POST_FORM_FIELD_NAME` | Form field to query for chart file content | `` | -| `env.open.PROV_POST_FORM_FIELD_NAME` | Form field to query for chart provenance | `` | -| `env.open.DEPTH` | levels of nested repos for multitenancy. | `0` | -| `env.open.DEBUG` | Show debug messages | `false` | -| `env.open.LOG_JSON` | Output structured logs in JSON | `true` | -| `env.open.DISABLE_STATEFILES` | Disable use of index-cache.yaml | `false` | -| `env.open.DISABLE_METRICS` | Disable Prometheus metrics | `true` | -| `env.open.DISABLE_API` | Disable all routes prefixed with /api | `true` | -| `env.open.ALLOW_OVERWRITE` | Allow chart versions to be re-uploaded | `false` | -| `env.open.CHART_URL` | Absolute url for .tgzs in index.yaml | `` | -| `env.open.AUTH_ANONYMOUS_GET` | Allow anon GET operations when auth is used | `false` | -| `env.open.CONTEXT_PATH` | Set the base context path | `` | -| `env.open.INDEX_LIMIT` | Parallel scan limit for the repo indexer | `` | -| `env.open.CACHE` | Cache store, can be one of: redis | `` | -| `env.open.CACHE_REDIS_ADDR` | Address of Redis service (host:port) | `` | -| `env.open.CACHE_REDIS_DB` | Redis database to be selected after connect | `0` | -| `env.open.BEARER_AUTH` | Enable bearer auth | `false` | -| `env.open.AUTH_REALM` | Realm used for bearer authentication | `` | -| `env.open.AUTH_SERVICE` | Service used for bearer authentication | `` | -| `env.field` | Expose pod information to containers through environment variables | `` | -| `env.existingSecret` | Name of the existing secret use values | `` | -| `env.existingSecret.BASIC_AUTH_USER` | Key name in the secret for the Username | `` | -| `env.existingSecret.BASIC_AUTH_PASS` | Key name in the secret for the Password | `` | -| `env.secret.BASIC_AUTH_USER` | Username for basic HTTP authentication | `` | -| `env.secret.BASIC_AUTH_PASS` | Password for basic HTTP authentication | `` | -| `env.secret.CACHE_REDIS_PASSWORD` | Redis requirepass server configuration | `` | -| `extraArgs` | Pass extra arguments to the chartmuseum binary | `` | -| `gcp.secret.enabled` | Flag for the GCP service account | `false` | -| `gcp.secret.name` | Secret name for the GCP json file | `` | -| `gcp.secret.key` | Secret key for te GCP json file | `credentials.json` | -| `oracle.secret.enabled` | Flag for Oracle OCI account | `false` | -| `oracle.secret.name` | Secret name for OCI config and key | `` | -| `oracle.secret.config` | Secret key that holds the OCI config | `config` | -| `oracle.secret.key_file` | Secret key that holds the OCI private key | `key_file` | -| `bearerAuth.secret.enabled` | Flag for bearer auth public key secret | `` | -| `bearerAuth.secret.publicKey` | The name of the secret with the public key | `` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `service.externalTrafficPolicy` | Source IP preservation (only for Service type NodePort and LoadBalancer) | `Local` | -| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only for Service type LoadBalancer) | `[]` | -| `service.servicename` | Custom name for service | `` | -| `service.labels` | Additional labels for service | `{}` | -| `serviceMonitor.enabled` | Enable the ServiceMontor resource to be deployed | `false` | -| `serviceMonitor.labels` | Labels for the servicemonitor used by the Prometheus Operator | `{}` | -| `serviceMonitor.namespace` | Namespace of the ServiceMonitor resource | `{{ .Release.Namespace }}` | -| `serviceMonitor.metricsPath` | Path to the Chartmuseum metrics path | `/metrics` | -| `serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | -| `serviceMonitor.timeout` | Scrape request timeout. If not set, the Prometheus default timeout is used | `nil` | -| `deployment.labels` | Additional labels for deployment | `{}` | -| `deployment.matchlabes` | Match labels for deployment selector | `{}` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.annotations` | Ingress annotations | `[]` | -| `ingress.labels` | Ingress labels | `[]` | -| `ingress.hosts[0].name` | Hostname for the ingress | `` | -| `ingress.hosts[0].path` | Path within the url structure | `` | -| `ingress.hosts[0].tls ` | Enable TLS on the ingress host | `false` | -| `ingress.hosts[0].tlsSecret` | TLS secret to use (must be manually created) | `` | -| `ingress.hosts[0].serviceName` | The name of the service to route traffic to. | `{{ .Values.service.externalPort }}` | -| `ingress.hosts[0].servicePort` | The port of the service to route traffic to. | `{{ .chartmuseum. }}` | -| `ingress.extraPaths[0].path` | Path within the url structure. | `` | -| `ingress.extraPaths[0].service` | The name of the service to route traffic to. | `` | -| `ingress.extraPaths[0].port` | The port of the service to route traffic to. | `` | - -Specify each parameter using the `--set key=value[,key=value]` argument to -`helm install`. - -## Installation - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -### Using with Amazon S3 -Make sure your environment is properly setup to access `my-s3-bucket` - -You need at least the following permissions inside your IAM Policy -```yaml -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowListObjects", - "Effect": "Allow", - "Action": [ - "s3:ListBucket" - ], - "Resource": "arn:aws:s3:::my-s3-bucket" - }, - { - "Sid": "AllowObjectsCRUD", - "Effect": "Allow", - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:PutObject" - ], - "Resource": "arn:aws:s3:::my-s3-bucket/*" - } - ] -} -``` - -You can grant it to `chartmuseum` by several ways: - -#### permissions grant with access keys - -Grant permissions to `special user` and us it's access keys for auth on aws - -Specify `custom.yaml` with such values - -```yaml -env: - open: - STORAGE: amazon - STORAGE_AMAZON_BUCKET: my-s3-bucket - STORAGE_AMAZON_PREFIX: - STORAGE_AMAZON_REGION: us-east-1 - secret: - AWS_ACCESS_KEY_ID: "********" ## aws access key id value - AWS_SECRET_ACCESS_KEY: "********" ## aws access key secret value -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -#### permissions grant with IAM instance profile - -You can grant permissions to k8s node IAM instance profile. -For more information read this [article](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html) - -Specify `custom.yaml` with such values - -```yaml -env: - open: - STORAGE: amazon - STORAGE_AMAZON_BUCKET: my-s3-bucket - STORAGE_AMAZON_PREFIX: - STORAGE_AMAZON_REGION: us-east-1 -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -#### permissions grant with IAM assumed role - -To provide access with assumed role you need to install [kube2iam](https://github.com/kubernetes/charts/tree/master/stable/kube2iam) -and create role with granded permissions. - -Specify `custom.yaml` with such values - -```yaml -env: - open: - STORAGE: amazon - STORAGE_AMAZON_BUCKET: my-s3-bucket - STORAGE_AMAZON_PREFIX: - STORAGE_AMAZON_REGION: us-east-1 -replica: - annotations: - iam.amazonaws.com/role: "{assumed role name}" -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -#### permissions grant with IAM Roles for Service Accounts - -For Amazon EKS clusters, access can be provided with a service account using [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). - -Specify `custom.yaml` with such values - -```yaml -env: - open: - STORAGE: amazon - STORAGE_AMAZON_BUCKET: my-s3-bucket - STORAGE_AMAZON_PREFIX: - STORAGE_AMAZON_REGION: us-east-1 -serviceAccount: - create: true - annotations: - eks.amazonaws.com/role-arn: "arn:aws:iam::{aws account ID}:role/{assumed role name}" -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -### Using with Google Cloud Storage -Make sure your environment is properly setup to access `my-gcs-bucket` - -Specify `custom.yaml` with such values - -```yaml -env: - open: - STORAGE: google - STORAGE_GOOGLE_BUCKET: my-gcs-bucket - STORAGE_GOOGLE_PREFIX: -``` - -### Using with Google Cloud Storage and a Google Service Account - -A Google service account credentials are stored in a json file. There are two approaches here. Ideally you don't want to send your secrets to tiller. In that case, before installing this chart, you should create a secret with those credentials: - -```shell -kubectl create secret generic chartmuseum-secret --from-file=credentials.json="my-project-45e35d85a593.json" -``` - -Then you can either use a `VALUES` yaml with your values or set those values in the command line: - -```shell -helm install stable/chartmuseum --debug --set gcp.secret.enabled=true,env.open.STORAGE=google,env.open.DISABLE_API=false,env.open.STORAGE_GOOGLE_BUCKET=my-gcp-chartmuseum,gcp.secret.name=chartmuseum-secret -``` - -If you prefer to use a yaml file: - -```yaml -env: - open: - STORAGE: google - STORAGE_GOOGLE_BUCKET: my-gcs-bucket - STORAGE_GOOGLE_PREFIX: - -gcp: - secret: - enabled: true - name: chartmuseum-secret - key: credentials.json -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -In case that you don't mind adding your secret to tiller (you shouldn't do it), this are the commands - -```yaml -env: - open: - STORAGE: google - STORAGE_GOOGLE_BUCKET: my-gcs-bucket - STORAGE_GOOGLE_PREFIX: - secret: - GOOGLE_CREDENTIALS_JSON: my-json-file-base64-encoded -gcp: - secret: - enabled: true - -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -To set the values directly in the command line, use the following command. Note that we have to base64 encode the json file because we cannot pass a multi-line text as a value. - -```shell -export JSONKEY=$(cat my-project-77e35d85a593.json | base64) -helm install stable/chartmuseum --debug --set gcp.secret.enabled=true,env.secret.GOOGLE_CREDENTIALS_JSON=${JSONKEY},env.open.STORAGE=google,env.open.DISABLE_API=false,env.open.STORAGE_GOOGLE_BUCKET=my-gcp-chartmuseum -``` - -### Using with Microsoft Azure Blob Storage - -Make sure your environment is properly setup to access `mycontainer`. - -To do so, you must set the following env vars: -- `AZURE_STORAGE_ACCOUNT` -- `AZURE_STORAGE_ACCESS_KEY` - -Specify `custom.yaml` with such values - -```yaml -env: - open: - STORAGE: microsoft - STORAGE_MICROSOFT_CONTAINER: mycontainer - # prefix to store charts for microsoft storage backend - STORAGE_MICROSOFT_PREFIX: - secret: - AZURE_STORAGE_ACCOUNT: "********" ## azure storage account - AZURE_STORAGE_ACCESS_KEY: "********" ## azure storage account access key -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -### Using with Alibaba Cloud OSS Storage - -Make sure your environment is properly setup to access `my-oss-bucket`. - -To do so, you must set the following env vars: -- `ALIBABA_CLOUD_ACCESS_KEY_ID` -- `ALIBABA_CLOUD_ACCESS_KEY_SECRET` - -Specify `custom.yaml` with such values - -```yaml -env: - open: - STORAGE: alibaba - STORAGE_ALIBABA_BUCKET: my-oss-bucket - STORAGE_ALIBABA_PREFIX: - STORAGE_ALIBABA_ENDPOINT: oss-cn-beijing.aliyuncs.com - secret: - ALIBABA_CLOUD_ACCESS_KEY_ID: "********" ## alibaba OSS access key id - ALIBABA_CLOUD_ACCESS_KEY_SECRET: "********" ## alibaba OSS access key secret -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -### Using with Openstack Object Storage - -Make sure your environment is properly setup to access `mycontainer`. - -To do so, you must set the following env vars (depending on your openstack version): -- `OS_AUTH_URL` -- either `OS_PROJECT_NAME` or `OS_TENANT_NAME` or `OS_PROJECT_ID` or `OS_TENANT_ID` -- either `OS_DOMAIN_NAME` or `OS_DOMAIN_ID` -- either `OS_USERNAME` or `OS_USERID` -- `OS_PASSWORD` - -Specify `custom.yaml` with such values - -```yaml -env: - open: - STORAGE: openstack - STORAGE_OPENSTACK_CONTAINER: mycontainer - STORAGE_OPENSTACK_PREFIX: - STORAGE_OPENSTACK_REGION: YOURREGION - secret: - OS_AUTH_URL: https://myauth.url.com/v2.0/ - OS_TENANT_ID: yourtenantid - OS_USERNAME: yourusername - OS_PASSWORD: yourpassword -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` -### Using with Oracle Object Storage - -Oracle (OCI) configuration and private key need to be added to a secret and are mounted at /home/chartmuseum/.oci. Your OCI config needs to be under [DEFAULT] and your `key_file` needs to be /home/chartmuseum/.oci/oci.key. See https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm - -```shell -kubectl create secret generic chartmuseum-secret --from-file=config=".oci/config" --from-file=key_file=".oci/oci.key" -``` - -Then you can either use a `VALUES` yaml with your values or set those values in the command line: - -```shell -helm install stable/chartmuseum --debug --set env.open.STORAGE=oracle,env.open.STORAGE_ORACLE_COMPARTMENTID=ocid1.compartment.oc1..abc123,env.open.STORAGE_ORACLE_BUCKET=myocibucket,env.open.STORAGE_ORACLE_PREFIX=chartmuseum,oracle.secret.enabled=true,oracle.secret.name=chartmuseum-secret -``` - -If you prefer to use a yaml file: - -```yaml -env: - open: - STORAGE: oracle - STORAGE_ORACLE_COMPARTMENTID: ocid1.compartment.oc1..abc123 - STORAGE_ORACLE_BUCKET: myocibucket - STORAGE_ORACLE_PREFIX: chartmuseum - -oracle: - secret: - enabled: enabled - name: chartmuseum-secret - config: config - key_file: key_file - -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -### Using an existing secret - -It is possible to pre-create a secret in kubernetes and get this chart to use that - -Given you are for example using the above AWS example - -You could create a Secret like this - -```shell - kubectl create secret generic chartmuseum-secret --from-literal="aws-access-key=myaccesskey" --from-literal="aws-secret-access-key=mysecretaccesskey" --from-literal="basic-auth-user=curator" --from-literal="basic-auth-pass=mypassword" -``` - -Specify `custom.yaml` with such values - -```yaml -env: - open: - STORAGE: amazonexistingSecret - STORAGE_AMAZON_BUCKET: my-s3-bucket - STORAGE_AMAZON_PREFIX: - STORAGE_AMAZON_REGION: us-east-1 - existingSecret: chartmuseum-secret - existingSecretMappings: - AWS_ACCESS_KEY_ID: aws-access-key - AWS_SECRET_ACCESS_KEY: aws-secret-access-key - BASIC_AUTH_USER: basic-auth-user - BASIC_AUTH_PASS: basic-auth-pass -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -### Using with local filesystem storage -By default chartmuseum uses local filesystem storage. -But on pod recreation it will lose all charts, to prevent that enable persistent storage. - -```yaml -env: - open: - STORAGE: local -persistence: - enabled: true - accessMode: ReadWriteOnce - size: 8Gi - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - ## Chartmuseum data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" -``` - -Run command to install - -```shell -helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum -``` - -### Setting local storage permissions with initContainers - -Some clusters do not allow using securityContext to set permissions for persistent volumes. Instead, an initContainer can be created to run `chown` on the mounted volume. To enable it, set `securityContext.enabled` to `false`. - - -#### Example storage class - -Example storage-class.yaml provided here for use with a Ceph cluster. - -``` -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: storage-volume -provisioner: kubernetes.io/rbd -parameters: - monitors: "10.11.12.13:4567,10.11.12.14:4567" - adminId: admin - adminSecretName: thesecret - adminSecretNamespace: default - pool: chartstore - userId: user - userSecretName: thesecret -``` - -### Authentication - -By default this chart does not have any authentication configured and allows anyone to fetch or upload (assuming the API is enabled) charts there are two supported methods of authentication - -#### Basic Authentication - -This allows all API routes to be protected by HTTP basic auth, this is configured either as plain text in the values that gets stored as a secret in the kubernetes cluster by setting: - -```yaml -env: - secret: - BASIC_AUTH_USER: curator - BASIC_AUTH_PASS: mypassword -``` - -Or by using values from an existing secret in the cluster that can be created using: - -```shell -kubectl create secret generic chartmuseum-secret --from-literal="basic-auth-user=curator" --from-literal="basic-auth-pass=mypassword" -``` - -This secret can be used in the values file as follows: - -```yaml -env: - existingSecret: chartmuseum-secret - existingSecretMappings: - BASIC_AUTH_USER: basic-auth-user - BASIC_AUTH_PASS: basic-auth-pass -``` - -#### Bearer/Token auth - -When using this ChartMuseum is configured with a public key, and will accept RS256 JWT tokens signed by the associated private key, passed in the Authorization header. You can use the [chartmuseum/auth](https://github.com/chartmuseum/auth) Go library to generate valid JWT tokens. For more information about how this works, please see [chartmuseum/auth-server-example](https://github.com/chartmuseum/auth-server-example) - -To use this the public key should be stored in a secret this can be done with - -```shell -kubectl create secret generic chartmuseum-public-key --from-file=public-key.pem -``` - -And Bearer/Token auth can be configured using the following values - -```yaml -env: - open: - BEARER_AUTH: true - AUTH_REALM: - AUTH_SERVICE: - -bearerAuth: - secret: - enabled: true - publicKeySecret: chartmuseum-public-key -``` - -### Ingress - -This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress](https://hub.kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://hub.kubeapps.com/charts/stable/traefik) you can utilize the ingress controller to expose Kubeapps. - -To enable ingress integration, please set `ingress.enabled` to `true` - -#### Hosts - -Most likely you will only want to have one hostname that maps to this Chartmuseum installation, however, it is possible to have more than one host. To facilitate this, the `ingress.hosts` object is an array. TLS secrets referenced in the ingress host configuration must be manually created in the namespace. - -In most cases, you should not specify values for `ingress.hosts[0].serviceName` and `ingress.hosts[0].servicePort`. However, some ingress controllers support advanced scenarios requiring you to specify these values. For example, [setting up an SSL redirect using the AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/). - -#### Extra Paths - -Specifying extra paths to prepend to every host configuration is especially useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). - -```shell -helm install --name my-chartmuseum stable/chartmuseum \ - --set ingress.enabled=true \ - --set ingress.hosts[0].name=chartmuseum.domain.com \ - --set ingress.extraPaths[0].service=ssl-redirect \ - --set ingress.extraPaths[0].port=use-annotation \ -``` - - -#### Annotations - -For annotations, please see [this document for nginx](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) and [this document for Traefik](https://docs.traefik.io/configuration/backends/kubernetes/#general-annotations). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. Annotations can be set using `ingress.annotations`. - -#### Example Ingress configuration - -```shell -helm install --name my-chartmuseum stable/chartmuseum \ - --set ingress.enabled=true \ - --set ingress.hosts[0].name=chartmuseum.domain.com \ - --set ingress.hosts[0].path=/ - --set ingress.hosts[0].tls=true - --set ingress.hosts[0].tlsSecret=chartmuseum.tls-secret -``` - -## Uninstall - -By default, a deliberate uninstall will result in the persistent volume -claim being deleted. - -```shell -helm delete my-chartmuseum -``` - -To delete the deployment and its history: -```shell -helm delete --purge my-chartmuseum -``` diff --git a/chartmuseum/ci/ingress-values.yaml b/chartmuseum/ci/ingress-values.yaml deleted file mode 100755 index 04e7645..0000000 --- a/chartmuseum/ci/ingress-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: "true" - hosts: - - name: chartmuseum.domain1.com - path: / - tls: false diff --git a/chartmuseum/templates/NOTES.txt b/chartmuseum/templates/NOTES.txt deleted file mode 100755 index 5efa6be..0000000 --- a/chartmuseum/templates/NOTES.txt +++ /dev/null @@ -1,30 +0,0 @@ -** Please be patient while the chart is being deployed ** - -Get the ChartMuseum URL by running: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "chartmuseum.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT{{ .Values.env.open.CONTEXT_PATH }}/ - -{{- else if contains "LoadBalancer" .Values.service.type }} - -** Please ensure an external IP is associated to the {{ template "chartmuseum.fullname" . }} service before proceeding ** -** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "chartmuseum.fullname" . }} ** - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "chartmuseum.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }}{{ .Values.env.open.CONTEXT_PATH }}/ - -OR - - export SERVICE_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "chartmuseum.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') - echo http://$SERVICE_HOST:{{ .Values.service.externalPort }}{{ .Values.env.open.CONTEXT_PATH }}/ - -{{- else if contains "ClusterIP" .Values.service.type }} - - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "chartmuseum.name" . }}" -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo http://127.0.0.1:8080{{ .Values.env.open.CONTEXT_PATH }}/ - kubectl port-forward $POD_NAME 8080:8080 --namespace {{ .Release.Namespace }} - -{{- end }} diff --git a/chartmuseum/templates/_helpers.tpl b/chartmuseum/templates/_helpers.tpl deleted file mode 100755 index e5bab6a..0000000 --- a/chartmuseum/templates/_helpers.tpl +++ /dev/null @@ -1,142 +0,0 @@ -{{- /* -name defines a template for the name of the chartmuseum chart. - -The prevailing wisdom is that names should only contain a-z, 0-9 plus dot (.) and dash (-), and should -not exceed 63 characters. - -Parameters: - -- .Values.nameOverride: Replaces the computed name with this given name -- .Values.namePrefix: Prefix -- .Values.global.namePrefix: Global prefix -- .Values.nameSuffix: Suffix -- .Values.global.nameSuffix: Global suffix - -The applied order is: "global prefix + prefix + name + suffix + global suffix" - -Usage: 'name: "{{- template "chartmuseum.name" . -}}"' -*/ -}} -{{- define "chartmuseum.name"}} -{{- $global := default (dict) .Values.global -}} -{{- $base := default .Chart.Name .Values.nameOverride -}} -{{- $gpre := default "" $global.namePrefix -}} -{{- $pre := default "" .Values.namePrefix -}} -{{- $suf := default "" .Values.nameSuffix -}} -{{- $gsuf := default "" $global.nameSuffix -}} -{{- $name := print $gpre $pre $base $suf $gsuf -}} -{{- $name | lower | trunc 54 | trimSuffix "-" -}} -{{- end -}} - -{{- /* -fullname defines a suitably unique name for a resource by combining -the release name and the chartmuseum chart name. - -The prevailing wisdom is that names should only contain a-z, 0-9 plus dot (.) and dash (-), and should -not exceed 63 characters. - -Parameters: - -- .Values.fullnameOverride: Replaces the computed name with this given name -- .Values.fullnamePrefix: Prefix -- .Values.global.fullnamePrefix: Global prefix -- .Values.fullnameSuffix: Suffix -- .Values.global.fullnameSuffix: Global suffix - -The applied order is: "global prefix + prefix + name + suffix + global suffix" - -Usage: 'name: "{{- template "chartmuseum.fullname" . -}}"' -*/ -}} -{{- define "chartmuseum.fullname"}} -{{- $global := default (dict) .Values.global -}} -{{- $base := default (printf "%s-%s" .Release.Name .Chart.Name) .Values.fullnameOverride -}} -{{- $gpre := default "" $global.fullnamePrefix -}} -{{- $pre := default "" .Values.fullnamePrefix -}} -{{- $suf := default "" .Values.fullnameSuffix -}} -{{- $gsuf := default "" $global.fullnameSuffix -}} -{{- $name := print $gpre $pre $base $suf $gsuf -}} -{{- $name | lower | trunc 54 | trimSuffix "-" -}} -{{- end -}} - - -{{- /* -chartmuseum.labels.standard prints the standard chartmuseum Helm labels. - -The standard labels are frequently used in metadata. -*/ -}} -{{- define "chartmuseum.labels.standard" -}} -app: {{ template "chartmuseum.name" . }} -chart: {{ template "chartmuseum.chartref" . }} -heritage: {{ .Release.Service | quote }} -release: {{ .Release.Name | quote }} -{{- end -}} - -{{- /* -chartmuseum.chartref prints a chart name and version. - -It does minimal escaping for use in Kubernetes labels. - -Example output: - -chartmuseum-0.4.5 -*/ -}} -{{- define "chartmuseum.chartref" -}} -{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} -{{- end -}} - -{{/* -Return the proper image name to change the volume permissions -*/}} -{{- define "chartmuseum.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "chartmuseum.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/chartmuseum/templates/deployment.yaml b/chartmuseum/templates/deployment.yaml deleted file mode 100755 index d194aaf..0000000 --- a/chartmuseum/templates/deployment.yaml +++ /dev/null @@ -1,220 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "chartmuseum.fullname" . }} - annotations: -{{ toYaml .Values.deployment.annotations | indent 4 }} - labels: -{{ include "chartmuseum.labels.standard" . | indent 4 }} -{{- if .Values.deployment.labels }} -{{ toYaml .Values.deployment.labels | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - app: {{ template "chartmuseum.name" . }} - release: {{ .Release.Name | quote }} -{{- if .Values.deployment.labels }} -{{ toYaml .Values.deployment.labels | indent 6 }} -{{- end }} - replicas: {{ .Values.replicaCount }} - strategy: -{{ toYaml .Values.strategy | indent 4 }} - revisionHistoryLimit: 10 -{{- if .Values.deployment.matchlabes }} - selector: - matchLabels: -{{ toYaml .Values.deployment.matchlabels | indent 6 }} -{{- end }} - template: - metadata: - name: {{ include "chartmuseum.fullname" . }} - annotations: -{{ toYaml .Values.replica.annotations | indent 8 }} - labels: - app: {{ template "chartmuseum.name" . }} - release: {{ .Release.Name | quote }} -{{- if .Values.deployment.labels }} -{{ toYaml .Values.deployment.labels | indent 8 }} -{{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- if .Values.securityContext.runAsNonRoot }} - runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} - {{- end }} - {{- if .Values.securityContext.supplementalGroups }} - supplementalGroups: {{ .Values.securityContext.supplementalGroups }} - {{- end }} - {{- else if .Values.persistence.enabled }} - initContainers: - - name: volume-permissions - image: {{ template "chartmuseum.volumePermissions.image" . }} - imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}" - securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 10 }} - command: ['sh', '-c', 'chown -R {{ .Values.securityContext.fsGroup }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.path }}'] - volumeMounts: - - mountPath: {{ .Values.persistence.path }} - name: storage-volume - {{- end }} -{{- include "chartmuseum.imagePullSecrets" . | indent 6 }} - containers: - - name: {{ .Chart.Name }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 10 }} - env: -{{- range $name, $value := .Values.env.open }} -{{- if not (empty $value) }} - - name: {{ $name | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end }} -{{- range $name, $value := .Values.env.field }} -{{- if not ( empty $value) }} - - name: {{ $name | quote }} - valueFrom: - fieldRef: - fieldPath: {{ $value | quote }} -{{- end }} -{{- end }} -{{- if .Values.gcp.secret.enabled }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/secrets/google/credentials.json" -{{- end }} -{{- if .Values.env.existingSecret }} -{{- $secret_name := .Values.env.existingSecret }} -{{- range $name, $key := .Values.env.existingSecretMappings }} -{{- if not ( empty $key) }} - - name: {{ $name | quote }} - valueFrom: - secretKeyRef: - name: {{ $secret_name | quote }} - key: {{ $key | quote }} -{{- end }} -{{- end }} -{{- else }} -{{- $secret_name := include "chartmuseum.fullname" . }} -{{- range $name, $value := .Values.env.secret }} -{{- if not ( empty $value) }} - - name: {{ $name | quote }} - valueFrom: - secretKeyRef: - name: {{ $secret_name }} - key: {{ $name | quote }} -{{- end }} -{{- end }} -{{- end }} -{{- if .Values.bearerAuth.secret.enabled }} - - name: AUTH_CERT_PATH - value: /var/keys/public-key.pem -{{ end }} - args: - - --port=8080 -{{- if eq .Values.env.open.STORAGE "local" }} - - --storage-local-rootdir={{ .Values.persistence.path }} -{{- end }} -{{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 8 }} -{{- end }} - ports: - - name: http - containerPort: 8080 - livenessProbe: - httpGet: - path: {{ .Values.env.open.CONTEXT_PATH }}/health - port: http -{{ toYaml .Values.probes.liveness | indent 10 }} - readinessProbe: - httpGet: - path: {{ .Values.env.open.CONTEXT_PATH }}/health - port: http -{{ toYaml .Values.probes.readiness | indent 10 }} - volumeMounts: -{{- if eq .Values.env.open.STORAGE "local" }} - - mountPath: {{ .Values.persistence.path }} - name: storage-volume -{{- end }} -{{- if .Values.gcp.secret.enabled }} - - mountPath: /etc/secrets/google - name: {{ include "chartmuseum.fullname" . }}-gcp -{{- end }} -{{- if .Values.oracle.secret.enabled }} - - mountPath: /home/chartmuseum/.oci - name: {{ include "chartmuseum.fullname" . }}-oracle -{{- end }} -{{- if .Values.bearerAuth.secret.enabled }} - - name: public-key - mountPath: /var/keys - readOnly: true -{{- end }} - {{- with .Values.resources }} - resources: -{{ toYaml . | indent 10 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.deployment.schedulerName }} - schedulerName: {{ .Values.deployment.schedulerName }} - {{- end -}} - {{- if and .Values.serviceAccount.create .Values.serviceAccount.name }} - serviceAccountName: {{ .Values.serviceAccount.name }} - {{- else if .Values.serviceAccount.create }} - serviceAccountName: {{ include "chartmuseum.fullname" . }} - {{- else if .Values.serviceAccount.name }} - serviceAccountName: {{ .Values.serviceAccount.name }} - {{- end }} - volumes: - - name: storage-volume - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "chartmuseum.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end -}} - {{ if .Values.gcp.secret.enabled }} - - name: {{ include "chartmuseum.fullname" . }}-gcp - secret: - {{ if .Values.env.secret.GOOGLE_CREDENTIALS_JSON }} - secretName: {{ include "chartmuseum.fullname" . }} - items: - - key: GOOGLE_CREDENTIALS_JSON - path: credentials.json - {{ else }} - secretName: {{ .Values.gcp.secret.name }} - items: - - key: {{ .Values.gcp.secret.key }} - path: credentials.json - {{ end }} - {{ end }} - {{ if .Values.oracle.secret.enabled }} - - name: {{ include "chartmuseum.fullname" . }}-oracle - secret: - secretName: {{ .Values.oracle.secret.name }} - items: - - key: {{ .Values.oracle.secret.config }} - path: config - - key: {{ .Values.oracle.secret.key_file }} - path: oci.key - {{ end }} -{{- if .Values.bearerAuth.secret.enabled }} - - name: public-key - secret: - secretName: {{ .Values.bearerAuth.secret.publicKeySecret }} -{{- end }} diff --git a/chartmuseum/templates/ingress.yaml b/chartmuseum/templates/ingress.yaml deleted file mode 100755 index 5fa52e2..0000000 --- a/chartmuseum/templates/ingress.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- $servicePort := .Values.service.externalPort -}} -{{- $serviceName := include "chartmuseum.fullname" . -}} -{{- $ingressExtraPaths := .Values.ingress.extraPaths -}} ---- -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ include "chartmuseum.fullname" . }} - annotations: -{{ toYaml .Values.ingress.annotations | indent 4 }} - labels: -{{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} -{{ include "chartmuseum.labels.standard" . | indent 4 }} -spec: - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .name }} - http: - paths: - {{- range $ingressExtraPaths }} - - path: {{ default "/" .path | quote }} - backend: - {{- if $.Values.service.servicename }} - serviceName: {{ $.Values.service.servicename }} - {{- else }} - serviceName: {{ default $serviceName .service }} - {{- end }} - servicePort: {{ default $servicePort .port }} - {{- end }} - - path: {{ default "/" .path | quote }} - backend: - {{- if $.Values.service.servicename }} - serviceName: {{ $.Values.service.servicename }} - {{- else }} - serviceName: {{ default $serviceName .service }} - {{- end }} - servicePort: {{ default $servicePort .servicePort }} - {{- end }} - tls: - {{- range .Values.ingress.hosts }} - {{- if .tls }} - - hosts: - - {{ .name }} - secretName: {{ .tlsSecret }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/chartmuseum/templates/pv.yaml b/chartmuseum/templates/pv.yaml deleted file mode 100755 index 1aaff0f..0000000 --- a/chartmuseum/templates/pv.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.persistence.pv.enabled -}} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.persistence.pv.pvname }} - name: {{ .Values.persistence.pv.pvname }} -{{- else }} - name: {{ include "chartmuseum.fullname" . }} -{{- end }} - labels: - app: {{ include "chartmuseum.fullname" . }} - release: {{ .Release.Name | quote }} -spec: - capacity: - storage: {{ .Values.persistence.pv.capacity.storage }} - accessModes: - - {{ .Values.persistence.pv.accessMode | quote }} - nfs: - server: {{ .Values.persistence.pv.nfs.server }} - path: {{ .Values.persistence.pv.nfs.path | quote }} -{{- end }} \ No newline at end of file diff --git a/chartmuseum/templates/pvc.yaml b/chartmuseum/templates/pvc.yaml deleted file mode 100755 index aaedace..0000000 --- a/chartmuseum/templates/pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "chartmuseum.fullname" . }} - labels: - app: {{ include "chartmuseum.fullname" . }} - release: {{ .Release.Name | quote }} -{{- if .Values.persistence.labels }} -{{ toYaml .Values.persistence.labels | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- else if and .Values.persistence.volumeName (.Values.persistence.pv.enabled) }} - volumeName: "{{ .Values.persistence.volumeName }}" -{{- end }} -{{- end }} diff --git a/chartmuseum/templates/secret.yaml b/chartmuseum/templates/secret.yaml deleted file mode 100755 index d4c837c..0000000 --- a/chartmuseum/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.env.existingSecret -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "chartmuseum.fullname" . }} - labels: -{{- if .Values.secret.labels }} -{{ toYaml .Values.secret.labels | indent 4 }} -{{- end }} -{{ include "chartmuseum.labels.standard" . | indent 4 }} -type: Opaque -data: -{{- range $name, $value := .Values.env.secret }} -{{- if not (empty $value) }} -{{- if eq $name "GOOGLE_CREDENTIALS_JSON" }} - {{ $name }}: {{ $value }} - {{- else }} - {{ $name }}: {{ $value | b64enc }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/chartmuseum/templates/service.yaml b/chartmuseum/templates/service.yaml deleted file mode 100755 index cc5a6a8..0000000 --- a/chartmuseum/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.service.servicename }} - name: {{ .Values.service.servicename }} -{{- else }} - name: {{ include "chartmuseum.fullname" . }} -{{- end }} - labels: -{{ include "chartmuseum.labels.standard" . | indent 4 }} -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4 }} -{{- end }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort)))) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- with .Values.service.loadBalancerSourceRanges }} -{{ toYaml . | indent 2 }} - {{- end }} - {{- end }} - {{- if eq .Values.service.type "ClusterIP" }} - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- end }} - ports: - - port: {{ .Values.service.externalPort }} -{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{.Values.service.nodePort}} -{{- else }} - targetPort: http -{{- end }} - protocol: TCP - name: http - selector: - app: {{ template "chartmuseum.name" . }} - release: {{ .Release.Name | quote }} diff --git a/chartmuseum/templates/serviceaccount.yaml b/chartmuseum/templates/serviceaccount.yaml deleted file mode 100755 index 2561395..0000000 --- a/chartmuseum/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.serviceAccount.create -}} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: -{{- if .Values.serviceAccount.name }} - name: {{ .Values.serviceAccount.name }} -{{- else }} - name: {{ include "chartmuseum.fullname" . }} -{{- end }} - labels: -{{ include "chartmuseum.labels.standard" . | indent 4 }} -{{- if .Values.serviceAccount.annotations }} - annotations: -{{ toYaml .Values.serviceAccount.annotations | nindent 4 }} -{{- end }} -{{- end -}} diff --git a/chartmuseum/templates/servicemonitor.yaml b/chartmuseum/templates/servicemonitor.yaml deleted file mode 100755 index 03dfb54..0000000 --- a/chartmuseum/templates/servicemonitor.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: -{{- if .Values.serviceMonitor.labels }} - labels: -{{ toYaml .Values.serviceMonitor.labels | indent 4 }} -{{- end }} - name: {{ template "chartmuseum.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- if .Values.serviceMonitor.namespace }} - namespace: {{ .Values.serviceMonitor.namespace }} -{{- end }} -spec: - endpoints: - - targetPort: 8080 -{{- if .Values.serviceMonitor.interval }} - interval: {{ .Values.serviceMonitor.interval }} -{{- end }} -{{- if .Values.serviceMonitor.metricsPath }} - path: {{ .Values.serviceMonitor.metricsPath }} -{{- end }} -{{- if .Values.serviceMonitor.timeout }} - scrapeTimeout: {{ .Values.serviceMonitor.timeout }} -{{- end }} - jobLabel: {{ template "chartmuseum.fullname" . }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app: {{ template "chartmuseum.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/chartmuseum/values.yaml b/chartmuseum/values.yaml deleted file mode 100755 index 8bd7912..0000000 --- a/chartmuseum/values.yaml +++ /dev/null @@ -1,306 +0,0 @@ -extraArgs: - # - --storage-timestamp-tolerance 1s -replicaCount: 1 -strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 -image: - repository: chartmuseum/chartmuseum - tag: v0.12.0 - pullPolicy: IfNotPresent -secret: - labels: {} -env: - open: - # storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle - STORAGE: local - # oss bucket to store charts for alibaba storage backend - STORAGE_ALIBABA_BUCKET: - # prefix to store charts for alibaba storage backend - STORAGE_ALIBABA_PREFIX: - # oss endpoint to store charts for alibaba storage backend - STORAGE_ALIBABA_ENDPOINT: - # server side encryption algorithm for alibaba storage backend, can be one - # of: AES256 or KMS - STORAGE_ALIBABA_SSE: - # s3 bucket to store charts for amazon storage backend - STORAGE_AMAZON_BUCKET: - # prefix to store charts for amazon storage backend - STORAGE_AMAZON_PREFIX: - # region of s3 bucket to store charts - STORAGE_AMAZON_REGION: - # alternative s3 endpoint - STORAGE_AMAZON_ENDPOINT: - # server side encryption algorithm - STORAGE_AMAZON_SSE: - # gcs bucket to store charts for google storage backend - STORAGE_GOOGLE_BUCKET: - # prefix to store charts for google storage backend - STORAGE_GOOGLE_PREFIX: - # container to store charts for microsoft storage backend - STORAGE_MICROSOFT_CONTAINER: - # prefix to store charts for microsoft storage backend - STORAGE_MICROSOFT_PREFIX: - # container to store charts for openstack storage backend - STORAGE_OPENSTACK_CONTAINER: - # prefix to store charts for openstack storage backend - STORAGE_OPENSTACK_PREFIX: - # region of openstack container - STORAGE_OPENSTACK_REGION: - # path to a CA cert bundle for your openstack endpoint - STORAGE_OPENSTACK_CACERT: - # compartment id for for oracle storage backend - STORAGE_ORACLE_COMPARTMENTID: - # oci bucket to store charts for oracle storage backend - STORAGE_ORACLE_BUCKET: - # prefix to store charts for oracle storage backend - STORAGE_ORACLE_PREFIX: - # form field which will be queried for the chart file content - CHART_POST_FORM_FIELD_NAME: chart - # form field which will be queried for the provenance file content - PROV_POST_FORM_FIELD_NAME: prov - # levels of nested repos for multitenancy. The default depth is 0 (singletenant server) - DEPTH: 0 - # show debug messages - DEBUG: false - # output structured logs as json - LOG_JSON: true - # disable use of index-cache.yaml - DISABLE_STATEFILES: false - # disable Prometheus metrics - DISABLE_METRICS: true - # disable all routes prefixed with /api - DISABLE_API: true - # allow chart versions to be re-uploaded - ALLOW_OVERWRITE: false - # absolute url for .tgzs in index.yaml - CHART_URL: - # allow anonymous GET operations when auth is used - AUTH_ANONYMOUS_GET: false - # sets the base context path - CONTEXT_PATH: - # parallel scan limit for the repo indexer - INDEX_LIMIT: 0 - # cache store, can be one of: redis (leave blank for inmemory cache) - CACHE: - # address of Redis service (host:port) - CACHE_REDIS_ADDR: - # Redis database to be selected after connect - CACHE_REDIS_DB: 0 - # enable bearer auth - BEARER_AUTH: false - # auth realm used for bearer auth - AUTH_REALM: - # auth service used for bearer auth - AUTH_SERVICE: - field: - # POD_IP: status.podIP - secret: - # username for basic http authentication - BASIC_AUTH_USER: - # password for basic http authentication - BASIC_AUTH_PASS: - # GCP service account json file - GOOGLE_CREDENTIALS_JSON: - # Redis requirepass server configuration - CACHE_REDIS_PASSWORD: - # Name of an existing secret to get the secret values ftom - existingSecret: - # Stores Enviromnt Variable to secret key name mappings - existingSecretMappings: - # username for basic http authentication - BASIC_AUTH_USER: - # password for basic http authentication - BASIC_AUTH_PASS: - # GCP service account json file - GOOGLE_CREDENTIALS_JSON: - # Redis requirepass server configuration - CACHE_REDIS_PASSWORD: - -deployment: - # Define scheduler name. Use of 'default' if empty - schedulerName: "" - ## Chartmuseum Deployment annotations - annotations: {} - # name: value - labels: {} - # name: value - matchlabels: {} - # name: value -replica: - ## Chartmuseum Replicas annotations - annotations: {} - ## Read more about kube2iam to provide access to s3 https://github.com/jtblin/kube2iam - # iam.amazonaws.com/role: role-arn -service: - servicename: - type: ClusterIP - externalTrafficPolicy: Local - ## Limits which cidr blocks can connect to service's load balancer - ## Only valid if service.type: LoadBalancer - loadBalancerSourceRanges: [] - # clusterIP: None - externalPort: 8080 - nodePort: - annotations: {} - labels: {} - -serviceMonitor: - enabled: false - # namespace: prometheus - labels: {} - metricsPath: "/metrics" - # timeout: 60 - # interval: 60 - -resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 80m -# memory: 64Mi - -probes: - liveness: - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - -serviceAccount: - create: false - # name: - ## Annotations for the Service Account - annotations: {} - -# UID/GID 1000 is the default user "chartmuseum" used in -# the container image starting in v0.8.0 and above. This -# is required for local persistent storage. If your cluster -# does not allow this, try setting securityContext: {} -securityContext: - enabled: true - fsGroup: 1000 - ## Optionally, specify supplementalGroups and/or - ## runAsNonRoot for security purposes - # runAsNonRoot: true - # supplementalGroups: [1000] - -containerSecurityContext: {} - -priorityClassName: "" - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -persistence: - enabled: false - accessMode: ReadWriteOnce - size: 8Gi - labels: {} - path: /storage - # name: value - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - ## Chartmuseum data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - # volumeName: - pv: - enabled: false - pvname: - capacity: - storage: 8Gi - accessMode: ReadWriteOnce - nfs: - server: - path: - -## Init containers parameters: -## volumePermissions: Change the owner of the persistent volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Ingress for load balancer -ingress: - enabled: false -## Chartmuseum Ingress labels -## -# labels: -# dns: "route53" - -## Chartmuseum Ingress annotations -## -# annotations: -# kubernetes.io/ingress.class: nginx -# kubernetes.io/tls-acme: "true" - -## Chartmuseum Ingress hostnames -## Must be provided if Ingress is enabled -## -# hosts: -# - name: chartmuseum.domain1.com -# path: / -# tls: false -# - name: chartmuseum.domain2.com -# path: / -# -# ## Set this to true in order to enable TLS on the ingress record -# tls: true -# -# ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS -# ## Secrets must be added manually to the namespace -# tlsSecret: chartmuseum.domain2-tls - -# Adding secrets to tiller is not a great option, so If you want to use an existing -# secret that contains the json file, you can use the following entries -gcp: - secret: - enabled: false - # Name of the secret that contains the encoded json - name: - # Secret key that holds the json value. - key: credentials.json -oracle: - secret: - enabled: false - # Name of the secret that contains the encoded config and key - name: - # Secret key that holds the oci config - config: config - # Secret key that holds the oci private key - key_file: key_file -bearerAuth: - secret: - enabled: false - publicKeySecret: chartmuseum-public-key diff --git a/docker-registry-ui/.helmignore b/docker-registry-ui/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/docker-registry-ui/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/docker-registry-ui/Chart.yaml b/docker-registry-ui/Chart.yaml deleted file mode 100644 index 6fc5fa6..0000000 --- a/docker-registry-ui/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -appVersion: "1.2.1" -description: The simplest and most complete UI for your private registry -name: docker-registry-ui -home: https://github.com/Joxit/docker-registry-ui -keywords: -- docker -- registry -sources: -- https://github.com/Joxit/docker-registry-ui -version: 0.1.0 diff --git a/docker-registry-ui/README.md b/docker-registry-ui/README.md deleted file mode 100644 index a392a31..0000000 --- a/docker-registry-ui/README.md +++ /dev/null @@ -1,97 +0,0 @@ -# docker-registry-ui - -[docker-registry-ui](https://joxit.dev/docker-registry-ui/) is the simplest and most complete UI for your private registry! - - -## TL;DR; - -```bash -$ helm install . -``` - -## Introduction - -This chart bootstraps a [docker-registry-ui](https://joxit.dev/docker-registry-ui/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also may deploy the [docker registry](https://docs.docker.com/registry/) if you havent have one already. - -## Prerequisites - -- Kubernetes 1.9+ with Beta APIs enabled -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm update --install my-release . -``` - -The command deploys docker-registry-ui on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the Redmine chart and their default values. - -| Parameter | Description | Default | -| --------------------------------- | ---------------------------------------- | ------------------------------------------------------- | -| `ui.title` | Title of the managed repository | `Docker registry UI` | -| `ui.delete_images` | Allow to delete image from the front-end | `false` | -| `ui.proxy` | The UI service act as a proxy of the registry | `true` | -| `ui.replicaCount` | Number of replicas to start | `1` | -| `ui.image.registry` | registry to pull the docker-registry-ui image from | `docker.io` | -| `ui.image.repository` | docker-registry-ui image name | `joxit/docker-registry-ui` | -| `ui.image.tag` | docker-registry-ui image tag (change to latest to have multi registry support) | `static` | -| `ui.image.pullPolicy` | docker-registry-ui image pull policy | `Always` | -| `ui.probe.liveness` | Ask kubernetes to check the service port for liveness | `true` | -| `ui.probe.readyness ` | Ask kubernetes to check the service port for readyness | `true` | -| `ui.service.type` | Desired service type | `ClusterIP` | -| `ui.service.port` | Service exposed port | `80` | -| `ui.ingress.enabled` | Create an ingress for docker-regstry-ui | `false` | -| `registry.external` | Use an already available registry | `false` | -| `registry.url` | URL of the existing registry | `http://localhost:5000` | -| `registry.replicaCount` | Number of replicas to start | `1` | -| `registry.image.registry` | registry to pull the docker-registry image from | `docker.io` | -| `registry.image.repository` | docker-registry-ui image name | `registry` | -| `registry.image.tag` | docker-registry-ui image tag | `2.6.2` | -| `registry.image.pullPolicy` | docker-registry-ui image pull policy | `Always` | -| `registry.probe.liveness` | Ask kubernetes to check the service port for liveness | `true` | -| `registry.probe.readyness ` | Ask kubernetes to check the service port for readyness | `true` | -| `registry.persistence.enabled` | Enable persistence using PVC for the registry | `false` | -| `registry.persistence.storageClass` | PVC Storage Class | `-` | -| `registry.persistence.size` | PVC Storage Request size | `1Gi` | -| `registry.service.type` | Desired service type | `ClusterIP` | -| `registry.service.port` | Service exposed port | `5000` | -| `registry.ingress.enabled` | Create an ingress for the regstry | `false` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm upgrade --install my-release \ - --set registry.external=true \ - --set registry.url=http://registry.example.com:5000 \ - . -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```bash -$ helm upgrade --install my-release -f values.yaml . -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - diff --git a/docker-registry-ui/templates/NOTES.txt b/docker-registry-ui/templates/NOTES.txt deleted file mode 100644 index e69de29..0000000 diff --git a/docker-registry-ui/templates/_helpers.tpl b/docker-registry-ui/templates/_helpers.tpl deleted file mode 100644 index ec4a989..0000000 --- a/docker-registry-ui/templates/_helpers.tpl +++ /dev/null @@ -1,147 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "docker-registry-ui.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "docker-registry-ui.fullname" -}} -{{- if .Values.ui.fullnameOverride -}} -{{- .Values.ui.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-ui" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-ui-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "docker-registry.fullname" -}} -{{- if .Values.registry.fullnameOverride -}} -{{- .Values.registry.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-registry" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-registry-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "docker-registry-ui.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "docker-registry-ui.labels" -}} -app: registry-ui -chart: {{ include "docker-registry-ui.chart" . }} -release: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- end -}} - -{{- define "docker-registry-ui.matchLabels" -}} -app: registry-ui -release: {{ .Release.Name }} -{{- end -}} - -{{- define "docker-registry.labels" -}} -app: registry -chart: {{ include "docker-registry-ui.chart" . }} -release: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- end -}} - -{{- define "docker-registry.matchLabels" -}} -app: registry -release: {{ .Release.Name }} -{{- end -}} - -{{- define "docker-registry-ui.probes" -}} -{{- if and .Values.ui.probe.liveness (eq .Values.ui.probe.liveness true) -}} -livenessProbe: - httpGet: - path: / - port: http -{{- end -}} -{{- if and .Values.ui.probe.readiness (eq .Values.ui.probe.readiness true) }} -readinessProbe: - httpGet: - path: / - port: http -{{- end -}} -{{- end -}} - -{{- define "docker-registry.probes" -}} -{{- if and .Values.registry.probe.liveness (eq .Values.registry.probe.liveness true) -}} -livenessProbe: - httpGet: - path: /v2/ - port: registry -{{- end -}} -{{- if and .Values.registry.probe.readiness (eq .Values.registry.probe.readiness true) }} -readinessProbe: - httpGet: - path: /v2/ - port: registry -{{- end -}} -{{- end -}} - -{{- define "docker-registry-ui.url-name" -}} -{{- if eq .Values.ui.proxy true -}} -REGISTRY_URL -{{- else -}} -URL -{{- end -}} -{{- end -}} - -{{- define "docker-registry-ui.url-value" -}} -{{- if eq .Values.registry.external true -}} -{{ .Values.registry.url }} -{{- else -}} -{{- $fullName := include "docker-registry.fullname" . -}} -{{ printf "http://%s.%s:%.0f" $fullName .Release.Namespace .Values.registry.service.port }} -{{- end -}} -{{- end -}} - -{{- define "docker-registry-ui.pull" -}} -{{- if eq .Values.registry.external true -}} -{{ .Values.registry.url }} -{{- else -}} -{{- if eq .Values.ui.proxy true -}} -{{- if eq .Values.ui.ingress.enabled true -}} -{{- $host := index .Values.ui.ingress.hosts 0 -}} -{{ $host.host }} -{{- else -}} -{{- $fullName := include "docker-registry-ui.fullname" . -}} -{{ printf "%s.%s:%.0f" $fullName .Release.Namespace .Values.ui.service.port }} -{{- end -}} -{{- else -}} -{{- if eq .Values.registry.ingress.enabled true -}} -{{- $host := index .Values.registry.ingress.hosts 0 -}} -{{ $host.host }} -{{- else -}} -{{- $fullName := include "docker-registry.fullname" . -}} -{{ printf "%s.%s:%.0f" $fullName .Release.Namespace .Values.registry.service.port }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/docker-registry-ui/templates/reg-configmap.yaml b/docker-registry-ui/templates/reg-configmap.yaml deleted file mode 100644 index 210f15c..0000000 --- a/docker-registry-ui/templates/reg-configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if eq .Values.registry.external false -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "docker-registry.fullname" . }} - labels: -{{ include "docker-registry.labels" . | indent 4 }} -data: - config.yml: |- - version: 0.1 - log: - fields: - service: registry - storage: - delete: - enabled: true - cache: - blobdescriptor: inmemory - filesystem: - rootdirectory: /var/lib/registry - http: - addr: :5000 - headers: - X-Content-Type-Options: [nosniff] - Access-Control-Allow-Origin: ['*'] - Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE'] - Access-Control-Allow-Headers: ['Authorization'] - Access-Control-Max-Age: [1728000] - Access-Control-Allow-Credentials: [true] - Access-Control-Expose-Headers: ['Docker-Content-Digest'] -{{- end -}} diff --git a/docker-registry-ui/templates/reg-deployment.yaml b/docker-registry-ui/templates/reg-deployment.yaml deleted file mode 100644 index dc157ef..0000000 --- a/docker-registry-ui/templates/reg-deployment.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if eq .Values.registry.external false -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "docker-registry.fullname" . }} - labels: -{{ include "docker-registry.labels" . | indent 4 }} -spec: - replicas: {{ .Values.registry.replicaCount }} - selector: - matchLabels: -{{ include "docker-registry.matchLabels" . | indent 6 }} - template: - metadata: - labels: -{{ include "docker-registry.matchLabels" . | indent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: config - configMap: - defaultMode: 420 - name: {{ include "docker-registry.fullname" . }} - - name: data -{{- if .Values.registry.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "docker-registry.fullname" . }} -{{- else }} - emptyDir: {} -{{- end }} - containers: - - name: registry - image: "{{ .Values.registry.image.registry }}/{{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}" - imagePullPolicy: {{ .Values.registry.image.pullPolicy }} - ports: - - name: registry - containerPort: 5000 - protocol: TCP - volumeMounts: - - mountPath: "/var/lib/registry" - name: "data" - - mountPath: "/etc/docker/registry" - name: "config" -{{ include "docker-registry.probes" . | indent 10 }} - resources: - {{- toYaml .Values.registry.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/docker-registry-ui/templates/reg-ingress.yaml b/docker-registry-ui/templates/reg-ingress.yaml deleted file mode 100644 index 3b1830d..0000000 --- a/docker-registry-ui/templates/reg-ingress.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if and (eq .Values.registry.external false) (and (eq .Values.ui.proxy false) .Values.registry.ingress.enabled) -}} -{{- $fullName := include "docker-registry.fullname" . -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: -{{ include "docker-registry.labels" . | indent 4 }} - {{- with .Values.registry.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.registry.ingress.tls }} - tls: - {{- range .Values.registry.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.registry.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - - path: / - backend: - serviceName: {{ $fullName }} - servicePort: registry - {{- end }} -{{- end -}} diff --git a/docker-registry-ui/templates/reg-pvc.yaml b/docker-registry-ui/templates/reg-pvc.yaml deleted file mode 100644 index 0b6a38d..0000000 --- a/docker-registry-ui/templates/reg-pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and (eq .Values.registry.external false) .Values.registry.persistence.enabled -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: -{{ include "docker-registry.labels" . | indent 4 }} - name: {{ include "docker-registry.fullname" . }} -spec: - accessModes: -{{- range .Values.registry.persistence.accessModes }} - - {{ . | quote }} -{{- end }} - resources: - requests: - storage: {{ .Values.registry.persistence.size }} -{{- if .Values.registry.persistence.storageClass }} -{{- if (eq "-" .Values.registry.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: {{ .Values.registry.persistence.storageClass | quote }} -{{- end }} -{{- end }} -{{- end -}} diff --git a/docker-registry-ui/templates/reg-service.yaml b/docker-registry-ui/templates/reg-service.yaml deleted file mode 100644 index 8e68a0c..0000000 --- a/docker-registry-ui/templates/reg-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if eq .Values.registry.external false -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "docker-registry.fullname" . }} - labels: -{{ include "docker-registry.labels" . | indent 4 }} -spec: - type: {{ .Values.registry.service.type }} - ports: - - port: {{ .Values.registry.service.port }} - targetPort: registry - protocol: TCP - name: registry - selector: -{{ include "docker-registry.matchLabels" . | indent 6 }} -{{- end -}} diff --git a/docker-registry-ui/templates/ui-deployment.yaml b/docker-registry-ui/templates/ui-deployment.yaml deleted file mode 100644 index a0faac0..0000000 --- a/docker-registry-ui/templates/ui-deployment.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "docker-registry-ui.fullname" . }} - labels: -{{ include "docker-registry-ui.labels" . | indent 4 }} -spec: - replicas: {{ .Values.ui.replicaCount }} - selector: - matchLabels: -{{ include "docker-registry-ui.matchLabels" . | indent 6 }} - template: - metadata: - labels: -{{ include "docker-registry-ui.matchLabels" . | indent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: registry-ui - image: "{{ .Values.ui.image.registry }}/{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}" - imagePullPolicy: {{ .Values.ui.image.pullPolicy }} - env: - - name: REGISTRY_TITLE - value: {{ .Values.ui.title| quote }} - - name: DELETE_IMAGES - value: {{ .Values.ui.delete_images| quote }} - - name: {{ include "docker-registry-ui.url-name" . }} - value: {{ include "docker-registry-ui.url-value" . | quote }} - - name: PULL_URL - value: {{ include "docker-registry-ui.pull" . | quote }} - ports: - - name: http - containerPort: 80 - protocol: TCP -{{ include "docker-registry-ui.probes" . | indent 10 }} - resources: - {{- toYaml .Values.ui.resources | nindent 12 }} - {{- with .Values.ui.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.ui.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.ui.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/docker-registry-ui/templates/ui-ingress.yaml b/docker-registry-ui/templates/ui-ingress.yaml deleted file mode 100644 index a17b648..0000000 --- a/docker-registry-ui/templates/ui-ingress.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.ui.ingress.enabled -}} -{{- $fullName := include "docker-registry-ui.fullname" . -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: -{{ include "docker-registry-ui.labels" . | indent 4 }} - {{- with .Values.ui.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ui.ingress.tls }} - tls: - {{- range .Values.ui.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ui.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - - path: / - backend: - serviceName: {{ $fullName }} - servicePort: http - {{- end }} -{{- end }} diff --git a/docker-registry-ui/templates/ui-service.yaml b/docker-registry-ui/templates/ui-service.yaml deleted file mode 100644 index 2aeda25..0000000 --- a/docker-registry-ui/templates/ui-service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "docker-registry-ui.fullname" . }} - labels: -{{ include "docker-registry-ui.labels" . | indent 4 }} -spec: - type: {{ .Values.ui.service.type }} - ports: - - port: {{ .Values.ui.service.port }} - targetPort: http - protocol: TCP - name: http - selector: -{{ include "docker-registry-ui.matchLabels" . | indent 6 }} diff --git a/docker-registry-ui/values.yaml b/docker-registry-ui/values.yaml deleted file mode 100644 index 555fd32..0000000 --- a/docker-registry-ui/values.yaml +++ /dev/null @@ -1,129 +0,0 @@ -# Default values for docker-registry-ui. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - - -ui: - # title of the registry - title: "Docker registry UI" - # allow delete of images - delete_images: false - # UI behave as a proxy of the registry - proxy: true - - replicaCount: 1 - image: - registry: docker.io - repository: joxit/docker-registry-ui - tag: static - pullPolicy: Always - probe: - liveness: true - readiness: true - - resources: {} - # If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - fullnameOverride: "" - - service: - type: ClusterIP - port: 80 - - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: docker-registry-ui.local - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - -registry: - external: false - # URL of the registry (requiered. Note: this wont work as localhost is inside the container. Only used if the registry is external) - url: http://localhost:5000 - - replicaCount: 1 - # Image definition for the registry (Only used if the registry is not external) - image: - registry: docker.io - repository: registry - tag: 2.7.1 - pullPolicy: Always - probe: - liveness: true - readiness: true - resources: {} - # If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - fullnameOverride: "" - - - persistence: - ## If true, use a Persistent Volume Claim, If false, use emptyDir - ## - enabled: false - ## Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## Persistent Volume Claim annotations - ## - annotations: - ## Persistent Volume Access Mode - ## - accessModes: - # This have to be ReadWriteMany if replicaCount>1 - - ReadWriteOnce - ## Persistent Volume size - ## - size: 1Gi - ## - - service: - type: ClusterIP - port: 5000 - - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: docker-registry.local - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -imagePullSecrets: [] -nameOverride: "" diff --git a/docker-registry/.helmignore b/docker-registry/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/docker-registry/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/docker-registry/Chart.yaml b/docker-registry/Chart.yaml deleted file mode 100644 index c4e0e5d..0000000 --- a/docker-registry/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -description: DEPRECATED A Helm chart for Docker Registry -name: docker-registry -version: 1.9.6 -appVersion: 2.7.1 -home: https://hub.docker.com/_/registry/ -icon: https://hub.docker.com/public/images/logos/mini-logo.svg -sources: - - https://github.com/docker/distribution-library-image -deprecated: true diff --git a/docker-registry/README.md b/docker-registry/README.md deleted file mode 100644 index 7a8de85..0000000 --- a/docker-registry/README.md +++ /dev/null @@ -1,95 +0,0 @@ -# ⚠️ Repo Archive Notice - -As of Nov 13, 2020, charts in this repo will no longer be updated. -For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). - -# Docker Registry Helm Chart - -This directory contains a Kubernetes chart to deploy a private Docker Registry. - -## DEPRECATION NOTICE - -This chart is deprecated and no longer supported. - -## Prerequisites Details - -* PV support on underlying infrastructure (if persistence is required) - -## Chart Details - -This chart will do the following: - -* Implement a Docker registry deployment - -## Installing the Chart - -To install the chart, use the following: - -```console -$ helm install stable/docker-registry -``` - -## Configuration - -The following table lists the configurable parameters of the docker-registry chart and -their default values. - -| Parameter | Description | Default | -|:----------------------------|:-------------------------------------------------------------------------------------------|:----------------| -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.repository` | Container image to use | `registry` | -| `image.tag` | Container image tag to deploy | `2.7.1` | -| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` | -| `persistence.enabled` | Whether to use a PVC for the Docker storage | `false` | -| `persistence.deleteEnabled` | Enable the deletion of image blobs and manifests by digest | `nil` | -| `persistence.size` | Amount of space to claim for PVC | `10Gi` | -| `persistence.storageClass` | Storage Class to use for PVC | `-` | -| `persistence.existingClaim` | Name of an existing PVC to use for config | `nil` | -| `service.port` | TCP port on which the service is exposed | `5000` | -| `service.type` | service type | `ClusterIP` | -| `service.clusterIP` | if `service.type` is `ClusterIP` and this is non-empty, sets the cluster IP of the service | `nil` | -| `service.nodePort` | if `service.type` is `NodePort` and this is non-empty, sets the node port of the service | `nil` | -| `service.loadBalancerIP | if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerIP of the service | `nil` | -| `service.loadBalancerSourceRanges`| if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerSourceRanges of the service | `nil` | -| `replicaCount` | k8s replicas | `1` | -| `updateStrategy` | update strategy for deployment | `{}` | -| `podAnnotations` | Annotations for pod | `{}` | -| `podLabels` | Labels for pod | `{}` | -| `podDisruptionBudget` | Pod disruption budget | `{}` | -| `resources.limits.cpu` | Container requested CPU | `nil` | -| `resources.limits.memory` | Container requested memory | `nil` | -| `priorityClassName ` | priorityClassName | `""` | -| `storage` | Storage system to use | `filesystem` | -| `tlsSecretName` | Name of secret for TLS certs | `nil` | -| `secrets.htpasswd` | Htpasswd authentication | `nil` | -| `secrets.s3.accessKey` | Access Key for S3 configuration | `nil` | -| `secrets.s3.secretKey` | Secret Key for S3 configuration | `nil` | -| `secrets.swift.username` | Username for Swift configuration | `nil` | -| `secrets.swift.password` | Password for Swift configuration | `nil` | -| `haSharedSecret` | Shared secret for Registry | `nil` | -| `configData` | Configuration hash for docker | `nil` | -| `s3.region` | S3 region | `nil` | -| `s3.regionEndpoint` | S3 region endpoint | `nil` | -| `s3.bucket` | S3 bucket name | `nil` | -| `s3.encrypt` | Store images in encrypted format | `nil` | -| `s3.secure` | Use HTTPS | `nil` | -| `swift.authurl` | Swift authurl | `nil` | -| `swift.container` | Swift container | `nil` | -| `nodeSelector` | node labels for pod assignment | `{}` | -| `affinity` | affinity settings | `{}` | -| `tolerations` | pod tolerations | `[]` | -| `ingress.enabled` | If true, Ingress will be created | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Ingress labels | `{}` | -| `ingress.path` | Ingress service path | `/` | -| `ingress.hosts` | Ingress hostnames | `[]` | -| `ingress.tls` | Ingress TLS configuration (YAML) | `[]` | -| `extraVolumeMounts` | Additional volumeMounts to the registry container | `[]` | -| `extraVolumes` | Additional volumes to the pod | `[]` | - -Specify each parameter using the `--set key=value[,key=value]` argument to -`helm install`. - -To generate htpasswd file, run this docker command: -`docker run --entrypoint htpasswd registry:2 -Bbn user password > ./htpasswd`. diff --git a/docker-registry/templates/NOTES.txt b/docker-registry/templates/NOTES.txt deleted file mode 100644 index 4a9152b..0000000 --- a/docker-registry/templates/NOTES.txt +++ /dev/null @@ -1,19 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "docker-registry.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "docker-registry.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "docker-registry.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "docker-registry.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8080:5000 -{{- end }} diff --git a/docker-registry/templates/_helpers.tpl b/docker-registry/templates/_helpers.tpl deleted file mode 100644 index a91077e..0000000 --- a/docker-registry/templates/_helpers.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "docker-registry.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "docker-registry.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/docker-registry/templates/configmap.yaml b/docker-registry/templates/configmap.yaml deleted file mode 100644 index 820bb4f..0000000 --- a/docker-registry/templates/configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "docker-registry.fullname" . }}-config - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - config.yml: |- -{{ toYaml .Values.configData | indent 4 }} diff --git a/docker-registry/templates/deployment.yaml b/docker-registry/templates/deployment.yaml deleted file mode 100644 index a146d76..0000000 --- a/docker-registry/templates/deployment.yaml +++ /dev/null @@ -1,221 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ template "docker-registry.name" . }} - release: {{ .Release.Name }} - replicas: {{ .Values.replicaCount }} -{{- if .Values.updateStrategy }} - strategy: -{{ toYaml .Values.updateStrategy | indent 4 }} -{{- end }} - minReadySeconds: 5 - template: - metadata: - labels: - app: {{ template "docker-registry.name" . }} - release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- if $.Values.podAnnotations }} -{{ toYaml $.Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} -{{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" -{{- end }} -{{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /bin/registry - - serve - - /etc/docker/registry/config.yml - ports: - - containerPort: 5000 - livenessProbe: - httpGet: -{{- if .Values.tlsSecretName }} - scheme: HTTPS -{{- end }} - path: / - port: 5000 - readinessProbe: - httpGet: -{{- if .Values.tlsSecretName }} - scheme: HTTPS -{{- end }} - path: / - port: 5000 - resources: -{{ toYaml .Values.resources | indent 12 }} - env: -{{- if .Values.secrets.htpasswd }} - - name: REGISTRY_AUTH - value: "htpasswd" - - name: REGISTRY_AUTH_HTPASSWD_REALM - value: "Registry Realm" - - name: REGISTRY_AUTH_HTPASSWD_PATH - value: "/auth/htpasswd" -{{- end }} - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: haSharedSecret -{{- if .Values.tlsSecretName }} - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: /etc/ssl/docker/tls.crt - - name: REGISTRY_HTTP_TLS_KEY - value: /etc/ssl/docker/tls.key -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: "/var/lib/registry" -{{- else if eq .Values.storage "azure" }} - - name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountName - - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountKey - - name: REGISTRY_STORAGE_AZURE_CONTAINER - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureContainer -{{- else if eq .Values.storage "s3" }} - {{- if and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey }} - - name: REGISTRY_STORAGE_S3_ACCESSKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: s3AccessKey - - name: REGISTRY_STORAGE_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: s3SecretKey - {{- end }} - - name: REGISTRY_STORAGE_S3_REGION - value: {{ required ".Values.s3.region is required" .Values.s3.region }} - {{- if .Values.s3.regionEndpoint }} - - name: REGISTRY_STORAGE_S3_REGIONENDPOINT - value: {{ .Values.s3.regionEndpoint }} - {{- end }} - - name: REGISTRY_STORAGE_S3_BUCKET - value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} - {{- if .Values.s3.encrypt }} - - name: REGISTRY_STORAGE_S3_ENCRYPT - value: {{ .Values.s3.encrypt | quote }} - {{- end }} - {{- if .Values.s3.secure }} - - name: REGISTRY_STORAGE_S3_SECURE - value: {{ .Values.s3.secure | quote }} - {{- end }} -{{- else if eq .Values.storage "swift" }} - - name: REGISTRY_STORAGE_SWIFT_AUTHURL - value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} - - name: REGISTRY_STORAGE_SWIFT_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftUsername - - name: REGISTRY_STORAGE_SWIFT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftPassword - - name: REGISTRY_STORAGE_SWIFT_CONTAINER - value: {{ required ".Values.swift.container is required" .Values.swift.container }} -{{- end }} -{{- if .Values.persistence.deleteEnabled }} - - name: REGISTRY_STORAGE_DELETE_ENABLED - value: "true" -{{- end }} - volumeMounts: -{{- if .Values.secrets.htpasswd }} - - name: auth - mountPath: /auth - readOnly: true -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - mountPath: /var/lib/registry/ -{{- end }} - - name: "{{ template "docker-registry.fullname" . }}-config" - mountPath: "/etc/docker/registry" -{{- if .Values.tlsSecretName }} - - mountPath: /etc/ssl/docker - name: tls-cert - readOnly: true -{{- end }} -{{- with .Values.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - volumes: -{{- if .Values.secrets.htpasswd }} - - name: auth - secret: - secretName: {{ template "docker-registry.fullname" . }}-secret - items: - - key: htpasswd - path: htpasswd -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end -}} -{{- end }} - - name: {{ template "docker-registry.fullname" . }}-config - configMap: - name: {{ template "docker-registry.fullname" . }}-config -{{- if .Values.tlsSecretName }} - - name: tls-cert - secret: - secretName: {{ .Values.tlsSecretName }} -{{- end }} -{{- with .Values.extraVolumes }} - {{- toYaml . | nindent 8 }} -{{- end }} diff --git a/docker-registry/templates/ingress.yaml b/docker-registry/templates/ingress.yaml deleted file mode 100644 index 58ab5fa..0000000 --- a/docker-registry/templates/ingress.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "docker-registry.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $path := .Values.ingress.path -}} -apiVersion: {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} networking.k8s.io/v1beta1 {{- else }} extensions/v1beta1 {{- end }} -kind: Ingress -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ $path }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/docker-registry/templates/poddisruptionbudget.yaml b/docker-registry/templates/poddisruptionbudget.yaml deleted file mode 100644 index 38eb384..0000000 --- a/docker-registry/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ template "docker-registry.name" . }} - release: {{ .Release.Name }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} diff --git a/docker-registry/templates/pvc.yaml b/docker-registry/templates/pvc.yaml deleted file mode 100644 index 1619617..0000000 --- a/docker-registry/templates/pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.persistence.enabled }} -{{- if not .Values.persistence.existingClaim -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} -{{- end -}} diff --git a/docker-registry/templates/secret.yaml b/docker-registry/templates/secret.yaml deleted file mode 100644 index c22fd30..0000000 --- a/docker-registry/templates/secret.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "docker-registry.fullname" . }}-secret - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- if .Values.secrets.htpasswd }} - htpasswd: {{ .Values.secrets.htpasswd | b64enc }} - {{- end }} - {{- if .Values.secrets.haSharedSecret }} - haSharedSecret: {{ .Values.secrets.haSharedSecret | b64enc | quote }} - {{- else }} - haSharedSecret: {{ randAlphaNum 16 | b64enc | quote }} - {{- end }} - - {{- if eq .Values.storage "azure" }} - {{- if and .Values.secrets.azure.accountName .Values.secrets.azure.accountKey .Values.secrets.azure.container }} - azureAccountName: {{ .Values.secrets.azure.accountName | b64enc | quote }} - azureAccountKey: {{ .Values.secrets.azure.accountKey | b64enc | quote }} - azureContainer: {{ .Values.secrets.azure.container | b64enc | quote }} - {{- end }} - {{- else if eq .Values.storage "s3" }} - {{- if and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey }} - s3AccessKey: {{ .Values.secrets.s3.accessKey | b64enc | quote }} - s3SecretKey: {{ .Values.secrets.s3.secretKey | b64enc | quote }} - {{- end }} - {{- else if eq .Values.storage "swift" }} - {{- if and .Values.secrets.swift.username .Values.secrets.swift.password }} - swiftUsername: {{ .Values.secrets.swift.username | b64enc | quote }} - swiftPassword: {{ .Values.secrets.swift.password | b64enc | quote }} - {{- end }} - {{- end }} diff --git a/docker-registry/templates/service.yaml b/docker-registry/templates/service.yaml deleted file mode 100644 index 70893ab..0000000 --- a/docker-registry/templates/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "docker-registry.fullname" . }} - labels: - app: {{ template "docker-registry.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} -{{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} - clusterIP: {{ .Values.service.clusterIP }} -{{- end }} -{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} -{{- end }} -{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges))) }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} -{{- end }} - ports: - - port: {{ .Values.service.port }} - protocol: TCP - name: {{ .Values.service.name }} - targetPort: 5000 -{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{ .Values.service.nodePort }} -{{- end }} - selector: - app: {{ template "docker-registry.name" . }} - release: {{ .Release.Name }} diff --git a/docker-registry/values.yaml b/docker-registry/values.yaml deleted file mode 100644 index b977966..0000000 --- a/docker-registry/values.yaml +++ /dev/null @@ -1,147 +0,0 @@ -# Default values for docker-registry. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -replicaCount: 1 - -updateStrategy: - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 1 - # maxUnavailable: 0 - -podAnnotations: {} -podLabels: {} - -image: - repository: registry - tag: 2.7.1 - pullPolicy: IfNotPresent -# imagePullSecrets: - # - name: docker -service: - name: registry - type: ClusterIP - # clusterIP: - port: 5000 - # nodePort: - # loadBalancerIP: - # loadBalancerSourceRanges: - annotations: {} - # foo.io/bar: "true" -ingress: - enabled: false - path: / - # Used to create an Ingress record. - hosts: - - chart-example.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - tls: - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - chart-example.local -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi -persistence: - accessMode: 'ReadWriteOnce' - enabled: false - size: 10Gi - # storageClass: '-' - -# set the type of filesystem to use: filesystem, s3 -storage: filesystem - -# Set this to name of secret for tls certs -# tlsSecretName: registry.docker.example.com -secrets: - haSharedSecret: "" - htpasswd: "" -# Secrets for Azure -# azure: -# accountName: "" -# accountKey: "" -# container: "" -# Secrets for S3 access and secret keys -# s3: -# accessKey: "" -# secretKey: "" -# Secrets for Swift username and password -# swift: -# username: "" -# password: "" - -# Options for s3 storage type: -# s3: -# region: us-east-1 -# regionEndpoint: s3.us-east-1.amazonaws.com -# bucket: my-bucket -# encrypt: false -# secure: true - -# Options for swift storage type: -# swift: -# authurl: http://swift.example.com/ -# container: my-container - -configData: - version: 0.1 - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - http: - addr: :5000 - headers: - X-Content-Type-Options: [nosniff] - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - -securityContext: - enabled: true - runAsUser: 1000 - fsGroup: 1000 - -priorityClassName: "" - -podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 2 - -nodeSelector: {} - -affinity: {} - -tolerations: [] - -extraVolumeMounts: [] -## Additional volumeMounts to the registry container. -# - mountPath: /secret-data -# name: cloudfront-pem-secret -# readOnly: true - -extraVolumes: [] -## Additional volumes to the pod. -# - name: cloudfront-pem-secret -# secret: -# secretName: cloudfront-credentials -# items: -# - key: cloudfront.pem -# path: cloudfront.pem -# mode: 511