cleanup
This commit is contained in:
parent
3703becaa9
commit
b40cec7573
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
|||||||
/*.yaml
|
/*.yaml
|
||||||
/*.yml
|
/*.yml
|
||||||
|
/*.tgz
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
# Patterns to ignore when building packages.
|
|
||||||
# This supports shell glob matching, relative path matching, and
|
|
||||||
# negation (prefixed with !). Only one pattern per line.
|
|
||||||
.DS_Store
|
|
||||||
# Common VCS dirs
|
|
||||||
.git/
|
|
||||||
.gitignore
|
|
||||||
.bzr/
|
|
||||||
.bzrignore
|
|
||||||
.hg/
|
|
||||||
.hgignore
|
|
||||||
.svn/
|
|
||||||
# Common backup files
|
|
||||||
*.swp
|
|
||||||
*.bak
|
|
||||||
*.tmp
|
|
||||||
*~
|
|
||||||
# Various IDEs
|
|
||||||
.project
|
|
||||||
.idea/
|
|
||||||
*.tmproj
|
|
||||||
# OWNERS file for Kubernetes
|
|
||||||
OWNERS
|
|
@ -1,12 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
appVersion: 0.12.0
|
|
||||||
deprecated: true
|
|
||||||
description: DEPRECATED Host your own Helm Chart Repository
|
|
||||||
home: https://github.com/helm/chartmuseum
|
|
||||||
icon: https://raw.githubusercontent.com/helm/chartmuseum/master/logo2.png
|
|
||||||
keywords:
|
|
||||||
- chartmuseum
|
|
||||||
- helm
|
|
||||||
- charts repo
|
|
||||||
name: chartmuseum
|
|
||||||
version: 2.14.2
|
|
@ -1,749 +0,0 @@
|
|||||||
# ⚠️ Repo Archive Notice
|
|
||||||
|
|
||||||
As of Nov 13, 2020, charts in this repo will no longer be updated.
|
|
||||||
For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/).
|
|
||||||
|
|
||||||
# ChartMuseum Helm Chart
|
|
||||||
|
|
||||||
Deploy your own private ChartMuseum.
|
|
||||||
|
|
||||||
Please also see https://github.com/kubernetes-helm/chartmuseum
|
|
||||||
|
|
||||||
## DEPRECATION NOTICE
|
|
||||||
|
|
||||||
This chart is deprecated and no longer supported.
|
|
||||||
|
|
||||||
## Table of Content
|
|
||||||
|
|
||||||
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
|
|
||||||
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
|
||||||
|
|
||||||
|
|
||||||
- [ChartMuseum Helm Chart](#chartmuseum-helm-chart)
|
|
||||||
- [Table of Content](#table-of-content)
|
|
||||||
- [Prerequisites](#prerequisites)
|
|
||||||
- [Configuration](#configuration)
|
|
||||||
- [Installation](#installation)
|
|
||||||
- [Using with Amazon S3](#using-with-amazon-s3)
|
|
||||||
- [permissions grant with access keys](#permissions-grant-with-access-keys)
|
|
||||||
- [permissions grant with IAM instance profile](#permissions-grant-with-iam-instance-profile)
|
|
||||||
- [permissions grant with IAM assumed role](#permissions-grant-with-iam-assumed-role)
|
|
||||||
- [permissions grant with IAM Roles for Service Accounts](#permissions-grant-with-iam-roles-for-service-accounts)
|
|
||||||
- [Using with Google Cloud Storage](#using-with-google-cloud-storage)
|
|
||||||
- [Using with Google Cloud Storage and a Google Service Account](#using-with-google-cloud-storage-and-a-google-service-account)
|
|
||||||
- [Using with Microsoft Azure Blob Storage](#using-with-microsoft-azure-blob-storage)
|
|
||||||
- [Using with Alibaba Cloud OSS Storage](#using-with-alibaba-cloud-oss-storage)
|
|
||||||
- [Using with Openstack Object Storage](#using-with-openstack-object-storage)
|
|
||||||
- [Using with Oracle Object Storage](#using-with-oracle-object-storage)
|
|
||||||
- [Using an existing secret](#using-an-existing-secret)
|
|
||||||
- [Using with local filesystem storage](#using-with-local-filesystem-storage)
|
|
||||||
- [Setting local storage permissions with initContainers](#setting-local-storage-permissions-with-initcontainers)
|
|
||||||
- [Example storage class](#example-storage-class)
|
|
||||||
- [Authentication](#authentication)
|
|
||||||
- [Basic Authentication](#basic-authentication)
|
|
||||||
- [Bearer/Token auth](#bearertoken-auth)
|
|
||||||
- [Ingress](#ingress)
|
|
||||||
- [Hosts](#hosts)
|
|
||||||
- [Extra Paths](#extra-paths)
|
|
||||||
- [Annotations](#annotations)
|
|
||||||
- [Example Ingress configuration](#example-ingress-configuration)
|
|
||||||
- [Uninstall](#uninstall)
|
|
||||||
|
|
||||||
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
|
||||||
|
|
||||||
|
|
||||||
## Prerequisites
|
|
||||||
|
|
||||||
* [If enabled] A persistent storage resource and RW access to it
|
|
||||||
* [If enabled] Kubernetes StorageClass for dynamic provisioning
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
By default this chart will not have persistent storage, and the API service
|
|
||||||
will be *DISABLED*. This protects against unauthorized access to the API
|
|
||||||
with default configuration values.
|
|
||||||
|
|
||||||
In addition, by default, pod `securityContext.fsGroup` is set to `1000`. This
|
|
||||||
is the user/group that the ChartMuseum container runs as, and is used to
|
|
||||||
enable local persitant storage. If your cluster has DenySecurityContext enabled,
|
|
||||||
you can set `securityContext` to `{}` and still use this chart with one of
|
|
||||||
the cloud storage options.
|
|
||||||
|
|
||||||
For a more robust solution supply helm install with a custom values.yaml
|
|
||||||
You are also required to create the StorageClass resource ahead of time:
|
|
||||||
```
|
|
||||||
kubectl create -f /path/to/storage_class.yaml
|
|
||||||
```
|
|
||||||
|
|
||||||
The following table lists common configurable parameters of the chart and
|
|
||||||
their default values. See values.yaml for all available options.
|
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
|
||||||
| --------------------------------------- | --------------------------------------------------------------------------- | ------------------------------------ |
|
|
||||||
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
|
|
||||||
| `image.repository` | Container image to use | `chartmuseum/chartmuseum` |
|
|
||||||
| `image.tag` | Container image tag to deploy | `v0.12.0` |
|
|
||||||
| `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` |
|
|
||||||
| `persistence.enabled` | Whether to use a PVC for persistent storage | `false` |
|
|
||||||
| `persistence.path` | PV mount path | `/storage` |
|
|
||||||
| `persistence.size` | Amount of space to claim for PVC | `8Gi` |
|
|
||||||
| `persistence.labels` | Additional labels for PVC | `{}` |
|
|
||||||
| `persistence.storageClass` | Storage Class to use for PVC | `-` |
|
|
||||||
| `persistence.volumeName` | Volume to use for PVC | `` |
|
|
||||||
| `persistence.pv.enabled` | Whether to use a PV for persistent storage | `false` |
|
|
||||||
| `persistence.pv.capacity.storage` | Storage size to use for PV | `8Gi` |
|
|
||||||
| `persistence.pv.accessMode` | Access mode to use for PV | `ReadWriteOnce` |
|
|
||||||
| `persistence.pv.nfs.server` | NFS server for PV | `` |
|
|
||||||
| `persistence.pv.nfs.path` | Storage Path | `` |
|
|
||||||
| `persistence.pv.pvname` | Custom name for private volume | `` |
|
|
||||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
|
||||||
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
|
|
||||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` |
|
|
||||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
|
|
||||||
| `replicaCount` | k8s replicas | `1` |
|
|
||||||
| `resources.limits.cpu` | Container maximum CPU | `100m` |
|
|
||||||
| `resources.limits.memory` | Container maximum memory | `128Mi` |
|
|
||||||
| `resources.requests.cpu` | Container requested CPU | `80m` |
|
|
||||||
| `resources.requests.memory` | Container requested memory | `64Mi` |
|
|
||||||
| `secret.labels` | Additional labels for secret | `false` |
|
|
||||||
| `serviceAccount.create` | If true, create the service account | `false` |
|
|
||||||
| `serviceAccount.name` | Name of the serviceAccount to create or use | `{{ chartmuseum.fullname }}` |
|
|
||||||
| `serviceAccount.annotations` | Additional Service Account annotations | `{}` |
|
|
||||||
| `securityContext.enabled` | Enable securityContext | `true` |
|
|
||||||
| `securityContext.fsGroup` | Group ID for the container | `1000` |
|
|
||||||
| `securityContext.runAsNonRoot` | Running Pods as non-root | `` |
|
|
||||||
| `securityContext.supplementalGroups` | Control which group IDs containers add | `` |
|
|
||||||
| `containerSecurityContext` | Additional Container securityContext (ex. allowPrivilegeEscalation) | `{}` |
|
|
||||||
| `priorityClassName ` | priorityClassName | `""` |
|
|
||||||
| `nodeSelector` | Map of node labels for pod assignment | `{}` |
|
|
||||||
| `tolerations` | List of node taints to tolerate | `[]` |
|
|
||||||
| `affinity` | Map of node/pod affinities | `{}` |
|
|
||||||
| `schedulerName` | Kubernetes scheduler to use | `default` |
|
|
||||||
| `env.open.STORAGE` | Storage Backend to use | `local` |
|
|
||||||
| `env.open.STORAGE_ALIBABA_BUCKET` | Bucket to store charts in for Alibaba | `` |
|
|
||||||
| `env.open.STORAGE_ALIBABA_PREFIX` | Prefix to store charts under for Alibaba | `` |
|
|
||||||
| `env.open.STORAGE_ALIBABA_ENDPOINT` | Alternative Alibaba endpoint | `` |
|
|
||||||
| `env.open.STORAGE_ALIBABA_SSE` | Server side encryption algorithm to use | `` |
|
|
||||||
| `env.open.STORAGE_AMAZON_BUCKET` | Bucket to store charts in for AWS | `` |
|
|
||||||
| `env.open.STORAGE_AMAZON_ENDPOINT` | Alternative AWS endpoint | `` |
|
|
||||||
| `env.open.STORAGE_AMAZON_PREFIX` | Prefix to store charts under for AWS | `` |
|
|
||||||
| `env.open.STORAGE_AMAZON_REGION` | Region to use for bucket access for AWS | `` |
|
|
||||||
| `env.open.STORAGE_AMAZON_SSE` | Server side encryption algorithm to use | `` |
|
|
||||||
| `env.open.STORAGE_GOOGLE_BUCKET` | Bucket to store charts in for GCP | `` |
|
|
||||||
| `env.open.STORAGE_GOOGLE_PREFIX` | Prefix to store charts under for GCP | `` |
|
|
||||||
| `env.open.STORAGE_MICROSOFT_CONTAINER` | Container to store charts under for MS | `` |
|
|
||||||
| `env.open.STORAGE_MICROSOFT_PREFIX` | Prefix to store charts under for MS | `` |
|
|
||||||
| `env.open.STORAGE_OPENSTACK_CONTAINER` | Container to store charts for openstack | `` |
|
|
||||||
| `env.open.STORAGE_OPENSTACK_PREFIX` | Prefix to store charts for openstack | `` |
|
|
||||||
| `env.open.STORAGE_OPENSTACK_REGION` | Region of openstack container | `` |
|
|
||||||
| `env.open.STORAGE_OPENSTACK_CACERT` | Path to a CA cert bundle for openstack | `` |
|
|
||||||
| `env.open.STORAGE_ORACLE_COMPARTMENTID` | Compartment ID for Oracle Object Store | `` |
|
|
||||||
| `env.open.STORAGE_ORACLE_BUCKET` | Bucket to store charts in Oracle Object Store | `` |
|
|
||||||
| `env.open.STORAGE_ORACLE_PREFIX` | Prefix to store charts for Oracle object Store | `` |
|
|
||||||
| `env.open.CHART_POST_FORM_FIELD_NAME` | Form field to query for chart file content | `` |
|
|
||||||
| `env.open.PROV_POST_FORM_FIELD_NAME` | Form field to query for chart provenance | `` |
|
|
||||||
| `env.open.DEPTH` | levels of nested repos for multitenancy. | `0` |
|
|
||||||
| `env.open.DEBUG` | Show debug messages | `false` |
|
|
||||||
| `env.open.LOG_JSON` | Output structured logs in JSON | `true` |
|
|
||||||
| `env.open.DISABLE_STATEFILES` | Disable use of index-cache.yaml | `false` |
|
|
||||||
| `env.open.DISABLE_METRICS` | Disable Prometheus metrics | `true` |
|
|
||||||
| `env.open.DISABLE_API` | Disable all routes prefixed with /api | `true` |
|
|
||||||
| `env.open.ALLOW_OVERWRITE` | Allow chart versions to be re-uploaded | `false` |
|
|
||||||
| `env.open.CHART_URL` | Absolute url for .tgzs in index.yaml | `` |
|
|
||||||
| `env.open.AUTH_ANONYMOUS_GET` | Allow anon GET operations when auth is used | `false` |
|
|
||||||
| `env.open.CONTEXT_PATH` | Set the base context path | `` |
|
|
||||||
| `env.open.INDEX_LIMIT` | Parallel scan limit for the repo indexer | `` |
|
|
||||||
| `env.open.CACHE` | Cache store, can be one of: redis | `` |
|
|
||||||
| `env.open.CACHE_REDIS_ADDR` | Address of Redis service (host:port) | `` |
|
|
||||||
| `env.open.CACHE_REDIS_DB` | Redis database to be selected after connect | `0` |
|
|
||||||
| `env.open.BEARER_AUTH` | Enable bearer auth | `false` |
|
|
||||||
| `env.open.AUTH_REALM` | Realm used for bearer authentication | `` |
|
|
||||||
| `env.open.AUTH_SERVICE` | Service used for bearer authentication | `` |
|
|
||||||
| `env.field` | Expose pod information to containers through environment variables | `` |
|
|
||||||
| `env.existingSecret` | Name of the existing secret use values | `` |
|
|
||||||
| `env.existingSecret.BASIC_AUTH_USER` | Key name in the secret for the Username | `` |
|
|
||||||
| `env.existingSecret.BASIC_AUTH_PASS` | Key name in the secret for the Password | `` |
|
|
||||||
| `env.secret.BASIC_AUTH_USER` | Username for basic HTTP authentication | `` |
|
|
||||||
| `env.secret.BASIC_AUTH_PASS` | Password for basic HTTP authentication | `` |
|
|
||||||
| `env.secret.CACHE_REDIS_PASSWORD` | Redis requirepass server configuration | `` |
|
|
||||||
| `extraArgs` | Pass extra arguments to the chartmuseum binary | `` |
|
|
||||||
| `gcp.secret.enabled` | Flag for the GCP service account | `false` |
|
|
||||||
| `gcp.secret.name` | Secret name for the GCP json file | `` |
|
|
||||||
| `gcp.secret.key` | Secret key for te GCP json file | `credentials.json` |
|
|
||||||
| `oracle.secret.enabled` | Flag for Oracle OCI account | `false` |
|
|
||||||
| `oracle.secret.name` | Secret name for OCI config and key | `` |
|
|
||||||
| `oracle.secret.config` | Secret key that holds the OCI config | `config` |
|
|
||||||
| `oracle.secret.key_file` | Secret key that holds the OCI private key | `key_file` |
|
|
||||||
| `bearerAuth.secret.enabled` | Flag for bearer auth public key secret | `` |
|
|
||||||
| `bearerAuth.secret.publicKey` | The name of the secret with the public key | `` |
|
|
||||||
| `service.type` | Kubernetes Service type | `ClusterIP` |
|
|
||||||
| `service.clusterIP` | Static clusterIP or None for headless services | `nil` |
|
|
||||||
| `service.externalTrafficPolicy` | Source IP preservation (only for Service type NodePort and LoadBalancer) | `Local` |
|
|
||||||
| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only for Service type LoadBalancer) | `[]` |
|
|
||||||
| `service.servicename` | Custom name for service | `` |
|
|
||||||
| `service.labels` | Additional labels for service | `{}` |
|
|
||||||
| `serviceMonitor.enabled` | Enable the ServiceMontor resource to be deployed | `false` |
|
|
||||||
| `serviceMonitor.labels` | Labels for the servicemonitor used by the Prometheus Operator | `{}` |
|
|
||||||
| `serviceMonitor.namespace` | Namespace of the ServiceMonitor resource | `{{ .Release.Namespace }}` |
|
|
||||||
| `serviceMonitor.metricsPath` | Path to the Chartmuseum metrics path | `/metrics` |
|
|
||||||
| `serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
|
|
||||||
| `serviceMonitor.timeout` | Scrape request timeout. If not set, the Prometheus default timeout is used | `nil` |
|
|
||||||
| `deployment.labels` | Additional labels for deployment | `{}` |
|
|
||||||
| `deployment.matchlabes` | Match labels for deployment selector | `{}` |
|
|
||||||
| `ingress.enabled` | Enable ingress controller resource | `false` |
|
|
||||||
| `ingress.annotations` | Ingress annotations | `[]` |
|
|
||||||
| `ingress.labels` | Ingress labels | `[]` |
|
|
||||||
| `ingress.hosts[0].name` | Hostname for the ingress | `` |
|
|
||||||
| `ingress.hosts[0].path` | Path within the url structure | `` |
|
|
||||||
| `ingress.hosts[0].tls ` | Enable TLS on the ingress host | `false` |
|
|
||||||
| `ingress.hosts[0].tlsSecret` | TLS secret to use (must be manually created) | `` |
|
|
||||||
| `ingress.hosts[0].serviceName` | The name of the service to route traffic to. | `{{ .Values.service.externalPort }}` |
|
|
||||||
| `ingress.hosts[0].servicePort` | The port of the service to route traffic to. | `{{ .chartmuseum. }}` |
|
|
||||||
| `ingress.extraPaths[0].path` | Path within the url structure. | `` |
|
|
||||||
| `ingress.extraPaths[0].service` | The name of the service to route traffic to. | `` |
|
|
||||||
| `ingress.extraPaths[0].port` | The port of the service to route traffic to. | `` |
|
|
||||||
|
|
||||||
Specify each parameter using the `--set key=value[,key=value]` argument to
|
|
||||||
`helm install`.
|
|
||||||
|
|
||||||
## Installation
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using with Amazon S3
|
|
||||||
Make sure your environment is properly setup to access `my-s3-bucket`
|
|
||||||
|
|
||||||
You need at least the following permissions inside your IAM Policy
|
|
||||||
```yaml
|
|
||||||
{
|
|
||||||
"Version": "2012-10-17",
|
|
||||||
"Statement": [
|
|
||||||
{
|
|
||||||
"Sid": "AllowListObjects",
|
|
||||||
"Effect": "Allow",
|
|
||||||
"Action": [
|
|
||||||
"s3:ListBucket"
|
|
||||||
],
|
|
||||||
"Resource": "arn:aws:s3:::my-s3-bucket"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"Sid": "AllowObjectsCRUD",
|
|
||||||
"Effect": "Allow",
|
|
||||||
"Action": [
|
|
||||||
"s3:DeleteObject",
|
|
||||||
"s3:GetObject",
|
|
||||||
"s3:PutObject"
|
|
||||||
],
|
|
||||||
"Resource": "arn:aws:s3:::my-s3-bucket/*"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
You can grant it to `chartmuseum` by several ways:
|
|
||||||
|
|
||||||
#### permissions grant with access keys
|
|
||||||
|
|
||||||
Grant permissions to `special user` and us it's access keys for auth on aws
|
|
||||||
|
|
||||||
Specify `custom.yaml` with such values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: amazon
|
|
||||||
STORAGE_AMAZON_BUCKET: my-s3-bucket
|
|
||||||
STORAGE_AMAZON_PREFIX:
|
|
||||||
STORAGE_AMAZON_REGION: us-east-1
|
|
||||||
secret:
|
|
||||||
AWS_ACCESS_KEY_ID: "********" ## aws access key id value
|
|
||||||
AWS_SECRET_ACCESS_KEY: "********" ## aws access key secret value
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
#### permissions grant with IAM instance profile
|
|
||||||
|
|
||||||
You can grant permissions to k8s node IAM instance profile.
|
|
||||||
For more information read this [article](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)
|
|
||||||
|
|
||||||
Specify `custom.yaml` with such values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: amazon
|
|
||||||
STORAGE_AMAZON_BUCKET: my-s3-bucket
|
|
||||||
STORAGE_AMAZON_PREFIX:
|
|
||||||
STORAGE_AMAZON_REGION: us-east-1
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
#### permissions grant with IAM assumed role
|
|
||||||
|
|
||||||
To provide access with assumed role you need to install [kube2iam](https://github.com/kubernetes/charts/tree/master/stable/kube2iam)
|
|
||||||
and create role with granded permissions.
|
|
||||||
|
|
||||||
Specify `custom.yaml` with such values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: amazon
|
|
||||||
STORAGE_AMAZON_BUCKET: my-s3-bucket
|
|
||||||
STORAGE_AMAZON_PREFIX:
|
|
||||||
STORAGE_AMAZON_REGION: us-east-1
|
|
||||||
replica:
|
|
||||||
annotations:
|
|
||||||
iam.amazonaws.com/role: "{assumed role name}"
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
#### permissions grant with IAM Roles for Service Accounts
|
|
||||||
|
|
||||||
For Amazon EKS clusters, access can be provided with a service account using [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
|
|
||||||
|
|
||||||
Specify `custom.yaml` with such values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: amazon
|
|
||||||
STORAGE_AMAZON_BUCKET: my-s3-bucket
|
|
||||||
STORAGE_AMAZON_PREFIX:
|
|
||||||
STORAGE_AMAZON_REGION: us-east-1
|
|
||||||
serviceAccount:
|
|
||||||
create: true
|
|
||||||
annotations:
|
|
||||||
eks.amazonaws.com/role-arn: "arn:aws:iam::{aws account ID}:role/{assumed role name}"
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using with Google Cloud Storage
|
|
||||||
Make sure your environment is properly setup to access `my-gcs-bucket`
|
|
||||||
|
|
||||||
Specify `custom.yaml` with such values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: google
|
|
||||||
STORAGE_GOOGLE_BUCKET: my-gcs-bucket
|
|
||||||
STORAGE_GOOGLE_PREFIX:
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using with Google Cloud Storage and a Google Service Account
|
|
||||||
|
|
||||||
A Google service account credentials are stored in a json file. There are two approaches here. Ideally you don't want to send your secrets to tiller. In that case, before installing this chart, you should create a secret with those credentials:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
kubectl create secret generic chartmuseum-secret --from-file=credentials.json="my-project-45e35d85a593.json"
|
|
||||||
```
|
|
||||||
|
|
||||||
Then you can either use a `VALUES` yaml with your values or set those values in the command line:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install stable/chartmuseum --debug --set gcp.secret.enabled=true,env.open.STORAGE=google,env.open.DISABLE_API=false,env.open.STORAGE_GOOGLE_BUCKET=my-gcp-chartmuseum,gcp.secret.name=chartmuseum-secret
|
|
||||||
```
|
|
||||||
|
|
||||||
If you prefer to use a yaml file:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: google
|
|
||||||
STORAGE_GOOGLE_BUCKET: my-gcs-bucket
|
|
||||||
STORAGE_GOOGLE_PREFIX:
|
|
||||||
|
|
||||||
gcp:
|
|
||||||
secret:
|
|
||||||
enabled: true
|
|
||||||
name: chartmuseum-secret
|
|
||||||
key: credentials.json
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
In case that you don't mind adding your secret to tiller (you shouldn't do it), this are the commands
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: google
|
|
||||||
STORAGE_GOOGLE_BUCKET: my-gcs-bucket
|
|
||||||
STORAGE_GOOGLE_PREFIX:
|
|
||||||
secret:
|
|
||||||
GOOGLE_CREDENTIALS_JSON: my-json-file-base64-encoded
|
|
||||||
gcp:
|
|
||||||
secret:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
To set the values directly in the command line, use the following command. Note that we have to base64 encode the json file because we cannot pass a multi-line text as a value.
|
|
||||||
|
|
||||||
```shell
|
|
||||||
export JSONKEY=$(cat my-project-77e35d85a593.json | base64)
|
|
||||||
helm install stable/chartmuseum --debug --set gcp.secret.enabled=true,env.secret.GOOGLE_CREDENTIALS_JSON=${JSONKEY},env.open.STORAGE=google,env.open.DISABLE_API=false,env.open.STORAGE_GOOGLE_BUCKET=my-gcp-chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using with Microsoft Azure Blob Storage
|
|
||||||
|
|
||||||
Make sure your environment is properly setup to access `mycontainer`.
|
|
||||||
|
|
||||||
To do so, you must set the following env vars:
|
|
||||||
- `AZURE_STORAGE_ACCOUNT`
|
|
||||||
- `AZURE_STORAGE_ACCESS_KEY`
|
|
||||||
|
|
||||||
Specify `custom.yaml` with such values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: microsoft
|
|
||||||
STORAGE_MICROSOFT_CONTAINER: mycontainer
|
|
||||||
# prefix to store charts for microsoft storage backend
|
|
||||||
STORAGE_MICROSOFT_PREFIX:
|
|
||||||
secret:
|
|
||||||
AZURE_STORAGE_ACCOUNT: "********" ## azure storage account
|
|
||||||
AZURE_STORAGE_ACCESS_KEY: "********" ## azure storage account access key
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using with Alibaba Cloud OSS Storage
|
|
||||||
|
|
||||||
Make sure your environment is properly setup to access `my-oss-bucket`.
|
|
||||||
|
|
||||||
To do so, you must set the following env vars:
|
|
||||||
- `ALIBABA_CLOUD_ACCESS_KEY_ID`
|
|
||||||
- `ALIBABA_CLOUD_ACCESS_KEY_SECRET`
|
|
||||||
|
|
||||||
Specify `custom.yaml` with such values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: alibaba
|
|
||||||
STORAGE_ALIBABA_BUCKET: my-oss-bucket
|
|
||||||
STORAGE_ALIBABA_PREFIX:
|
|
||||||
STORAGE_ALIBABA_ENDPOINT: oss-cn-beijing.aliyuncs.com
|
|
||||||
secret:
|
|
||||||
ALIBABA_CLOUD_ACCESS_KEY_ID: "********" ## alibaba OSS access key id
|
|
||||||
ALIBABA_CLOUD_ACCESS_KEY_SECRET: "********" ## alibaba OSS access key secret
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using with Openstack Object Storage
|
|
||||||
|
|
||||||
Make sure your environment is properly setup to access `mycontainer`.
|
|
||||||
|
|
||||||
To do so, you must set the following env vars (depending on your openstack version):
|
|
||||||
- `OS_AUTH_URL`
|
|
||||||
- either `OS_PROJECT_NAME` or `OS_TENANT_NAME` or `OS_PROJECT_ID` or `OS_TENANT_ID`
|
|
||||||
- either `OS_DOMAIN_NAME` or `OS_DOMAIN_ID`
|
|
||||||
- either `OS_USERNAME` or `OS_USERID`
|
|
||||||
- `OS_PASSWORD`
|
|
||||||
|
|
||||||
Specify `custom.yaml` with such values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: openstack
|
|
||||||
STORAGE_OPENSTACK_CONTAINER: mycontainer
|
|
||||||
STORAGE_OPENSTACK_PREFIX:
|
|
||||||
STORAGE_OPENSTACK_REGION: YOURREGION
|
|
||||||
secret:
|
|
||||||
OS_AUTH_URL: https://myauth.url.com/v2.0/
|
|
||||||
OS_TENANT_ID: yourtenantid
|
|
||||||
OS_USERNAME: yourusername
|
|
||||||
OS_PASSWORD: yourpassword
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
### Using with Oracle Object Storage
|
|
||||||
|
|
||||||
Oracle (OCI) configuration and private key need to be added to a secret and are mounted at /home/chartmuseum/.oci. Your OCI config needs to be under [DEFAULT] and your `key_file` needs to be /home/chartmuseum/.oci/oci.key. See https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm
|
|
||||||
|
|
||||||
```shell
|
|
||||||
kubectl create secret generic chartmuseum-secret --from-file=config=".oci/config" --from-file=key_file=".oci/oci.key"
|
|
||||||
```
|
|
||||||
|
|
||||||
Then you can either use a `VALUES` yaml with your values or set those values in the command line:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install stable/chartmuseum --debug --set env.open.STORAGE=oracle,env.open.STORAGE_ORACLE_COMPARTMENTID=ocid1.compartment.oc1..abc123,env.open.STORAGE_ORACLE_BUCKET=myocibucket,env.open.STORAGE_ORACLE_PREFIX=chartmuseum,oracle.secret.enabled=true,oracle.secret.name=chartmuseum-secret
|
|
||||||
```
|
|
||||||
|
|
||||||
If you prefer to use a yaml file:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: oracle
|
|
||||||
STORAGE_ORACLE_COMPARTMENTID: ocid1.compartment.oc1..abc123
|
|
||||||
STORAGE_ORACLE_BUCKET: myocibucket
|
|
||||||
STORAGE_ORACLE_PREFIX: chartmuseum
|
|
||||||
|
|
||||||
oracle:
|
|
||||||
secret:
|
|
||||||
enabled: enabled
|
|
||||||
name: chartmuseum-secret
|
|
||||||
config: config
|
|
||||||
key_file: key_file
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using an existing secret
|
|
||||||
|
|
||||||
It is possible to pre-create a secret in kubernetes and get this chart to use that
|
|
||||||
|
|
||||||
Given you are for example using the above AWS example
|
|
||||||
|
|
||||||
You could create a Secret like this
|
|
||||||
|
|
||||||
```shell
|
|
||||||
kubectl create secret generic chartmuseum-secret --from-literal="aws-access-key=myaccesskey" --from-literal="aws-secret-access-key=mysecretaccesskey" --from-literal="basic-auth-user=curator" --from-literal="basic-auth-pass=mypassword"
|
|
||||||
```
|
|
||||||
|
|
||||||
Specify `custom.yaml` with such values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: amazonexistingSecret
|
|
||||||
STORAGE_AMAZON_BUCKET: my-s3-bucket
|
|
||||||
STORAGE_AMAZON_PREFIX:
|
|
||||||
STORAGE_AMAZON_REGION: us-east-1
|
|
||||||
existingSecret: chartmuseum-secret
|
|
||||||
existingSecretMappings:
|
|
||||||
AWS_ACCESS_KEY_ID: aws-access-key
|
|
||||||
AWS_SECRET_ACCESS_KEY: aws-secret-access-key
|
|
||||||
BASIC_AUTH_USER: basic-auth-user
|
|
||||||
BASIC_AUTH_PASS: basic-auth-pass
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using with local filesystem storage
|
|
||||||
By default chartmuseum uses local filesystem storage.
|
|
||||||
But on pod recreation it will lose all charts, to prevent that enable persistent storage.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
STORAGE: local
|
|
||||||
persistence:
|
|
||||||
enabled: true
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 8Gi
|
|
||||||
## A manually managed Persistent Volume and Claim
|
|
||||||
## Requires persistence.enabled: true
|
|
||||||
## If defined, PVC must be created manually before volume will be bound
|
|
||||||
# existingClaim:
|
|
||||||
|
|
||||||
## Chartmuseum data Persistent Volume Storage Class
|
|
||||||
## If defined, storageClassName: <storageClass>
|
|
||||||
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
||||||
## If undefined (the default) or set to null, no storageClassName spec is
|
|
||||||
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
||||||
## GKE, AWS & OpenStack)
|
|
||||||
##
|
|
||||||
# storageClass: "-"
|
|
||||||
```
|
|
||||||
|
|
||||||
Run command to install
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
### Setting local storage permissions with initContainers
|
|
||||||
|
|
||||||
Some clusters do not allow using securityContext to set permissions for persistent volumes. Instead, an initContainer can be created to run `chown` on the mounted volume. To enable it, set `securityContext.enabled` to `false`.
|
|
||||||
|
|
||||||
|
|
||||||
#### Example storage class
|
|
||||||
|
|
||||||
Example storage-class.yaml provided here for use with a Ceph cluster.
|
|
||||||
|
|
||||||
```
|
|
||||||
kind: StorageClass
|
|
||||||
apiVersion: storage.k8s.io/v1
|
|
||||||
metadata:
|
|
||||||
name: storage-volume
|
|
||||||
provisioner: kubernetes.io/rbd
|
|
||||||
parameters:
|
|
||||||
monitors: "10.11.12.13:4567,10.11.12.14:4567"
|
|
||||||
adminId: admin
|
|
||||||
adminSecretName: thesecret
|
|
||||||
adminSecretNamespace: default
|
|
||||||
pool: chartstore
|
|
||||||
userId: user
|
|
||||||
userSecretName: thesecret
|
|
||||||
```
|
|
||||||
|
|
||||||
### Authentication
|
|
||||||
|
|
||||||
By default this chart does not have any authentication configured and allows anyone to fetch or upload (assuming the API is enabled) charts there are two supported methods of authentication
|
|
||||||
|
|
||||||
#### Basic Authentication
|
|
||||||
|
|
||||||
This allows all API routes to be protected by HTTP basic auth, this is configured either as plain text in the values that gets stored as a secret in the kubernetes cluster by setting:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
secret:
|
|
||||||
BASIC_AUTH_USER: curator
|
|
||||||
BASIC_AUTH_PASS: mypassword
|
|
||||||
```
|
|
||||||
|
|
||||||
Or by using values from an existing secret in the cluster that can be created using:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
kubectl create secret generic chartmuseum-secret --from-literal="basic-auth-user=curator" --from-literal="basic-auth-pass=mypassword"
|
|
||||||
```
|
|
||||||
|
|
||||||
This secret can be used in the values file as follows:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
existingSecret: chartmuseum-secret
|
|
||||||
existingSecretMappings:
|
|
||||||
BASIC_AUTH_USER: basic-auth-user
|
|
||||||
BASIC_AUTH_PASS: basic-auth-pass
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Bearer/Token auth
|
|
||||||
|
|
||||||
When using this ChartMuseum is configured with a public key, and will accept RS256 JWT tokens signed by the associated private key, passed in the Authorization header. You can use the [chartmuseum/auth](https://github.com/chartmuseum/auth) Go library to generate valid JWT tokens. For more information about how this works, please see [chartmuseum/auth-server-example](https://github.com/chartmuseum/auth-server-example)
|
|
||||||
|
|
||||||
To use this the public key should be stored in a secret this can be done with
|
|
||||||
|
|
||||||
```shell
|
|
||||||
kubectl create secret generic chartmuseum-public-key --from-file=public-key.pem
|
|
||||||
```
|
|
||||||
|
|
||||||
And Bearer/Token auth can be configured using the following values
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
BEARER_AUTH: true
|
|
||||||
AUTH_REALM: <realm>
|
|
||||||
AUTH_SERVICE: <service>
|
|
||||||
|
|
||||||
bearerAuth:
|
|
||||||
secret:
|
|
||||||
enabled: true
|
|
||||||
publicKeySecret: chartmuseum-public-key
|
|
||||||
```
|
|
||||||
|
|
||||||
### Ingress
|
|
||||||
|
|
||||||
This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress](https://hub.kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://hub.kubeapps.com/charts/stable/traefik) you can utilize the ingress controller to expose Kubeapps.
|
|
||||||
|
|
||||||
To enable ingress integration, please set `ingress.enabled` to `true`
|
|
||||||
|
|
||||||
#### Hosts
|
|
||||||
|
|
||||||
Most likely you will only want to have one hostname that maps to this Chartmuseum installation, however, it is possible to have more than one host. To facilitate this, the `ingress.hosts` object is an array. TLS secrets referenced in the ingress host configuration must be manually created in the namespace.
|
|
||||||
|
|
||||||
In most cases, you should not specify values for `ingress.hosts[0].serviceName` and `ingress.hosts[0].servicePort`. However, some ingress controllers support advanced scenarios requiring you to specify these values. For example, [setting up an SSL redirect using the AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/).
|
|
||||||
|
|
||||||
#### Extra Paths
|
|
||||||
|
|
||||||
Specifying extra paths to prepend to every host configuration is especially useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions).
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum stable/chartmuseum \
|
|
||||||
--set ingress.enabled=true \
|
|
||||||
--set ingress.hosts[0].name=chartmuseum.domain.com \
|
|
||||||
--set ingress.extraPaths[0].service=ssl-redirect \
|
|
||||||
--set ingress.extraPaths[0].port=use-annotation \
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
#### Annotations
|
|
||||||
|
|
||||||
For annotations, please see [this document for nginx](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) and [this document for Traefik](https://docs.traefik.io/configuration/backends/kubernetes/#general-annotations). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. Annotations can be set using `ingress.annotations`.
|
|
||||||
|
|
||||||
#### Example Ingress configuration
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm install --name my-chartmuseum stable/chartmuseum \
|
|
||||||
--set ingress.enabled=true \
|
|
||||||
--set ingress.hosts[0].name=chartmuseum.domain.com \
|
|
||||||
--set ingress.hosts[0].path=/
|
|
||||||
--set ingress.hosts[0].tls=true
|
|
||||||
--set ingress.hosts[0].tlsSecret=chartmuseum.tls-secret
|
|
||||||
```
|
|
||||||
|
|
||||||
## Uninstall
|
|
||||||
|
|
||||||
By default, a deliberate uninstall will result in the persistent volume
|
|
||||||
claim being deleted.
|
|
||||||
|
|
||||||
```shell
|
|
||||||
helm delete my-chartmuseum
|
|
||||||
```
|
|
||||||
|
|
||||||
To delete the deployment and its history:
|
|
||||||
```shell
|
|
||||||
helm delete --purge my-chartmuseum
|
|
||||||
```
|
|
@ -1,9 +0,0 @@
|
|||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: nginx
|
|
||||||
kubernetes.io/tls-acme: "true"
|
|
||||||
hosts:
|
|
||||||
- name: chartmuseum.domain1.com
|
|
||||||
path: /
|
|
||||||
tls: false
|
|
@ -1,30 +0,0 @@
|
|||||||
** Please be patient while the chart is being deployed **
|
|
||||||
|
|
||||||
Get the ChartMuseum URL by running:
|
|
||||||
|
|
||||||
{{- if contains "NodePort" .Values.service.type }}
|
|
||||||
|
|
||||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "chartmuseum.fullname" . }})
|
|
||||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
|
||||||
echo http://$NODE_IP:$NODE_PORT{{ .Values.env.open.CONTEXT_PATH }}/
|
|
||||||
|
|
||||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
|
||||||
|
|
||||||
** Please ensure an external IP is associated to the {{ template "chartmuseum.fullname" . }} service before proceeding **
|
|
||||||
** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "chartmuseum.fullname" . }} **
|
|
||||||
|
|
||||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "chartmuseum.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
|
||||||
echo http://$SERVICE_IP:{{ .Values.service.externalPort }}{{ .Values.env.open.CONTEXT_PATH }}/
|
|
||||||
|
|
||||||
OR
|
|
||||||
|
|
||||||
export SERVICE_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "chartmuseum.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
|
|
||||||
echo http://$SERVICE_HOST:{{ .Values.service.externalPort }}{{ .Values.env.open.CONTEXT_PATH }}/
|
|
||||||
|
|
||||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
|
||||||
|
|
||||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "chartmuseum.name" . }}" -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
|
||||||
echo http://127.0.0.1:8080{{ .Values.env.open.CONTEXT_PATH }}/
|
|
||||||
kubectl port-forward $POD_NAME 8080:8080 --namespace {{ .Release.Namespace }}
|
|
||||||
|
|
||||||
{{- end }}
|
|
@ -1,142 +0,0 @@
|
|||||||
{{- /*
|
|
||||||
name defines a template for the name of the chartmuseum chart.
|
|
||||||
|
|
||||||
The prevailing wisdom is that names should only contain a-z, 0-9 plus dot (.) and dash (-), and should
|
|
||||||
not exceed 63 characters.
|
|
||||||
|
|
||||||
Parameters:
|
|
||||||
|
|
||||||
- .Values.nameOverride: Replaces the computed name with this given name
|
|
||||||
- .Values.namePrefix: Prefix
|
|
||||||
- .Values.global.namePrefix: Global prefix
|
|
||||||
- .Values.nameSuffix: Suffix
|
|
||||||
- .Values.global.nameSuffix: Global suffix
|
|
||||||
|
|
||||||
The applied order is: "global prefix + prefix + name + suffix + global suffix"
|
|
||||||
|
|
||||||
Usage: 'name: "{{- template "chartmuseum.name" . -}}"'
|
|
||||||
*/ -}}
|
|
||||||
{{- define "chartmuseum.name"}}
|
|
||||||
{{- $global := default (dict) .Values.global -}}
|
|
||||||
{{- $base := default .Chart.Name .Values.nameOverride -}}
|
|
||||||
{{- $gpre := default "" $global.namePrefix -}}
|
|
||||||
{{- $pre := default "" .Values.namePrefix -}}
|
|
||||||
{{- $suf := default "" .Values.nameSuffix -}}
|
|
||||||
{{- $gsuf := default "" $global.nameSuffix -}}
|
|
||||||
{{- $name := print $gpre $pre $base $suf $gsuf -}}
|
|
||||||
{{- $name | lower | trunc 54 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- /*
|
|
||||||
fullname defines a suitably unique name for a resource by combining
|
|
||||||
the release name and the chartmuseum chart name.
|
|
||||||
|
|
||||||
The prevailing wisdom is that names should only contain a-z, 0-9 plus dot (.) and dash (-), and should
|
|
||||||
not exceed 63 characters.
|
|
||||||
|
|
||||||
Parameters:
|
|
||||||
|
|
||||||
- .Values.fullnameOverride: Replaces the computed name with this given name
|
|
||||||
- .Values.fullnamePrefix: Prefix
|
|
||||||
- .Values.global.fullnamePrefix: Global prefix
|
|
||||||
- .Values.fullnameSuffix: Suffix
|
|
||||||
- .Values.global.fullnameSuffix: Global suffix
|
|
||||||
|
|
||||||
The applied order is: "global prefix + prefix + name + suffix + global suffix"
|
|
||||||
|
|
||||||
Usage: 'name: "{{- template "chartmuseum.fullname" . -}}"'
|
|
||||||
*/ -}}
|
|
||||||
{{- define "chartmuseum.fullname"}}
|
|
||||||
{{- $global := default (dict) .Values.global -}}
|
|
||||||
{{- $base := default (printf "%s-%s" .Release.Name .Chart.Name) .Values.fullnameOverride -}}
|
|
||||||
{{- $gpre := default "" $global.fullnamePrefix -}}
|
|
||||||
{{- $pre := default "" .Values.fullnamePrefix -}}
|
|
||||||
{{- $suf := default "" .Values.fullnameSuffix -}}
|
|
||||||
{{- $gsuf := default "" $global.fullnameSuffix -}}
|
|
||||||
{{- $name := print $gpre $pre $base $suf $gsuf -}}
|
|
||||||
{{- $name | lower | trunc 54 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
|
|
||||||
{{- /*
|
|
||||||
chartmuseum.labels.standard prints the standard chartmuseum Helm labels.
|
|
||||||
|
|
||||||
The standard labels are frequently used in metadata.
|
|
||||||
*/ -}}
|
|
||||||
{{- define "chartmuseum.labels.standard" -}}
|
|
||||||
app: {{ template "chartmuseum.name" . }}
|
|
||||||
chart: {{ template "chartmuseum.chartref" . }}
|
|
||||||
heritage: {{ .Release.Service | quote }}
|
|
||||||
release: {{ .Release.Name | quote }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- /*
|
|
||||||
chartmuseum.chartref prints a chart name and version.
|
|
||||||
|
|
||||||
It does minimal escaping for use in Kubernetes labels.
|
|
||||||
|
|
||||||
Example output:
|
|
||||||
|
|
||||||
chartmuseum-0.4.5
|
|
||||||
*/ -}}
|
|
||||||
{{- define "chartmuseum.chartref" -}}
|
|
||||||
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Return the proper image name to change the volume permissions
|
|
||||||
*/}}
|
|
||||||
{{- define "chartmuseum.volumePermissions.image" -}}
|
|
||||||
{{- $registryName := .Values.volumePermissions.image.registry -}}
|
|
||||||
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
|
|
||||||
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
|
|
||||||
{{/*
|
|
||||||
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
|
|
||||||
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
|
|
||||||
Also, we can't use a single if because lazy evaluation is not an option
|
|
||||||
*/}}
|
|
||||||
{{- if .Values.global }}
|
|
||||||
{{- if .Values.global.imageRegistry }}
|
|
||||||
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Return the proper Docker Image Registry Secret Names
|
|
||||||
*/}}
|
|
||||||
{{- define "chartmuseum.imagePullSecrets" -}}
|
|
||||||
{{/*
|
|
||||||
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
|
|
||||||
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
|
|
||||||
Also, we can not use a single if because lazy evaluation is not an option
|
|
||||||
*/}}
|
|
||||||
{{- if .Values.global }}
|
|
||||||
{{- if .Values.global.imagePullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- range .Values.global.imagePullSecrets }}
|
|
||||||
- name: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- range .Values.image.pullSecrets }}
|
|
||||||
- name: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.volumePermissions.image.pullSecrets }}
|
|
||||||
- name: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- range .Values.image.pullSecrets }}
|
|
||||||
- name: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.volumePermissions.image.pullSecrets }}
|
|
||||||
- name: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
@ -1,220 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml .Values.deployment.annotations | indent 4 }}
|
|
||||||
labels:
|
|
||||||
{{ include "chartmuseum.labels.standard" . | indent 4 }}
|
|
||||||
{{- if .Values.deployment.labels }}
|
|
||||||
{{ toYaml .Values.deployment.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: {{ template "chartmuseum.name" . }}
|
|
||||||
release: {{ .Release.Name | quote }}
|
|
||||||
{{- if .Values.deployment.labels }}
|
|
||||||
{{ toYaml .Values.deployment.labels | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
replicas: {{ .Values.replicaCount }}
|
|
||||||
strategy:
|
|
||||||
{{ toYaml .Values.strategy | indent 4 }}
|
|
||||||
revisionHistoryLimit: 10
|
|
||||||
{{- if .Values.deployment.matchlabes }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{ toYaml .Values.deployment.matchlabels | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml .Values.replica.annotations | indent 8 }}
|
|
||||||
labels:
|
|
||||||
app: {{ template "chartmuseum.name" . }}
|
|
||||||
release: {{ .Release.Name | quote }}
|
|
||||||
{{- if .Values.deployment.labels }}
|
|
||||||
{{ toYaml .Values.deployment.labels | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if .Values.priorityClassName }}
|
|
||||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.securityContext.enabled }}
|
|
||||||
securityContext:
|
|
||||||
fsGroup: {{ .Values.securityContext.fsGroup }}
|
|
||||||
{{- if .Values.securityContext.runAsNonRoot }}
|
|
||||||
runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.securityContext.supplementalGroups }}
|
|
||||||
supplementalGroups: {{ .Values.securityContext.supplementalGroups }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else if .Values.persistence.enabled }}
|
|
||||||
initContainers:
|
|
||||||
- name: volume-permissions
|
|
||||||
image: {{ template "chartmuseum.volumePermissions.image" . }}
|
|
||||||
imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}"
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.containerSecurityContext | nindent 10 }}
|
|
||||||
command: ['sh', '-c', 'chown -R {{ .Values.securityContext.fsGroup }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.path }}']
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: {{ .Values.persistence.path }}
|
|
||||||
name: storage-volume
|
|
||||||
{{- end }}
|
|
||||||
{{- include "chartmuseum.imagePullSecrets" . | indent 6 }}
|
|
||||||
containers:
|
|
||||||
- name: {{ .Chart.Name }}
|
|
||||||
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.containerSecurityContext | nindent 10 }}
|
|
||||||
env:
|
|
||||||
{{- range $name, $value := .Values.env.open }}
|
|
||||||
{{- if not (empty $value) }}
|
|
||||||
- name: {{ $name | quote }}
|
|
||||||
value: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range $name, $value := .Values.env.field }}
|
|
||||||
{{- if not ( empty $value) }}
|
|
||||||
- name: {{ $name | quote }}
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.gcp.secret.enabled }}
|
|
||||||
- name: GOOGLE_APPLICATION_CREDENTIALS
|
|
||||||
value: "/etc/secrets/google/credentials.json"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.env.existingSecret }}
|
|
||||||
{{- $secret_name := .Values.env.existingSecret }}
|
|
||||||
{{- range $name, $key := .Values.env.existingSecretMappings }}
|
|
||||||
{{- if not ( empty $key) }}
|
|
||||||
- name: {{ $name | quote }}
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ $secret_name | quote }}
|
|
||||||
key: {{ $key | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else }}
|
|
||||||
{{- $secret_name := include "chartmuseum.fullname" . }}
|
|
||||||
{{- range $name, $value := .Values.env.secret }}
|
|
||||||
{{- if not ( empty $value) }}
|
|
||||||
- name: {{ $name | quote }}
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ $secret_name }}
|
|
||||||
key: {{ $name | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.bearerAuth.secret.enabled }}
|
|
||||||
- name: AUTH_CERT_PATH
|
|
||||||
value: /var/keys/public-key.pem
|
|
||||||
{{ end }}
|
|
||||||
args:
|
|
||||||
- --port=8080
|
|
||||||
{{- if eq .Values.env.open.STORAGE "local" }}
|
|
||||||
- --storage-local-rootdir={{ .Values.persistence.path }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.extraArgs }}
|
|
||||||
{{ toYaml .Values.extraArgs | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
containerPort: 8080
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: {{ .Values.env.open.CONTEXT_PATH }}/health
|
|
||||||
port: http
|
|
||||||
{{ toYaml .Values.probes.liveness | indent 10 }}
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: {{ .Values.env.open.CONTEXT_PATH }}/health
|
|
||||||
port: http
|
|
||||||
{{ toYaml .Values.probes.readiness | indent 10 }}
|
|
||||||
volumeMounts:
|
|
||||||
{{- if eq .Values.env.open.STORAGE "local" }}
|
|
||||||
- mountPath: {{ .Values.persistence.path }}
|
|
||||||
name: storage-volume
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.gcp.secret.enabled }}
|
|
||||||
- mountPath: /etc/secrets/google
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}-gcp
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.oracle.secret.enabled }}
|
|
||||||
- mountPath: /home/chartmuseum/.oci
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}-oracle
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.bearerAuth.secret.enabled }}
|
|
||||||
- name: public-key
|
|
||||||
mountPath: /var/keys
|
|
||||||
readOnly: true
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.resources }}
|
|
||||||
resources:
|
|
||||||
{{ toYaml . | indent 10 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nodeSelector }}
|
|
||||||
nodeSelector:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.tolerations }}
|
|
||||||
tolerations:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.deployment.schedulerName }}
|
|
||||||
schedulerName: {{ .Values.deployment.schedulerName }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if and .Values.serviceAccount.create .Values.serviceAccount.name }}
|
|
||||||
serviceAccountName: {{ .Values.serviceAccount.name }}
|
|
||||||
{{- else if .Values.serviceAccount.create }}
|
|
||||||
serviceAccountName: {{ include "chartmuseum.fullname" . }}
|
|
||||||
{{- else if .Values.serviceAccount.name }}
|
|
||||||
serviceAccountName: {{ .Values.serviceAccount.name }}
|
|
||||||
{{- end }}
|
|
||||||
volumes:
|
|
||||||
- name: storage-volume
|
|
||||||
{{- if .Values.persistence.enabled }}
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ .Values.persistence.existingClaim | default (include "chartmuseum.fullname" .) }}
|
|
||||||
{{- else }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end -}}
|
|
||||||
{{ if .Values.gcp.secret.enabled }}
|
|
||||||
- name: {{ include "chartmuseum.fullname" . }}-gcp
|
|
||||||
secret:
|
|
||||||
{{ if .Values.env.secret.GOOGLE_CREDENTIALS_JSON }}
|
|
||||||
secretName: {{ include "chartmuseum.fullname" . }}
|
|
||||||
items:
|
|
||||||
- key: GOOGLE_CREDENTIALS_JSON
|
|
||||||
path: credentials.json
|
|
||||||
{{ else }}
|
|
||||||
secretName: {{ .Values.gcp.secret.name }}
|
|
||||||
items:
|
|
||||||
- key: {{ .Values.gcp.secret.key }}
|
|
||||||
path: credentials.json
|
|
||||||
{{ end }}
|
|
||||||
{{ end }}
|
|
||||||
{{ if .Values.oracle.secret.enabled }}
|
|
||||||
- name: {{ include "chartmuseum.fullname" . }}-oracle
|
|
||||||
secret:
|
|
||||||
secretName: {{ .Values.oracle.secret.name }}
|
|
||||||
items:
|
|
||||||
- key: {{ .Values.oracle.secret.config }}
|
|
||||||
path: config
|
|
||||||
- key: {{ .Values.oracle.secret.key_file }}
|
|
||||||
path: oci.key
|
|
||||||
{{ end }}
|
|
||||||
{{- if .Values.bearerAuth.secret.enabled }}
|
|
||||||
- name: public-key
|
|
||||||
secret:
|
|
||||||
secretName: {{ .Values.bearerAuth.secret.publicKeySecret }}
|
|
||||||
{{- end }}
|
|
@ -1,54 +0,0 @@
|
|||||||
{{- if .Values.ingress.enabled }}
|
|
||||||
{{- $servicePort := .Values.service.externalPort -}}
|
|
||||||
{{- $serviceName := include "chartmuseum.fullname" . -}}
|
|
||||||
{{- $ingressExtraPaths := .Values.ingress.extraPaths -}}
|
|
||||||
---
|
|
||||||
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }}
|
|
||||||
apiVersion: networking.k8s.io/v1beta1
|
|
||||||
{{- else }}
|
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
{{- end }}
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml .Values.ingress.annotations | indent 4 }}
|
|
||||||
labels:
|
|
||||||
{{- if .Values.ingress.labels }}
|
|
||||||
{{ toYaml .Values.ingress.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{ include "chartmuseum.labels.standard" . | indent 4 }}
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
- host: {{ .name }}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
{{- range $ingressExtraPaths }}
|
|
||||||
- path: {{ default "/" .path | quote }}
|
|
||||||
backend:
|
|
||||||
{{- if $.Values.service.servicename }}
|
|
||||||
serviceName: {{ $.Values.service.servicename }}
|
|
||||||
{{- else }}
|
|
||||||
serviceName: {{ default $serviceName .service }}
|
|
||||||
{{- end }}
|
|
||||||
servicePort: {{ default $servicePort .port }}
|
|
||||||
{{- end }}
|
|
||||||
- path: {{ default "/" .path | quote }}
|
|
||||||
backend:
|
|
||||||
{{- if $.Values.service.servicename }}
|
|
||||||
serviceName: {{ $.Values.service.servicename }}
|
|
||||||
{{- else }}
|
|
||||||
serviceName: {{ default $serviceName .service }}
|
|
||||||
{{- end }}
|
|
||||||
servicePort: {{ default $servicePort .servicePort }}
|
|
||||||
{{- end }}
|
|
||||||
tls:
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
{{- if .tls }}
|
|
||||||
- hosts:
|
|
||||||
- {{ .name }}
|
|
||||||
secretName: {{ .tlsSecret }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
@ -1,21 +0,0 @@
|
|||||||
{{- if .Values.persistence.pv.enabled -}}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolume
|
|
||||||
metadata:
|
|
||||||
{{- if .Values.persistence.pv.pvname }}
|
|
||||||
name: {{ .Values.persistence.pv.pvname }}
|
|
||||||
{{- else }}
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
|
||||||
app: {{ include "chartmuseum.fullname" . }}
|
|
||||||
release: {{ .Release.Name | quote }}
|
|
||||||
spec:
|
|
||||||
capacity:
|
|
||||||
storage: {{ .Values.persistence.pv.capacity.storage }}
|
|
||||||
accessModes:
|
|
||||||
- {{ .Values.persistence.pv.accessMode | quote }}
|
|
||||||
nfs:
|
|
||||||
server: {{ .Values.persistence.pv.nfs.server }}
|
|
||||||
path: {{ .Values.persistence.pv.nfs.path | quote }}
|
|
||||||
{{- end }}
|
|
@ -1,27 +0,0 @@
|
|||||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}
|
|
||||||
labels:
|
|
||||||
app: {{ include "chartmuseum.fullname" . }}
|
|
||||||
release: {{ .Release.Name | quote }}
|
|
||||||
{{- if .Values.persistence.labels }}
|
|
||||||
{{ toYaml .Values.persistence.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- {{ .Values.persistence.accessMode | quote }}
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{ .Values.persistence.size | quote }}
|
|
||||||
{{- if .Values.persistence.storageClass }}
|
|
||||||
{{- if (eq "-" .Values.persistence.storageClass) }}
|
|
||||||
storageClassName: ""
|
|
||||||
{{- else }}
|
|
||||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- else if and .Values.persistence.volumeName (.Values.persistence.pv.enabled) }}
|
|
||||||
volumeName: "{{ .Values.persistence.volumeName }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@ -1,22 +0,0 @@
|
|||||||
{{- if not .Values.env.existingSecret -}}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}
|
|
||||||
labels:
|
|
||||||
{{- if .Values.secret.labels }}
|
|
||||||
{{ toYaml .Values.secret.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{ include "chartmuseum.labels.standard" . | indent 4 }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
{{- range $name, $value := .Values.env.secret }}
|
|
||||||
{{- if not (empty $value) }}
|
|
||||||
{{- if eq $name "GOOGLE_CREDENTIALS_JSON" }}
|
|
||||||
{{ $name }}: {{ $value }}
|
|
||||||
{{- else }}
|
|
||||||
{{ $name }}: {{ $value | b64enc }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@ -1,45 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
{{- if .Values.service.servicename }}
|
|
||||||
name: {{ .Values.service.servicename }}
|
|
||||||
{{- else }}
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
|
||||||
{{ include "chartmuseum.labels.standard" . | indent 4 }}
|
|
||||||
{{- if .Values.service.labels }}
|
|
||||||
{{ toYaml .Values.service.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.service.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml .Values.service.annotations | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
type: {{ .Values.service.type }}
|
|
||||||
{{- if (or (eq .Values.service.type "LoadBalancer") (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort)))) }}
|
|
||||||
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }}
|
|
||||||
loadBalancerSourceRanges:
|
|
||||||
{{- with .Values.service.loadBalancerSourceRanges }}
|
|
||||||
{{ toYaml . | indent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if eq .Values.service.type "ClusterIP" }}
|
|
||||||
{{- if .Values.service.clusterIP }}
|
|
||||||
clusterIP: {{ .Values.service.clusterIP }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
ports:
|
|
||||||
- port: {{ .Values.service.externalPort }}
|
|
||||||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
|
|
||||||
nodePort: {{.Values.service.nodePort}}
|
|
||||||
{{- else }}
|
|
||||||
targetPort: http
|
|
||||||
{{- end }}
|
|
||||||
protocol: TCP
|
|
||||||
name: http
|
|
||||||
selector:
|
|
||||||
app: {{ template "chartmuseum.name" . }}
|
|
||||||
release: {{ .Release.Name | quote }}
|
|
@ -1,17 +0,0 @@
|
|||||||
{{- if .Values.serviceAccount.create -}}
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
{{- if .Values.serviceAccount.name }}
|
|
||||||
name: {{ .Values.serviceAccount.name }}
|
|
||||||
{{- else }}
|
|
||||||
name: {{ include "chartmuseum.fullname" . }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
|
||||||
{{ include "chartmuseum.labels.standard" . | indent 4 }}
|
|
||||||
{{- if .Values.serviceAccount.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
@ -1,34 +0,0 @@
|
|||||||
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }}
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
{{- if .Values.serviceMonitor.labels }}
|
|
||||||
labels:
|
|
||||||
{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
name: {{ template "chartmuseum.fullname" . }}
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
{{- if .Values.serviceMonitor.namespace }}
|
|
||||||
namespace: {{ .Values.serviceMonitor.namespace }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
endpoints:
|
|
||||||
- targetPort: 8080
|
|
||||||
{{- if .Values.serviceMonitor.interval }}
|
|
||||||
interval: {{ .Values.serviceMonitor.interval }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.serviceMonitor.metricsPath }}
|
|
||||||
path: {{ .Values.serviceMonitor.metricsPath }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.serviceMonitor.timeout }}
|
|
||||||
scrapeTimeout: {{ .Values.serviceMonitor.timeout }}
|
|
||||||
{{- end }}
|
|
||||||
jobLabel: {{ template "chartmuseum.fullname" . }}
|
|
||||||
namespaceSelector:
|
|
||||||
matchNames:
|
|
||||||
- {{ .Release.Namespace }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: {{ template "chartmuseum.name" . }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
{{- end }}
|
|
@ -1,306 +0,0 @@
|
|||||||
extraArgs:
|
|
||||||
# - --storage-timestamp-tolerance 1s
|
|
||||||
replicaCount: 1
|
|
||||||
strategy:
|
|
||||||
type: RollingUpdate
|
|
||||||
rollingUpdate:
|
|
||||||
maxUnavailable: 0
|
|
||||||
image:
|
|
||||||
repository: chartmuseum/chartmuseum
|
|
||||||
tag: v0.12.0
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
secret:
|
|
||||||
labels: {}
|
|
||||||
env:
|
|
||||||
open:
|
|
||||||
# storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle
|
|
||||||
STORAGE: local
|
|
||||||
# oss bucket to store charts for alibaba storage backend
|
|
||||||
STORAGE_ALIBABA_BUCKET:
|
|
||||||
# prefix to store charts for alibaba storage backend
|
|
||||||
STORAGE_ALIBABA_PREFIX:
|
|
||||||
# oss endpoint to store charts for alibaba storage backend
|
|
||||||
STORAGE_ALIBABA_ENDPOINT:
|
|
||||||
# server side encryption algorithm for alibaba storage backend, can be one
|
|
||||||
# of: AES256 or KMS
|
|
||||||
STORAGE_ALIBABA_SSE:
|
|
||||||
# s3 bucket to store charts for amazon storage backend
|
|
||||||
STORAGE_AMAZON_BUCKET:
|
|
||||||
# prefix to store charts for amazon storage backend
|
|
||||||
STORAGE_AMAZON_PREFIX:
|
|
||||||
# region of s3 bucket to store charts
|
|
||||||
STORAGE_AMAZON_REGION:
|
|
||||||
# alternative s3 endpoint
|
|
||||||
STORAGE_AMAZON_ENDPOINT:
|
|
||||||
# server side encryption algorithm
|
|
||||||
STORAGE_AMAZON_SSE:
|
|
||||||
# gcs bucket to store charts for google storage backend
|
|
||||||
STORAGE_GOOGLE_BUCKET:
|
|
||||||
# prefix to store charts for google storage backend
|
|
||||||
STORAGE_GOOGLE_PREFIX:
|
|
||||||
# container to store charts for microsoft storage backend
|
|
||||||
STORAGE_MICROSOFT_CONTAINER:
|
|
||||||
# prefix to store charts for microsoft storage backend
|
|
||||||
STORAGE_MICROSOFT_PREFIX:
|
|
||||||
# container to store charts for openstack storage backend
|
|
||||||
STORAGE_OPENSTACK_CONTAINER:
|
|
||||||
# prefix to store charts for openstack storage backend
|
|
||||||
STORAGE_OPENSTACK_PREFIX:
|
|
||||||
# region of openstack container
|
|
||||||
STORAGE_OPENSTACK_REGION:
|
|
||||||
# path to a CA cert bundle for your openstack endpoint
|
|
||||||
STORAGE_OPENSTACK_CACERT:
|
|
||||||
# compartment id for for oracle storage backend
|
|
||||||
STORAGE_ORACLE_COMPARTMENTID:
|
|
||||||
# oci bucket to store charts for oracle storage backend
|
|
||||||
STORAGE_ORACLE_BUCKET:
|
|
||||||
# prefix to store charts for oracle storage backend
|
|
||||||
STORAGE_ORACLE_PREFIX:
|
|
||||||
# form field which will be queried for the chart file content
|
|
||||||
CHART_POST_FORM_FIELD_NAME: chart
|
|
||||||
# form field which will be queried for the provenance file content
|
|
||||||
PROV_POST_FORM_FIELD_NAME: prov
|
|
||||||
# levels of nested repos for multitenancy. The default depth is 0 (singletenant server)
|
|
||||||
DEPTH: 0
|
|
||||||
# show debug messages
|
|
||||||
DEBUG: false
|
|
||||||
# output structured logs as json
|
|
||||||
LOG_JSON: true
|
|
||||||
# disable use of index-cache.yaml
|
|
||||||
DISABLE_STATEFILES: false
|
|
||||||
# disable Prometheus metrics
|
|
||||||
DISABLE_METRICS: true
|
|
||||||
# disable all routes prefixed with /api
|
|
||||||
DISABLE_API: true
|
|
||||||
# allow chart versions to be re-uploaded
|
|
||||||
ALLOW_OVERWRITE: false
|
|
||||||
# absolute url for .tgzs in index.yaml
|
|
||||||
CHART_URL:
|
|
||||||
# allow anonymous GET operations when auth is used
|
|
||||||
AUTH_ANONYMOUS_GET: false
|
|
||||||
# sets the base context path
|
|
||||||
CONTEXT_PATH:
|
|
||||||
# parallel scan limit for the repo indexer
|
|
||||||
INDEX_LIMIT: 0
|
|
||||||
# cache store, can be one of: redis (leave blank for inmemory cache)
|
|
||||||
CACHE:
|
|
||||||
# address of Redis service (host:port)
|
|
||||||
CACHE_REDIS_ADDR:
|
|
||||||
# Redis database to be selected after connect
|
|
||||||
CACHE_REDIS_DB: 0
|
|
||||||
# enable bearer auth
|
|
||||||
BEARER_AUTH: false
|
|
||||||
# auth realm used for bearer auth
|
|
||||||
AUTH_REALM:
|
|
||||||
# auth service used for bearer auth
|
|
||||||
AUTH_SERVICE:
|
|
||||||
field:
|
|
||||||
# POD_IP: status.podIP
|
|
||||||
secret:
|
|
||||||
# username for basic http authentication
|
|
||||||
BASIC_AUTH_USER:
|
|
||||||
# password for basic http authentication
|
|
||||||
BASIC_AUTH_PASS:
|
|
||||||
# GCP service account json file
|
|
||||||
GOOGLE_CREDENTIALS_JSON:
|
|
||||||
# Redis requirepass server configuration
|
|
||||||
CACHE_REDIS_PASSWORD:
|
|
||||||
# Name of an existing secret to get the secret values ftom
|
|
||||||
existingSecret:
|
|
||||||
# Stores Enviromnt Variable to secret key name mappings
|
|
||||||
existingSecretMappings:
|
|
||||||
# username for basic http authentication
|
|
||||||
BASIC_AUTH_USER:
|
|
||||||
# password for basic http authentication
|
|
||||||
BASIC_AUTH_PASS:
|
|
||||||
# GCP service account json file
|
|
||||||
GOOGLE_CREDENTIALS_JSON:
|
|
||||||
# Redis requirepass server configuration
|
|
||||||
CACHE_REDIS_PASSWORD:
|
|
||||||
|
|
||||||
deployment:
|
|
||||||
# Define scheduler name. Use of 'default' if empty
|
|
||||||
schedulerName: ""
|
|
||||||
## Chartmuseum Deployment annotations
|
|
||||||
annotations: {}
|
|
||||||
# name: value
|
|
||||||
labels: {}
|
|
||||||
# name: value
|
|
||||||
matchlabels: {}
|
|
||||||
# name: value
|
|
||||||
replica:
|
|
||||||
## Chartmuseum Replicas annotations
|
|
||||||
annotations: {}
|
|
||||||
## Read more about kube2iam to provide access to s3 https://github.com/jtblin/kube2iam
|
|
||||||
# iam.amazonaws.com/role: role-arn
|
|
||||||
service:
|
|
||||||
servicename:
|
|
||||||
type: ClusterIP
|
|
||||||
externalTrafficPolicy: Local
|
|
||||||
## Limits which cidr blocks can connect to service's load balancer
|
|
||||||
## Only valid if service.type: LoadBalancer
|
|
||||||
loadBalancerSourceRanges: []
|
|
||||||
# clusterIP: None
|
|
||||||
externalPort: 8080
|
|
||||||
nodePort:
|
|
||||||
annotations: {}
|
|
||||||
labels: {}
|
|
||||||
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: false
|
|
||||||
# namespace: prometheus
|
|
||||||
labels: {}
|
|
||||||
metricsPath: "/metrics"
|
|
||||||
# timeout: 60
|
|
||||||
# interval: 60
|
|
||||||
|
|
||||||
resources: {}
|
|
||||||
# limits:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
# requests:
|
|
||||||
# cpu: 80m
|
|
||||||
# memory: 64Mi
|
|
||||||
|
|
||||||
probes:
|
|
||||||
liveness:
|
|
||||||
initialDelaySeconds: 5
|
|
||||||
periodSeconds: 10
|
|
||||||
timeoutSeconds: 1
|
|
||||||
successThreshold: 1
|
|
||||||
failureThreshold: 3
|
|
||||||
readiness:
|
|
||||||
initialDelaySeconds: 5
|
|
||||||
periodSeconds: 10
|
|
||||||
timeoutSeconds: 1
|
|
||||||
successThreshold: 1
|
|
||||||
failureThreshold: 3
|
|
||||||
|
|
||||||
serviceAccount:
|
|
||||||
create: false
|
|
||||||
# name:
|
|
||||||
## Annotations for the Service Account
|
|
||||||
annotations: {}
|
|
||||||
|
|
||||||
# UID/GID 1000 is the default user "chartmuseum" used in
|
|
||||||
# the container image starting in v0.8.0 and above. This
|
|
||||||
# is required for local persistent storage. If your cluster
|
|
||||||
# does not allow this, try setting securityContext: {}
|
|
||||||
securityContext:
|
|
||||||
enabled: true
|
|
||||||
fsGroup: 1000
|
|
||||||
## Optionally, specify supplementalGroups and/or
|
|
||||||
## runAsNonRoot for security purposes
|
|
||||||
# runAsNonRoot: true
|
|
||||||
# supplementalGroups: [1000]
|
|
||||||
|
|
||||||
containerSecurityContext: {}
|
|
||||||
|
|
||||||
priorityClassName: ""
|
|
||||||
|
|
||||||
nodeSelector: {}
|
|
||||||
|
|
||||||
tolerations: []
|
|
||||||
|
|
||||||
affinity: {}
|
|
||||||
|
|
||||||
persistence:
|
|
||||||
enabled: false
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 8Gi
|
|
||||||
labels: {}
|
|
||||||
path: /storage
|
|
||||||
# name: value
|
|
||||||
## A manually managed Persistent Volume and Claim
|
|
||||||
## Requires persistence.enabled: true
|
|
||||||
## If defined, PVC must be created manually before volume will be bound
|
|
||||||
# existingClaim:
|
|
||||||
|
|
||||||
## Chartmuseum data Persistent Volume Storage Class
|
|
||||||
## If defined, storageClassName: <storageClass>
|
|
||||||
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
||||||
## If undefined (the default) or set to null, no storageClassName spec is
|
|
||||||
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
||||||
## GKE, AWS & OpenStack)
|
|
||||||
##
|
|
||||||
# storageClass: "-"
|
|
||||||
# volumeName:
|
|
||||||
pv:
|
|
||||||
enabled: false
|
|
||||||
pvname:
|
|
||||||
capacity:
|
|
||||||
storage: 8Gi
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
nfs:
|
|
||||||
server:
|
|
||||||
path:
|
|
||||||
|
|
||||||
## Init containers parameters:
|
|
||||||
## volumePermissions: Change the owner of the persistent volume mountpoint to RunAsUser:fsGroup
|
|
||||||
##
|
|
||||||
volumePermissions:
|
|
||||||
image:
|
|
||||||
registry: docker.io
|
|
||||||
repository: bitnami/minideb
|
|
||||||
tag: buster
|
|
||||||
pullPolicy: Always
|
|
||||||
## Optionally specify an array of imagePullSecrets.
|
|
||||||
## Secrets must be manually created in the namespace.
|
|
||||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
||||||
##
|
|
||||||
# pullSecrets:
|
|
||||||
# - myRegistryKeySecretName
|
|
||||||
|
|
||||||
## Ingress for load balancer
|
|
||||||
ingress:
|
|
||||||
enabled: false
|
|
||||||
## Chartmuseum Ingress labels
|
|
||||||
##
|
|
||||||
# labels:
|
|
||||||
# dns: "route53"
|
|
||||||
|
|
||||||
## Chartmuseum Ingress annotations
|
|
||||||
##
|
|
||||||
# annotations:
|
|
||||||
# kubernetes.io/ingress.class: nginx
|
|
||||||
# kubernetes.io/tls-acme: "true"
|
|
||||||
|
|
||||||
## Chartmuseum Ingress hostnames
|
|
||||||
## Must be provided if Ingress is enabled
|
|
||||||
##
|
|
||||||
# hosts:
|
|
||||||
# - name: chartmuseum.domain1.com
|
|
||||||
# path: /
|
|
||||||
# tls: false
|
|
||||||
# - name: chartmuseum.domain2.com
|
|
||||||
# path: /
|
|
||||||
#
|
|
||||||
# ## Set this to true in order to enable TLS on the ingress record
|
|
||||||
# tls: true
|
|
||||||
#
|
|
||||||
# ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
|
|
||||||
# ## Secrets must be added manually to the namespace
|
|
||||||
# tlsSecret: chartmuseum.domain2-tls
|
|
||||||
|
|
||||||
# Adding secrets to tiller is not a great option, so If you want to use an existing
|
|
||||||
# secret that contains the json file, you can use the following entries
|
|
||||||
gcp:
|
|
||||||
secret:
|
|
||||||
enabled: false
|
|
||||||
# Name of the secret that contains the encoded json
|
|
||||||
name:
|
|
||||||
# Secret key that holds the json value.
|
|
||||||
key: credentials.json
|
|
||||||
oracle:
|
|
||||||
secret:
|
|
||||||
enabled: false
|
|
||||||
# Name of the secret that contains the encoded config and key
|
|
||||||
name:
|
|
||||||
# Secret key that holds the oci config
|
|
||||||
config: config
|
|
||||||
# Secret key that holds the oci private key
|
|
||||||
key_file: key_file
|
|
||||||
bearerAuth:
|
|
||||||
secret:
|
|
||||||
enabled: false
|
|
||||||
publicKeySecret: chartmuseum-public-key
|
|
@ -1,22 +0,0 @@
|
|||||||
# Patterns to ignore when building packages.
|
|
||||||
# This supports shell glob matching, relative path matching, and
|
|
||||||
# negation (prefixed with !). Only one pattern per line.
|
|
||||||
.DS_Store
|
|
||||||
# Common VCS dirs
|
|
||||||
.git/
|
|
||||||
.gitignore
|
|
||||||
.bzr/
|
|
||||||
.bzrignore
|
|
||||||
.hg/
|
|
||||||
.hgignore
|
|
||||||
.svn/
|
|
||||||
# Common backup files
|
|
||||||
*.swp
|
|
||||||
*.bak
|
|
||||||
*.tmp
|
|
||||||
*~
|
|
||||||
# Various IDEs
|
|
||||||
.project
|
|
||||||
.idea/
|
|
||||||
*.tmproj
|
|
||||||
.vscode/
|
|
@ -1,11 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
appVersion: "1.2.1"
|
|
||||||
description: The simplest and most complete UI for your private registry
|
|
||||||
name: docker-registry-ui
|
|
||||||
home: https://github.com/Joxit/docker-registry-ui
|
|
||||||
keywords:
|
|
||||||
- docker
|
|
||||||
- registry
|
|
||||||
sources:
|
|
||||||
- https://github.com/Joxit/docker-registry-ui
|
|
||||||
version: 0.1.0
|
|
@ -1,97 +0,0 @@
|
|||||||
# docker-registry-ui
|
|
||||||
|
|
||||||
[docker-registry-ui](https://joxit.dev/docker-registry-ui/) is the simplest and most complete UI for your private registry!
|
|
||||||
|
|
||||||
|
|
||||||
## TL;DR;
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ helm install .
|
|
||||||
```
|
|
||||||
|
|
||||||
## Introduction
|
|
||||||
|
|
||||||
This chart bootstraps a [docker-registry-ui](https://joxit.dev/docker-registry-ui/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
|
||||||
|
|
||||||
It also may deploy the [docker registry](https://docs.docker.com/registry/) if you havent have one already.
|
|
||||||
|
|
||||||
## Prerequisites
|
|
||||||
|
|
||||||
- Kubernetes 1.9+ with Beta APIs enabled
|
|
||||||
- PV provisioner support in the underlying infrastructure
|
|
||||||
|
|
||||||
## Installing the Chart
|
|
||||||
|
|
||||||
To install the chart with the release name `my-release`:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ helm update --install my-release .
|
|
||||||
```
|
|
||||||
|
|
||||||
The command deploys docker-registry-ui on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
|
|
||||||
|
|
||||||
> **Tip**: List all releases using `helm list`
|
|
||||||
|
|
||||||
## Uninstalling the Chart
|
|
||||||
|
|
||||||
To uninstall/delete the `my-release` deployment:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ helm delete my-release
|
|
||||||
```
|
|
||||||
|
|
||||||
The command removes all the Kubernetes components associated with the chart and deletes the release.
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
The following table lists the configurable parameters of the Redmine chart and their default values.
|
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
|
||||||
| --------------------------------- | ---------------------------------------- | ------------------------------------------------------- |
|
|
||||||
| `ui.title` | Title of the managed repository | `Docker registry UI` |
|
|
||||||
| `ui.delete_images` | Allow to delete image from the front-end | `false` |
|
|
||||||
| `ui.proxy` | The UI service act as a proxy of the registry | `true` |
|
|
||||||
| `ui.replicaCount` | Number of replicas to start | `1` |
|
|
||||||
| `ui.image.registry` | registry to pull the docker-registry-ui image from | `docker.io` |
|
|
||||||
| `ui.image.repository` | docker-registry-ui image name | `joxit/docker-registry-ui` |
|
|
||||||
| `ui.image.tag` | docker-registry-ui image tag (change to latest to have multi registry support) | `static` |
|
|
||||||
| `ui.image.pullPolicy` | docker-registry-ui image pull policy | `Always` |
|
|
||||||
| `ui.probe.liveness` | Ask kubernetes to check the service port for liveness | `true` |
|
|
||||||
| `ui.probe.readyness ` | Ask kubernetes to check the service port for readyness | `true` |
|
|
||||||
| `ui.service.type` | Desired service type | `ClusterIP` |
|
|
||||||
| `ui.service.port` | Service exposed port | `80` |
|
|
||||||
| `ui.ingress.enabled` | Create an ingress for docker-regstry-ui | `false` |
|
|
||||||
| `registry.external` | Use an already available registry | `false` |
|
|
||||||
| `registry.url` | URL of the existing registry | `http://localhost:5000` |
|
|
||||||
| `registry.replicaCount` | Number of replicas to start | `1` |
|
|
||||||
| `registry.image.registry` | registry to pull the docker-registry image from | `docker.io` |
|
|
||||||
| `registry.image.repository` | docker-registry-ui image name | `registry` |
|
|
||||||
| `registry.image.tag` | docker-registry-ui image tag | `2.6.2` |
|
|
||||||
| `registry.image.pullPolicy` | docker-registry-ui image pull policy | `Always` |
|
|
||||||
| `registry.probe.liveness` | Ask kubernetes to check the service port for liveness | `true` |
|
|
||||||
| `registry.probe.readyness ` | Ask kubernetes to check the service port for readyness | `true` |
|
|
||||||
| `registry.persistence.enabled` | Enable persistence using PVC for the registry | `false` |
|
|
||||||
| `registry.persistence.storageClass` | PVC Storage Class | `-` |
|
|
||||||
| `registry.persistence.size` | PVC Storage Request size | `1Gi` |
|
|
||||||
| `registry.service.type` | Desired service type | `ClusterIP` |
|
|
||||||
| `registry.service.port` | Service exposed port | `5000` |
|
|
||||||
| `registry.ingress.enabled` | Create an ingress for the regstry | `false` |
|
|
||||||
|
|
||||||
|
|
||||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ helm upgrade --install my-release \
|
|
||||||
--set registry.external=true \
|
|
||||||
--set registry.url=http://registry.example.com:5000 \
|
|
||||||
.
|
|
||||||
```
|
|
||||||
|
|
||||||
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ helm upgrade --install my-release -f values.yaml .
|
|
||||||
```
|
|
||||||
|
|
||||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
|
||||||
|
|
@ -1,147 +0,0 @@
|
|||||||
{{/* vim: set filetype=mustache: */}}
|
|
||||||
{{/*
|
|
||||||
Expand the name of the chart.
|
|
||||||
*/}}
|
|
||||||
{{- define "docker-registry-ui.name" -}}
|
|
||||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create a default fully qualified app name.
|
|
||||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
||||||
If release name contains chart name it will be used as a full name.
|
|
||||||
*/}}
|
|
||||||
{{- define "docker-registry-ui.fullname" -}}
|
|
||||||
{{- if .Values.ui.fullnameOverride -}}
|
|
||||||
{{- .Values.ui.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
|
||||||
{{- if contains $name .Release.Name -}}
|
|
||||||
{{- printf "%s-ui" .Release.Name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- printf "%s-ui-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "docker-registry.fullname" -}}
|
|
||||||
{{- if .Values.registry.fullnameOverride -}}
|
|
||||||
{{- .Values.registry.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
|
||||||
{{- if contains $name .Release.Name -}}
|
|
||||||
{{- printf "%s-registry" .Release.Name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- printf "%s-registry-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create chart name and version as used by the chart label.
|
|
||||||
*/}}
|
|
||||||
{{- define "docker-registry-ui.chart" -}}
|
|
||||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Common labels
|
|
||||||
*/}}
|
|
||||||
{{- define "docker-registry-ui.labels" -}}
|
|
||||||
app: registry-ui
|
|
||||||
chart: {{ include "docker-registry-ui.chart" . }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
{{- if .Chart.AppVersion }}
|
|
||||||
app/version: {{ .Chart.AppVersion | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "docker-registry-ui.matchLabels" -}}
|
|
||||||
app: registry-ui
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "docker-registry.labels" -}}
|
|
||||||
app: registry
|
|
||||||
chart: {{ include "docker-registry-ui.chart" . }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
{{- if .Chart.AppVersion }}
|
|
||||||
app/version: {{ .Chart.AppVersion | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "docker-registry.matchLabels" -}}
|
|
||||||
app: registry
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "docker-registry-ui.probes" -}}
|
|
||||||
{{- if and .Values.ui.probe.liveness (eq .Values.ui.probe.liveness true) -}}
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: http
|
|
||||||
{{- end -}}
|
|
||||||
{{- if and .Values.ui.probe.readiness (eq .Values.ui.probe.readiness true) }}
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: http
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "docker-registry.probes" -}}
|
|
||||||
{{- if and .Values.registry.probe.liveness (eq .Values.registry.probe.liveness true) -}}
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /v2/
|
|
||||||
port: registry
|
|
||||||
{{- end -}}
|
|
||||||
{{- if and .Values.registry.probe.readiness (eq .Values.registry.probe.readiness true) }}
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /v2/
|
|
||||||
port: registry
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "docker-registry-ui.url-name" -}}
|
|
||||||
{{- if eq .Values.ui.proxy true -}}
|
|
||||||
REGISTRY_URL
|
|
||||||
{{- else -}}
|
|
||||||
URL
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "docker-registry-ui.url-value" -}}
|
|
||||||
{{- if eq .Values.registry.external true -}}
|
|
||||||
{{ .Values.registry.url }}
|
|
||||||
{{- else -}}
|
|
||||||
{{- $fullName := include "docker-registry.fullname" . -}}
|
|
||||||
{{ printf "http://%s.%s:%.0f" $fullName .Release.Namespace .Values.registry.service.port }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "docker-registry-ui.pull" -}}
|
|
||||||
{{- if eq .Values.registry.external true -}}
|
|
||||||
{{ .Values.registry.url }}
|
|
||||||
{{- else -}}
|
|
||||||
{{- if eq .Values.ui.proxy true -}}
|
|
||||||
{{- if eq .Values.ui.ingress.enabled true -}}
|
|
||||||
{{- $host := index .Values.ui.ingress.hosts 0 -}}
|
|
||||||
{{ $host.host }}
|
|
||||||
{{- else -}}
|
|
||||||
{{- $fullName := include "docker-registry-ui.fullname" . -}}
|
|
||||||
{{ printf "%s.%s:%.0f" $fullName .Release.Namespace .Values.ui.service.port }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- if eq .Values.registry.ingress.enabled true -}}
|
|
||||||
{{- $host := index .Values.registry.ingress.hosts 0 -}}
|
|
||||||
{{ $host.host }}
|
|
||||||
{{- else -}}
|
|
||||||
{{- $fullName := include "docker-registry.fullname" . -}}
|
|
||||||
{{ printf "%s.%s:%.0f" $fullName .Release.Namespace .Values.registry.service.port }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
@ -1,31 +0,0 @@
|
|||||||
{{- if eq .Values.registry.external false -}}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ include "docker-registry.fullname" . }}
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry.labels" . | indent 4 }}
|
|
||||||
data:
|
|
||||||
config.yml: |-
|
|
||||||
version: 0.1
|
|
||||||
log:
|
|
||||||
fields:
|
|
||||||
service: registry
|
|
||||||
storage:
|
|
||||||
delete:
|
|
||||||
enabled: true
|
|
||||||
cache:
|
|
||||||
blobdescriptor: inmemory
|
|
||||||
filesystem:
|
|
||||||
rootdirectory: /var/lib/registry
|
|
||||||
http:
|
|
||||||
addr: :5000
|
|
||||||
headers:
|
|
||||||
X-Content-Type-Options: [nosniff]
|
|
||||||
Access-Control-Allow-Origin: ['*']
|
|
||||||
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
|
|
||||||
Access-Control-Allow-Headers: ['Authorization']
|
|
||||||
Access-Control-Max-Age: [1728000]
|
|
||||||
Access-Control-Allow-Credentials: [true]
|
|
||||||
Access-Control-Expose-Headers: ['Docker-Content-Digest']
|
|
||||||
{{- end -}}
|
|
@ -1,62 +0,0 @@
|
|||||||
{{- if eq .Values.registry.external false -}}
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ include "docker-registry.fullname" . }}
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry.labels" . | indent 4 }}
|
|
||||||
spec:
|
|
||||||
replicas: {{ .Values.registry.replicaCount }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{ include "docker-registry.matchLabels" . | indent 6 }}
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry.matchLabels" . | indent 8 }}
|
|
||||||
spec:
|
|
||||||
{{- with .Values.imagePullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
volumes:
|
|
||||||
- name: config
|
|
||||||
configMap:
|
|
||||||
defaultMode: 420
|
|
||||||
name: {{ include "docker-registry.fullname" . }}
|
|
||||||
- name: data
|
|
||||||
{{- if .Values.registry.persistence.enabled }}
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ include "docker-registry.fullname" . }}
|
|
||||||
{{- else }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end }}
|
|
||||||
containers:
|
|
||||||
- name: registry
|
|
||||||
image: "{{ .Values.registry.image.registry }}/{{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}"
|
|
||||||
imagePullPolicy: {{ .Values.registry.image.pullPolicy }}
|
|
||||||
ports:
|
|
||||||
- name: registry
|
|
||||||
containerPort: 5000
|
|
||||||
protocol: TCP
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: "/var/lib/registry"
|
|
||||||
name: "data"
|
|
||||||
- mountPath: "/etc/docker/registry"
|
|
||||||
name: "config"
|
|
||||||
{{ include "docker-registry.probes" . | indent 10 }}
|
|
||||||
resources:
|
|
||||||
{{- toYaml .Values.registry.resources | nindent 12 }}
|
|
||||||
{{- with .Values.nodeSelector }}
|
|
||||||
nodeSelector:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.tolerations }}
|
|
||||||
tolerations:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
@ -1,34 +0,0 @@
|
|||||||
{{- if and (eq .Values.registry.external false) (and (eq .Values.ui.proxy false) .Values.registry.ingress.enabled) -}}
|
|
||||||
{{- $fullName := include "docker-registry.fullname" . -}}
|
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: {{ $fullName }}
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry.labels" . | indent 4 }}
|
|
||||||
{{- with .Values.registry.ingress.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if .Values.registry.ingress.tls }}
|
|
||||||
tls:
|
|
||||||
{{- range .Values.registry.ingress.tls }}
|
|
||||||
- hosts:
|
|
||||||
{{- range .hosts }}
|
|
||||||
- {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
secretName: {{ .secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
rules:
|
|
||||||
{{- range .Values.registry.ingress.hosts }}
|
|
||||||
- host: {{ .host | quote }}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
backend:
|
|
||||||
serviceName: {{ $fullName }}
|
|
||||||
servicePort: registry
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
@ -1,23 +0,0 @@
|
|||||||
{{- if and (eq .Values.registry.external false) .Values.registry.persistence.enabled -}}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry.labels" . | indent 4 }}
|
|
||||||
name: {{ include "docker-registry.fullname" . }}
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
{{- range .Values.registry.persistence.accessModes }}
|
|
||||||
- {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{ .Values.registry.persistence.size }}
|
|
||||||
{{- if .Values.registry.persistence.storageClass }}
|
|
||||||
{{- if (eq "-" .Values.registry.persistence.storageClass) }}
|
|
||||||
storageClassName: ""
|
|
||||||
{{- else }}
|
|
||||||
storageClassName: {{ .Values.registry.persistence.storageClass | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
@ -1,17 +0,0 @@
|
|||||||
{{- if eq .Values.registry.external false -}}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ include "docker-registry.fullname" . }}
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry.labels" . | indent 4 }}
|
|
||||||
spec:
|
|
||||||
type: {{ .Values.registry.service.type }}
|
|
||||||
ports:
|
|
||||||
- port: {{ .Values.registry.service.port }}
|
|
||||||
targetPort: registry
|
|
||||||
protocol: TCP
|
|
||||||
name: registry
|
|
||||||
selector:
|
|
||||||
{{ include "docker-registry.matchLabels" . | indent 6 }}
|
|
||||||
{{- end -}}
|
|
@ -1,52 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ include "docker-registry-ui.fullname" . }}
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry-ui.labels" . | indent 4 }}
|
|
||||||
spec:
|
|
||||||
replicas: {{ .Values.ui.replicaCount }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{ include "docker-registry-ui.matchLabels" . | indent 6 }}
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry-ui.matchLabels" . | indent 8 }}
|
|
||||||
spec:
|
|
||||||
{{- with .Values.imagePullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
containers:
|
|
||||||
- name: registry-ui
|
|
||||||
image: "{{ .Values.ui.image.registry }}/{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}"
|
|
||||||
imagePullPolicy: {{ .Values.ui.image.pullPolicy }}
|
|
||||||
env:
|
|
||||||
- name: REGISTRY_TITLE
|
|
||||||
value: {{ .Values.ui.title| quote }}
|
|
||||||
- name: DELETE_IMAGES
|
|
||||||
value: {{ .Values.ui.delete_images| quote }}
|
|
||||||
- name: {{ include "docker-registry-ui.url-name" . }}
|
|
||||||
value: {{ include "docker-registry-ui.url-value" . | quote }}
|
|
||||||
- name: PULL_URL
|
|
||||||
value: {{ include "docker-registry-ui.pull" . | quote }}
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
containerPort: 80
|
|
||||||
protocol: TCP
|
|
||||||
{{ include "docker-registry-ui.probes" . | indent 10 }}
|
|
||||||
resources:
|
|
||||||
{{- toYaml .Values.ui.resources | nindent 12 }}
|
|
||||||
{{- with .Values.ui.nodeSelector }}
|
|
||||||
nodeSelector:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.ui.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.ui.tolerations }}
|
|
||||||
tolerations:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
@ -1,34 +0,0 @@
|
|||||||
{{- if .Values.ui.ingress.enabled -}}
|
|
||||||
{{- $fullName := include "docker-registry-ui.fullname" . -}}
|
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: {{ $fullName }}
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry-ui.labels" . | indent 4 }}
|
|
||||||
{{- with .Values.ui.ingress.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if .Values.ui.ingress.tls }}
|
|
||||||
tls:
|
|
||||||
{{- range .Values.ui.ingress.tls }}
|
|
||||||
- hosts:
|
|
||||||
{{- range .hosts }}
|
|
||||||
- {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
secretName: {{ .secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
rules:
|
|
||||||
{{- range .Values.ui.ingress.hosts }}
|
|
||||||
- host: {{ .host | quote }}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
backend:
|
|
||||||
serviceName: {{ $fullName }}
|
|
||||||
servicePort: http
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@ -1,15 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ include "docker-registry-ui.fullname" . }}
|
|
||||||
labels:
|
|
||||||
{{ include "docker-registry-ui.labels" . | indent 4 }}
|
|
||||||
spec:
|
|
||||||
type: {{ .Values.ui.service.type }}
|
|
||||||
ports:
|
|
||||||
- port: {{ .Values.ui.service.port }}
|
|
||||||
targetPort: http
|
|
||||||
protocol: TCP
|
|
||||||
name: http
|
|
||||||
selector:
|
|
||||||
{{ include "docker-registry-ui.matchLabels" . | indent 6 }}
|
|
@ -1,129 +0,0 @@
|
|||||||
# Default values for docker-registry-ui.
|
|
||||||
# This is a YAML-formatted file.
|
|
||||||
# Declare variables to be passed into your templates.
|
|
||||||
|
|
||||||
|
|
||||||
ui:
|
|
||||||
# title of the registry
|
|
||||||
title: "Docker registry UI"
|
|
||||||
# allow delete of images
|
|
||||||
delete_images: false
|
|
||||||
# UI behave as a proxy of the registry
|
|
||||||
proxy: true
|
|
||||||
|
|
||||||
replicaCount: 1
|
|
||||||
image:
|
|
||||||
registry: docker.io
|
|
||||||
repository: joxit/docker-registry-ui
|
|
||||||
tag: static
|
|
||||||
pullPolicy: Always
|
|
||||||
probe:
|
|
||||||
liveness: true
|
|
||||||
readiness: true
|
|
||||||
|
|
||||||
resources: {}
|
|
||||||
# If you do want to specify resources, uncomment the following
|
|
||||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
||||||
# limits:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
# requests:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
nodeSelector: {}
|
|
||||||
tolerations: []
|
|
||||||
affinity: {}
|
|
||||||
fullnameOverride: ""
|
|
||||||
|
|
||||||
service:
|
|
||||||
type: ClusterIP
|
|
||||||
port: 80
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
enabled: false
|
|
||||||
annotations: {}
|
|
||||||
# kubernetes.io/ingress.class: nginx
|
|
||||||
# kubernetes.io/tls-acme: "true"
|
|
||||||
hosts:
|
|
||||||
- host: docker-registry-ui.local
|
|
||||||
|
|
||||||
tls: []
|
|
||||||
# - secretName: chart-example-tls
|
|
||||||
# hosts:
|
|
||||||
# - chart-example.local
|
|
||||||
|
|
||||||
|
|
||||||
registry:
|
|
||||||
external: false
|
|
||||||
# URL of the registry (requiered. Note: this wont work as localhost is inside the container. Only used if the registry is external)
|
|
||||||
url: http://localhost:5000
|
|
||||||
|
|
||||||
replicaCount: 1
|
|
||||||
# Image definition for the registry (Only used if the registry is not external)
|
|
||||||
image:
|
|
||||||
registry: docker.io
|
|
||||||
repository: registry
|
|
||||||
tag: 2.7.1
|
|
||||||
pullPolicy: Always
|
|
||||||
probe:
|
|
||||||
liveness: true
|
|
||||||
readiness: true
|
|
||||||
resources: {}
|
|
||||||
# If you do want to specify resources, uncomment the following
|
|
||||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
||||||
# limits:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
# requests:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
nodeSelector: {}
|
|
||||||
tolerations: []
|
|
||||||
affinity: {}
|
|
||||||
fullnameOverride: ""
|
|
||||||
|
|
||||||
|
|
||||||
persistence:
|
|
||||||
## If true, use a Persistent Volume Claim, If false, use emptyDir
|
|
||||||
##
|
|
||||||
enabled: false
|
|
||||||
## Persistent Volume Storage Class
|
|
||||||
## If defined, storageClassName: <storageClass>
|
|
||||||
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
||||||
## If undefined (the default) or set to null, no storageClassName spec is
|
|
||||||
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
||||||
## GKE, AWS & OpenStack)
|
|
||||||
##
|
|
||||||
# storageClass: "-"
|
|
||||||
## Persistent Volume Claim annotations
|
|
||||||
##
|
|
||||||
annotations:
|
|
||||||
## Persistent Volume Access Mode
|
|
||||||
##
|
|
||||||
accessModes:
|
|
||||||
# This have to be ReadWriteMany if replicaCount>1
|
|
||||||
- ReadWriteOnce
|
|
||||||
## Persistent Volume size
|
|
||||||
##
|
|
||||||
size: 1Gi
|
|
||||||
##
|
|
||||||
|
|
||||||
service:
|
|
||||||
type: ClusterIP
|
|
||||||
port: 5000
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
enabled: false
|
|
||||||
annotations: {}
|
|
||||||
# kubernetes.io/ingress.class: nginx
|
|
||||||
# kubernetes.io/tls-acme: "true"
|
|
||||||
hosts:
|
|
||||||
- host: docker-registry.local
|
|
||||||
|
|
||||||
tls: []
|
|
||||||
# - secretName: chart-example-tls
|
|
||||||
# hosts:
|
|
||||||
# - chart-example.local
|
|
||||||
|
|
||||||
imagePullSecrets: []
|
|
||||||
nameOverride: ""
|
|
@ -1,21 +0,0 @@
|
|||||||
# Patterns to ignore when building packages.
|
|
||||||
# This supports shell glob matching, relative path matching, and
|
|
||||||
# negation (prefixed with !). Only one pattern per line.
|
|
||||||
.DS_Store
|
|
||||||
# Common VCS dirs
|
|
||||||
.git/
|
|
||||||
.gitignore
|
|
||||||
.bzr/
|
|
||||||
.bzrignore
|
|
||||||
.hg/
|
|
||||||
.hgignore
|
|
||||||
.svn/
|
|
||||||
# Common backup files
|
|
||||||
*.swp
|
|
||||||
*.bak
|
|
||||||
*.tmp
|
|
||||||
*~
|
|
||||||
# Various IDEs
|
|
||||||
.project
|
|
||||||
.idea/
|
|
||||||
*.tmproj
|
|
@ -1,10 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
description: DEPRECATED A Helm chart for Docker Registry
|
|
||||||
name: docker-registry
|
|
||||||
version: 1.9.6
|
|
||||||
appVersion: 2.7.1
|
|
||||||
home: https://hub.docker.com/_/registry/
|
|
||||||
icon: https://hub.docker.com/public/images/logos/mini-logo.svg
|
|
||||||
sources:
|
|
||||||
- https://github.com/docker/distribution-library-image
|
|
||||||
deprecated: true
|
|
@ -1,95 +0,0 @@
|
|||||||
# ⚠️ Repo Archive Notice
|
|
||||||
|
|
||||||
As of Nov 13, 2020, charts in this repo will no longer be updated.
|
|
||||||
For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/).
|
|
||||||
|
|
||||||
# Docker Registry Helm Chart
|
|
||||||
|
|
||||||
This directory contains a Kubernetes chart to deploy a private Docker Registry.
|
|
||||||
|
|
||||||
## DEPRECATION NOTICE
|
|
||||||
|
|
||||||
This chart is deprecated and no longer supported.
|
|
||||||
|
|
||||||
## Prerequisites Details
|
|
||||||
|
|
||||||
* PV support on underlying infrastructure (if persistence is required)
|
|
||||||
|
|
||||||
## Chart Details
|
|
||||||
|
|
||||||
This chart will do the following:
|
|
||||||
|
|
||||||
* Implement a Docker registry deployment
|
|
||||||
|
|
||||||
## Installing the Chart
|
|
||||||
|
|
||||||
To install the chart, use the following:
|
|
||||||
|
|
||||||
```console
|
|
||||||
$ helm install stable/docker-registry
|
|
||||||
```
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
The following table lists the configurable parameters of the docker-registry chart and
|
|
||||||
their default values.
|
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
|
||||||
|:----------------------------|:-------------------------------------------------------------------------------------------|:----------------|
|
|
||||||
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
|
|
||||||
| `image.repository` | Container image to use | `registry` |
|
|
||||||
| `image.tag` | Container image tag to deploy | `2.7.1` |
|
|
||||||
| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
|
|
||||||
| `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` |
|
|
||||||
| `persistence.enabled` | Whether to use a PVC for the Docker storage | `false` |
|
|
||||||
| `persistence.deleteEnabled` | Enable the deletion of image blobs and manifests by digest | `nil` |
|
|
||||||
| `persistence.size` | Amount of space to claim for PVC | `10Gi` |
|
|
||||||
| `persistence.storageClass` | Storage Class to use for PVC | `-` |
|
|
||||||
| `persistence.existingClaim` | Name of an existing PVC to use for config | `nil` |
|
|
||||||
| `service.port` | TCP port on which the service is exposed | `5000` |
|
|
||||||
| `service.type` | service type | `ClusterIP` |
|
|
||||||
| `service.clusterIP` | if `service.type` is `ClusterIP` and this is non-empty, sets the cluster IP of the service | `nil` |
|
|
||||||
| `service.nodePort` | if `service.type` is `NodePort` and this is non-empty, sets the node port of the service | `nil` |
|
|
||||||
| `service.loadBalancerIP | if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerIP of the service | `nil` |
|
|
||||||
| `service.loadBalancerSourceRanges`| if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerSourceRanges of the service | `nil` |
|
|
||||||
| `replicaCount` | k8s replicas | `1` |
|
|
||||||
| `updateStrategy` | update strategy for deployment | `{}` |
|
|
||||||
| `podAnnotations` | Annotations for pod | `{}` |
|
|
||||||
| `podLabels` | Labels for pod | `{}` |
|
|
||||||
| `podDisruptionBudget` | Pod disruption budget | `{}` |
|
|
||||||
| `resources.limits.cpu` | Container requested CPU | `nil` |
|
|
||||||
| `resources.limits.memory` | Container requested memory | `nil` |
|
|
||||||
| `priorityClassName ` | priorityClassName | `""` |
|
|
||||||
| `storage` | Storage system to use | `filesystem` |
|
|
||||||
| `tlsSecretName` | Name of secret for TLS certs | `nil` |
|
|
||||||
| `secrets.htpasswd` | Htpasswd authentication | `nil` |
|
|
||||||
| `secrets.s3.accessKey` | Access Key for S3 configuration | `nil` |
|
|
||||||
| `secrets.s3.secretKey` | Secret Key for S3 configuration | `nil` |
|
|
||||||
| `secrets.swift.username` | Username for Swift configuration | `nil` |
|
|
||||||
| `secrets.swift.password` | Password for Swift configuration | `nil` |
|
|
||||||
| `haSharedSecret` | Shared secret for Registry | `nil` |
|
|
||||||
| `configData` | Configuration hash for docker | `nil` |
|
|
||||||
| `s3.region` | S3 region | `nil` |
|
|
||||||
| `s3.regionEndpoint` | S3 region endpoint | `nil` |
|
|
||||||
| `s3.bucket` | S3 bucket name | `nil` |
|
|
||||||
| `s3.encrypt` | Store images in encrypted format | `nil` |
|
|
||||||
| `s3.secure` | Use HTTPS | `nil` |
|
|
||||||
| `swift.authurl` | Swift authurl | `nil` |
|
|
||||||
| `swift.container` | Swift container | `nil` |
|
|
||||||
| `nodeSelector` | node labels for pod assignment | `{}` |
|
|
||||||
| `affinity` | affinity settings | `{}` |
|
|
||||||
| `tolerations` | pod tolerations | `[]` |
|
|
||||||
| `ingress.enabled` | If true, Ingress will be created | `false` |
|
|
||||||
| `ingress.annotations` | Ingress annotations | `{}` |
|
|
||||||
| `ingress.labels` | Ingress labels | `{}` |
|
|
||||||
| `ingress.path` | Ingress service path | `/` |
|
|
||||||
| `ingress.hosts` | Ingress hostnames | `[]` |
|
|
||||||
| `ingress.tls` | Ingress TLS configuration (YAML) | `[]` |
|
|
||||||
| `extraVolumeMounts` | Additional volumeMounts to the registry container | `[]` |
|
|
||||||
| `extraVolumes` | Additional volumes to the pod | `[]` |
|
|
||||||
|
|
||||||
Specify each parameter using the `--set key=value[,key=value]` argument to
|
|
||||||
`helm install`.
|
|
||||||
|
|
||||||
To generate htpasswd file, run this docker command:
|
|
||||||
`docker run --entrypoint htpasswd registry:2 -Bbn user password > ./htpasswd`.
|
|
@ -1,19 +0,0 @@
|
|||||||
1. Get the application URL by running these commands:
|
|
||||||
{{- if .Values.ingress.enabled }}
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else if contains "NodePort" .Values.service.type }}
|
|
||||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "docker-registry.fullname" . }})
|
|
||||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
|
||||||
echo http://$NODE_IP:$NODE_PORT
|
|
||||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
|
||||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
|
||||||
You can watch the status of by running 'kubectl get svc -w {{ template "docker-registry.fullname" . }}'
|
|
||||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "docker-registry.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
|
||||||
echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
|
|
||||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
|
||||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "docker-registry.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
|
||||||
echo "Visit http://127.0.0.1:8080 to use your application"
|
|
||||||
kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8080:5000
|
|
||||||
{{- end }}
|
|
@ -1,24 +0,0 @@
|
|||||||
{{/* vim: set filetype=mustache: */}}
|
|
||||||
{{/*
|
|
||||||
Expand the name of the chart.
|
|
||||||
*/}}
|
|
||||||
{{- define "docker-registry.name" -}}
|
|
||||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create a default fully qualified app name.
|
|
||||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
||||||
*/}}
|
|
||||||
{{- define "docker-registry.fullname" -}}
|
|
||||||
{{- if .Values.fullnameOverride -}}
|
|
||||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
|
||||||
{{- if contains $name .Release.Name -}}
|
|
||||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
@ -1,12 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-config
|
|
||||||
labels:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
|
||||||
heritage: {{ .Release.Service }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
data:
|
|
||||||
config.yml: |-
|
|
||||||
{{ toYaml .Values.configData | indent 4 }}
|
|
@ -1,221 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}
|
|
||||||
labels:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
heritage: {{ .Release.Service }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
replicas: {{ .Values.replicaCount }}
|
|
||||||
{{- if .Values.updateStrategy }}
|
|
||||||
strategy:
|
|
||||||
{{ toYaml .Values.updateStrategy | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
minReadySeconds: 5
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
{{- if .Values.podLabels }}
|
|
||||||
{{ toYaml .Values.podLabels | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
annotations:
|
|
||||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
|
||||||
{{- if $.Values.podAnnotations }}
|
|
||||||
{{ toYaml $.Values.podAnnotations | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if .Values.imagePullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.priorityClassName }}
|
|
||||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.securityContext.enabled }}
|
|
||||||
securityContext:
|
|
||||||
fsGroup: {{ .Values.securityContext.fsGroup }}
|
|
||||||
runAsUser: {{ .Values.securityContext.runAsUser }}
|
|
||||||
{{- end }}
|
|
||||||
containers:
|
|
||||||
- name: {{ .Chart.Name }}
|
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
||||||
command:
|
|
||||||
- /bin/registry
|
|
||||||
- serve
|
|
||||||
- /etc/docker/registry/config.yml
|
|
||||||
ports:
|
|
||||||
- containerPort: 5000
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
{{- if .Values.tlsSecretName }}
|
|
||||||
scheme: HTTPS
|
|
||||||
{{- end }}
|
|
||||||
path: /
|
|
||||||
port: 5000
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
{{- if .Values.tlsSecretName }}
|
|
||||||
scheme: HTTPS
|
|
||||||
{{- end }}
|
|
||||||
path: /
|
|
||||||
port: 5000
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.resources | indent 12 }}
|
|
||||||
env:
|
|
||||||
{{- if .Values.secrets.htpasswd }}
|
|
||||||
- name: REGISTRY_AUTH
|
|
||||||
value: "htpasswd"
|
|
||||||
- name: REGISTRY_AUTH_HTPASSWD_REALM
|
|
||||||
value: "Registry Realm"
|
|
||||||
- name: REGISTRY_AUTH_HTPASSWD_PATH
|
|
||||||
value: "/auth/htpasswd"
|
|
||||||
{{- end }}
|
|
||||||
- name: REGISTRY_HTTP_SECRET
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
key: haSharedSecret
|
|
||||||
{{- if .Values.tlsSecretName }}
|
|
||||||
- name: REGISTRY_HTTP_TLS_CERTIFICATE
|
|
||||||
value: /etc/ssl/docker/tls.crt
|
|
||||||
- name: REGISTRY_HTTP_TLS_KEY
|
|
||||||
value: /etc/ssl/docker/tls.key
|
|
||||||
{{- end }}
|
|
||||||
{{- if eq .Values.storage "filesystem" }}
|
|
||||||
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
|
|
||||||
value: "/var/lib/registry"
|
|
||||||
{{- else if eq .Values.storage "azure" }}
|
|
||||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
key: azureAccountName
|
|
||||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
key: azureAccountKey
|
|
||||||
- name: REGISTRY_STORAGE_AZURE_CONTAINER
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
key: azureContainer
|
|
||||||
{{- else if eq .Values.storage "s3" }}
|
|
||||||
{{- if and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey }}
|
|
||||||
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
key: s3AccessKey
|
|
||||||
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
key: s3SecretKey
|
|
||||||
{{- end }}
|
|
||||||
- name: REGISTRY_STORAGE_S3_REGION
|
|
||||||
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
|
|
||||||
{{- if .Values.s3.regionEndpoint }}
|
|
||||||
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
|
||||||
value: {{ .Values.s3.regionEndpoint }}
|
|
||||||
{{- end }}
|
|
||||||
- name: REGISTRY_STORAGE_S3_BUCKET
|
|
||||||
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
|
|
||||||
{{- if .Values.s3.encrypt }}
|
|
||||||
- name: REGISTRY_STORAGE_S3_ENCRYPT
|
|
||||||
value: {{ .Values.s3.encrypt | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.s3.secure }}
|
|
||||||
- name: REGISTRY_STORAGE_S3_SECURE
|
|
||||||
value: {{ .Values.s3.secure | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else if eq .Values.storage "swift" }}
|
|
||||||
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
|
|
||||||
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
|
|
||||||
- name: REGISTRY_STORAGE_SWIFT_USERNAME
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
key: swiftUsername
|
|
||||||
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
key: swiftPassword
|
|
||||||
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
|
|
||||||
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.persistence.deleteEnabled }}
|
|
||||||
- name: REGISTRY_STORAGE_DELETE_ENABLED
|
|
||||||
value: "true"
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
|
||||||
{{- if .Values.secrets.htpasswd }}
|
|
||||||
- name: auth
|
|
||||||
mountPath: /auth
|
|
||||||
readOnly: true
|
|
||||||
{{- end }}
|
|
||||||
{{- if eq .Values.storage "filesystem" }}
|
|
||||||
- name: data
|
|
||||||
mountPath: /var/lib/registry/
|
|
||||||
{{- end }}
|
|
||||||
- name: "{{ template "docker-registry.fullname" . }}-config"
|
|
||||||
mountPath: "/etc/docker/registry"
|
|
||||||
{{- if .Values.tlsSecretName }}
|
|
||||||
- mountPath: /etc/ssl/docker
|
|
||||||
name: tls-cert
|
|
||||||
readOnly: true
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.extraVolumeMounts }}
|
|
||||||
{{- toYaml . | nindent 12 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.nodeSelector }}
|
|
||||||
nodeSelector:
|
|
||||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{ toYaml .Values.affinity | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.tolerations }}
|
|
||||||
tolerations:
|
|
||||||
{{ toYaml .Values.tolerations | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
volumes:
|
|
||||||
{{- if .Values.secrets.htpasswd }}
|
|
||||||
- name: auth
|
|
||||||
secret:
|
|
||||||
secretName: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
items:
|
|
||||||
- key: htpasswd
|
|
||||||
path: htpasswd
|
|
||||||
{{- end }}
|
|
||||||
{{- if eq .Values.storage "filesystem" }}
|
|
||||||
- name: data
|
|
||||||
{{- if .Values.persistence.enabled }}
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
|
|
||||||
{{- else }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end }}
|
|
||||||
- name: {{ template "docker-registry.fullname" . }}-config
|
|
||||||
configMap:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-config
|
|
||||||
{{- if .Values.tlsSecretName }}
|
|
||||||
- name: tls-cert
|
|
||||||
secret:
|
|
||||||
secretName: {{ .Values.tlsSecretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.extraVolumes }}
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
@ -1,36 +0,0 @@
|
|||||||
{{- if .Values.ingress.enabled -}}
|
|
||||||
{{- $serviceName := include "docker-registry.fullname" . -}}
|
|
||||||
{{- $servicePort := .Values.service.port -}}
|
|
||||||
{{- $path := .Values.ingress.path -}}
|
|
||||||
apiVersion: {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} networking.k8s.io/v1beta1 {{- else }} extensions/v1beta1 {{- end }}
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}
|
|
||||||
labels:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
heritage: {{ .Release.Service }}
|
|
||||||
{{- if .Values.ingress.labels }}
|
|
||||||
{{ toYaml .Values.ingress.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
annotations:
|
|
||||||
{{- range $key, $value := .Values.ingress.annotations }}
|
|
||||||
{{ $key }}: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
{{- range $host := .Values.ingress.hosts }}
|
|
||||||
- host: {{ $host }}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: {{ $path }}
|
|
||||||
backend:
|
|
||||||
serviceName: {{ $serviceName }}
|
|
||||||
servicePort: {{ $servicePort }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if .Values.ingress.tls }}
|
|
||||||
tls:
|
|
||||||
{{ toYaml .Values.ingress.tls | indent 4 }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
@ -1,17 +0,0 @@
|
|||||||
{{- if .Values.podDisruptionBudget -}}
|
|
||||||
apiVersion: policy/v1beta1
|
|
||||||
kind: PodDisruptionBudget
|
|
||||||
metadata:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}
|
|
||||||
labels:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
heritage: {{ .Release.Service }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
|
|
||||||
{{- end -}}
|
|
@ -1,26 +0,0 @@
|
|||||||
{{- if .Values.persistence.enabled }}
|
|
||||||
{{- if not .Values.persistence.existingClaim -}}
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}
|
|
||||||
labels:
|
|
||||||
app: {{ template "docker-registry.fullname" . }}
|
|
||||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
|
||||||
release: "{{ .Release.Name }}"
|
|
||||||
heritage: "{{ .Release.Service }}"
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- {{ .Values.persistence.accessMode | quote }}
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{ .Values.persistence.size | quote }}
|
|
||||||
{{- if .Values.persistence.storageClass }}
|
|
||||||
{{- if (eq "-" .Values.persistence.storageClass) }}
|
|
||||||
storageClassName: ""
|
|
||||||
{{- else }}
|
|
||||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
@ -1,37 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}-secret
|
|
||||||
labels:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
|
||||||
heritage: {{ .Release.Service }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
{{- if .Values.secrets.htpasswd }}
|
|
||||||
htpasswd: {{ .Values.secrets.htpasswd | b64enc }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.secrets.haSharedSecret }}
|
|
||||||
haSharedSecret: {{ .Values.secrets.haSharedSecret | b64enc | quote }}
|
|
||||||
{{- else }}
|
|
||||||
haSharedSecret: {{ randAlphaNum 16 | b64enc | quote }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if eq .Values.storage "azure" }}
|
|
||||||
{{- if and .Values.secrets.azure.accountName .Values.secrets.azure.accountKey .Values.secrets.azure.container }}
|
|
||||||
azureAccountName: {{ .Values.secrets.azure.accountName | b64enc | quote }}
|
|
||||||
azureAccountKey: {{ .Values.secrets.azure.accountKey | b64enc | quote }}
|
|
||||||
azureContainer: {{ .Values.secrets.azure.container | b64enc | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else if eq .Values.storage "s3" }}
|
|
||||||
{{- if and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey }}
|
|
||||||
s3AccessKey: {{ .Values.secrets.s3.accessKey | b64enc | quote }}
|
|
||||||
s3SecretKey: {{ .Values.secrets.s3.secretKey | b64enc | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else if eq .Values.storage "swift" }}
|
|
||||||
{{- if and .Values.secrets.swift.username .Values.secrets.swift.password }}
|
|
||||||
swiftUsername: {{ .Values.secrets.swift.username | b64enc | quote }}
|
|
||||||
swiftPassword: {{ .Values.secrets.swift.password | b64enc | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@ -1,35 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ template "docker-registry.fullname" . }}
|
|
||||||
labels:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
heritage: {{ .Release.Service }}
|
|
||||||
{{- if .Values.service.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml .Values.service.annotations | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
type: {{ .Values.service.type }}
|
|
||||||
{{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }}
|
|
||||||
clusterIP: {{ .Values.service.clusterIP }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
|
|
||||||
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges))) }}
|
|
||||||
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
|
|
||||||
{{- end }}
|
|
||||||
ports:
|
|
||||||
- port: {{ .Values.service.port }}
|
|
||||||
protocol: TCP
|
|
||||||
name: {{ .Values.service.name }}
|
|
||||||
targetPort: 5000
|
|
||||||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
|
|
||||||
nodePort: {{ .Values.service.nodePort }}
|
|
||||||
{{- end }}
|
|
||||||
selector:
|
|
||||||
app: {{ template "docker-registry.name" . }}
|
|
||||||
release: {{ .Release.Name }}
|
|
@ -1,147 +0,0 @@
|
|||||||
# Default values for docker-registry.
|
|
||||||
# This is a YAML-formatted file.
|
|
||||||
# Declare variables to be passed into your templates.
|
|
||||||
replicaCount: 1
|
|
||||||
|
|
||||||
updateStrategy:
|
|
||||||
# type: RollingUpdate
|
|
||||||
# rollingUpdate:
|
|
||||||
# maxSurge: 1
|
|
||||||
# maxUnavailable: 0
|
|
||||||
|
|
||||||
podAnnotations: {}
|
|
||||||
podLabels: {}
|
|
||||||
|
|
||||||
image:
|
|
||||||
repository: registry
|
|
||||||
tag: 2.7.1
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
# imagePullSecrets:
|
|
||||||
# - name: docker
|
|
||||||
service:
|
|
||||||
name: registry
|
|
||||||
type: ClusterIP
|
|
||||||
# clusterIP:
|
|
||||||
port: 5000
|
|
||||||
# nodePort:
|
|
||||||
# loadBalancerIP:
|
|
||||||
# loadBalancerSourceRanges:
|
|
||||||
annotations: {}
|
|
||||||
# foo.io/bar: "true"
|
|
||||||
ingress:
|
|
||||||
enabled: false
|
|
||||||
path: /
|
|
||||||
# Used to create an Ingress record.
|
|
||||||
hosts:
|
|
||||||
- chart-example.local
|
|
||||||
annotations: {}
|
|
||||||
# kubernetes.io/ingress.class: nginx
|
|
||||||
# kubernetes.io/tls-acme: "true"
|
|
||||||
labels: {}
|
|
||||||
tls:
|
|
||||||
# Secrets must be manually created in the namespace.
|
|
||||||
# - secretName: chart-example-tls
|
|
||||||
# hosts:
|
|
||||||
# - chart-example.local
|
|
||||||
resources: {}
|
|
||||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
||||||
# choice for the user. This also increases chances charts run on environments with little
|
|
||||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
||||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
||||||
# limits:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
# requests:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
persistence:
|
|
||||||
accessMode: 'ReadWriteOnce'
|
|
||||||
enabled: false
|
|
||||||
size: 10Gi
|
|
||||||
# storageClass: '-'
|
|
||||||
|
|
||||||
# set the type of filesystem to use: filesystem, s3
|
|
||||||
storage: filesystem
|
|
||||||
|
|
||||||
# Set this to name of secret for tls certs
|
|
||||||
# tlsSecretName: registry.docker.example.com
|
|
||||||
secrets:
|
|
||||||
haSharedSecret: ""
|
|
||||||
htpasswd: ""
|
|
||||||
# Secrets for Azure
|
|
||||||
# azure:
|
|
||||||
# accountName: ""
|
|
||||||
# accountKey: ""
|
|
||||||
# container: ""
|
|
||||||
# Secrets for S3 access and secret keys
|
|
||||||
# s3:
|
|
||||||
# accessKey: ""
|
|
||||||
# secretKey: ""
|
|
||||||
# Secrets for Swift username and password
|
|
||||||
# swift:
|
|
||||||
# username: ""
|
|
||||||
# password: ""
|
|
||||||
|
|
||||||
# Options for s3 storage type:
|
|
||||||
# s3:
|
|
||||||
# region: us-east-1
|
|
||||||
# regionEndpoint: s3.us-east-1.amazonaws.com
|
|
||||||
# bucket: my-bucket
|
|
||||||
# encrypt: false
|
|
||||||
# secure: true
|
|
||||||
|
|
||||||
# Options for swift storage type:
|
|
||||||
# swift:
|
|
||||||
# authurl: http://swift.example.com/
|
|
||||||
# container: my-container
|
|
||||||
|
|
||||||
configData:
|
|
||||||
version: 0.1
|
|
||||||
log:
|
|
||||||
fields:
|
|
||||||
service: registry
|
|
||||||
storage:
|
|
||||||
cache:
|
|
||||||
blobdescriptor: inmemory
|
|
||||||
http:
|
|
||||||
addr: :5000
|
|
||||||
headers:
|
|
||||||
X-Content-Type-Options: [nosniff]
|
|
||||||
health:
|
|
||||||
storagedriver:
|
|
||||||
enabled: true
|
|
||||||
interval: 10s
|
|
||||||
threshold: 3
|
|
||||||
|
|
||||||
securityContext:
|
|
||||||
enabled: true
|
|
||||||
runAsUser: 1000
|
|
||||||
fsGroup: 1000
|
|
||||||
|
|
||||||
priorityClassName: ""
|
|
||||||
|
|
||||||
podDisruptionBudget: {}
|
|
||||||
# maxUnavailable: 1
|
|
||||||
# minAvailable: 2
|
|
||||||
|
|
||||||
nodeSelector: {}
|
|
||||||
|
|
||||||
affinity: {}
|
|
||||||
|
|
||||||
tolerations: []
|
|
||||||
|
|
||||||
extraVolumeMounts: []
|
|
||||||
## Additional volumeMounts to the registry container.
|
|
||||||
# - mountPath: /secret-data
|
|
||||||
# name: cloudfront-pem-secret
|
|
||||||
# readOnly: true
|
|
||||||
|
|
||||||
extraVolumes: []
|
|
||||||
## Additional volumes to the pod.
|
|
||||||
# - name: cloudfront-pem-secret
|
|
||||||
# secret:
|
|
||||||
# secretName: cloudfront-credentials
|
|
||||||
# items:
|
|
||||||
# - key: cloudfront.pem
|
|
||||||
# path: cloudfront.pem
|
|
||||||
# mode: 511
|
|
Loading…
Reference in New Issue
Block a user