mirror of
https://github.com/twuni/docker-registry.helm.git
synced 2026-05-06 01:26:33 +00:00
Merge pull request #62 from ddelange/garbage-collector
♻️ Deduplicate definitions from deployment and cronjob
This commit is contained in:
Devin Canterberry
GitHub
@@ -22,3 +22,188 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "docker-registry.envs" -}}
|
||||
- name: REGISTRY_HTTP_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: haSharedSecret
|
||||
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: REGISTRY_AUTH
|
||||
value: "htpasswd"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_REALM
|
||||
value: "Registry Realm"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_PATH
|
||||
value: "/auth/htpasswd"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: REGISTRY_HTTP_TLS_CERTIFICATE
|
||||
value: /etc/ssl/docker/tls.crt
|
||||
- name: REGISTRY_HTTP_TLS_KEY
|
||||
value: /etc/ssl/docker/tls.key
|
||||
{{- end -}}
|
||||
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
|
||||
value: "/var/lib/registry"
|
||||
{{- else if eq .Values.storage "azure" }}
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountName
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountKey
|
||||
- name: REGISTRY_STORAGE_AZURE_CONTAINER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureContainer
|
||||
{{- else if eq .Values.storage "s3" }}
|
||||
- name: REGISTRY_STORAGE_S3_REGION
|
||||
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
|
||||
- name: REGISTRY_STORAGE_S3_BUCKET
|
||||
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
|
||||
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
|
||||
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3AccessKey
|
||||
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3SecretKey
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.s3.regionEndpoint }}
|
||||
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
||||
value: {{ .Values.s3.regionEndpoint }}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.s3.rootdirectory }}
|
||||
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
|
||||
value: {{ .Values.s3.rootdirectory | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.s3.encrypt }}
|
||||
- name: REGISTRY_STORAGE_S3_ENCRYPT
|
||||
value: {{ .Values.s3.encrypt | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.s3.secure }}
|
||||
- name: REGISTRY_STORAGE_S3_SECURE
|
||||
value: {{ .Values.s3.secure | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- else if eq .Values.storage "swift" }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
|
||||
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftUsername
|
||||
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftPassword
|
||||
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
|
||||
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.proxy.enabled }}
|
||||
- name: REGISTRY_PROXY_REMOTEURL
|
||||
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
|
||||
- name: REGISTRY_PROXY_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyUsername
|
||||
- name: REGISTRY_PROXY_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyPassword
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.persistence.deleteEnabled }}
|
||||
- name: REGISTRY_STORAGE_DELETE_ENABLED
|
||||
value: "true"
|
||||
{{- end -}}
|
||||
|
||||
{{- with .Values.extraEnvVars }}
|
||||
{{ toYaml . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- define "docker-registry.volumeMounts" -}}
|
||||
- name: "{{ template "docker-registry.fullname" . }}-config"
|
||||
mountPath: "/etc/docker/registry"
|
||||
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
mountPath: /auth
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
mountPath: /var/lib/registry/
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- mountPath: /etc/ssl/docker
|
||||
name: tls-cert
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- define "docker-registry.volumes" -}}
|
||||
- name: {{ template "docker-registry.fullname" . }}-config
|
||||
configMap:
|
||||
name: {{ template "docker-registry.fullname" . }}-config
|
||||
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
secret:
|
||||
secretName: {{ template "docker-registry.fullname" . }}-secret
|
||||
items:
|
||||
- key: htpasswd
|
||||
path: htpasswd
|
||||
{{- end }}
|
||||
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: tls-cert
|
||||
secret:
|
||||
secretName: {{ .Values.tlsSecretName }}
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -22,9 +22,9 @@ spec:
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- if $.Values.podAnnotations }}
|
||||
{{ toYaml $.Values.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
{{ toYaml .Values.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
@@ -51,135 +51,8 @@ spec:
|
||||
- garbage-collect
|
||||
- --delete-untagged={{ .Values.garbageCollect.deleteUntagged }}
|
||||
- /etc/docker/registry/config.yml
|
||||
env:
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: REGISTRY_AUTH
|
||||
value: "htpasswd"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_REALM
|
||||
value: "Registry Realm"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_PATH
|
||||
value: "/auth/htpasswd"
|
||||
{{- end }}
|
||||
- name: REGISTRY_HTTP_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: haSharedSecret
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: REGISTRY_HTTP_TLS_CERTIFICATE
|
||||
value: /etc/ssl/docker/tls.crt
|
||||
- name: REGISTRY_HTTP_TLS_KEY
|
||||
value: /etc/ssl/docker/tls.key
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
|
||||
value: "/var/lib/registry"
|
||||
{{- else if eq .Values.storage "azure" }}
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountName
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountKey
|
||||
- name: REGISTRY_STORAGE_AZURE_CONTAINER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureContainer
|
||||
{{- else if eq .Values.storage "s3" }}
|
||||
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
|
||||
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3AccessKey
|
||||
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3SecretKey
|
||||
{{- end }}
|
||||
- name: REGISTRY_STORAGE_S3_REGION
|
||||
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
|
||||
{{- if .Values.s3.regionEndpoint }}
|
||||
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
||||
value: {{ .Values.s3.regionEndpoint }}
|
||||
{{- end }}
|
||||
- name: REGISTRY_STORAGE_S3_BUCKET
|
||||
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
|
||||
{{- if .Values.s3.rootdirectory }}
|
||||
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
|
||||
value: {{ .Values.s3.rootdirectory | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.s3.encrypt }}
|
||||
- name: REGISTRY_STORAGE_S3_ENCRYPT
|
||||
value: {{ .Values.s3.encrypt | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.s3.secure }}
|
||||
- name: REGISTRY_STORAGE_S3_SECURE
|
||||
value: {{ .Values.s3.secure | quote }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.storage "swift" }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
|
||||
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftUsername
|
||||
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftPassword
|
||||
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
|
||||
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
|
||||
{{- end }}
|
||||
{{- if .Values.proxy.enabled }}
|
||||
- name: REGISTRY_PROXY_REMOTEURL
|
||||
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
|
||||
- name: REGISTRY_PROXY_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyUsername
|
||||
- name: REGISTRY_PROXY_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyPassword
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.deleteEnabled }}
|
||||
- name: REGISTRY_STORAGE_DELETE_ENABLED
|
||||
value: "true"
|
||||
{{- end }}
|
||||
{{- with .Values.extraEnvVars }}
|
||||
{{- toYaml . | nindent 14 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
mountPath: /auth
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
mountPath: /var/lib/registry/
|
||||
{{- end }}
|
||||
- name: "{{ template "docker-registry.fullname" . }}-config"
|
||||
mountPath: "/etc/docker/registry"
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- mountPath: /etc/ssl/docker
|
||||
name: tls-cert
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 16 }}
|
||||
{{- end }}
|
||||
env: {{ include "docker-registry.envs" . | nindent 16 }}
|
||||
volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 16 }}
|
||||
restartPolicy: OnFailure
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
|
||||
@@ -190,33 +63,5 @@ spec:
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations: {{ toYaml .Values.tolerations | nindent 12 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
secret:
|
||||
secretName: {{ template "docker-registry.fullname" . }}-secret
|
||||
items:
|
||||
- key: htpasswd
|
||||
path: htpasswd
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
- name: {{ template "docker-registry.fullname" . }}-config
|
||||
configMap:
|
||||
name: {{ template "docker-registry.fullname" . }}-config
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: tls-cert
|
||||
secret:
|
||||
secretName: {{ .Values.tlsSecretName }}
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
volumes: {{ include "docker-registry.volumes" . | nindent 12 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -14,45 +14,43 @@ spec:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
{{- if .Values.updateStrategy }}
|
||||
strategy:
|
||||
{{ toYaml .Values.updateStrategy | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateStrategy }}
|
||||
strategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
minReadySeconds: 5
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- if .Values.podLabels }}
|
||||
{{ toYaml .Values.podLabels | indent 8 }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- if $.Values.podAnnotations }}
|
||||
{{ toYaml $.Values.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
{{ toYaml .Values.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }}
|
||||
{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }}
|
||||
serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
securityContext:
|
||||
fsGroup: {{ .Values.securityContext.fsGroup }}
|
||||
runAsUser: {{ .Values.securityContext.runAsUser }}
|
||||
{{- end }}
|
||||
{{- with .Values.initContainers }}
|
||||
{{- end }}
|
||||
{{- with .Values.initContainers }}
|
||||
initContainers:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
@@ -63,194 +61,35 @@ spec:
|
||||
- /etc/docker/registry/config.yml
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
{{- if .Values.metrics.enabled }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- containerPort: {{ (split ":" .Values.configData.http.debug.addr)._1 }}
|
||||
name: http-metrics
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
{{- if .Values.tlsSecretName }}
|
||||
{{- if .Values.tlsSecretName }}
|
||||
scheme: HTTPS
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
path: /
|
||||
port: 5000
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
{{- if .Values.tlsSecretName }}
|
||||
{{- if .Values.tlsSecretName }}
|
||||
scheme: HTTPS
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
path: /
|
||||
port: 5000
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 12 }}
|
||||
env:
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: REGISTRY_AUTH
|
||||
value: "htpasswd"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_REALM
|
||||
value: "Registry Realm"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_PATH
|
||||
value: "/auth/htpasswd"
|
||||
{{- end }}
|
||||
- name: REGISTRY_HTTP_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: haSharedSecret
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: REGISTRY_HTTP_TLS_CERTIFICATE
|
||||
value: /etc/ssl/docker/tls.crt
|
||||
- name: REGISTRY_HTTP_TLS_KEY
|
||||
value: /etc/ssl/docker/tls.key
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
|
||||
value: "/var/lib/registry"
|
||||
{{- else if eq .Values.storage "azure" }}
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountName
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountKey
|
||||
- name: REGISTRY_STORAGE_AZURE_CONTAINER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureContainer
|
||||
{{- else if eq .Values.storage "s3" }}
|
||||
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
|
||||
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3AccessKey
|
||||
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3SecretKey
|
||||
{{- end }}
|
||||
- name: REGISTRY_STORAGE_S3_REGION
|
||||
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
|
||||
{{- if .Values.s3.regionEndpoint }}
|
||||
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
||||
value: {{ .Values.s3.regionEndpoint }}
|
||||
{{- end }}
|
||||
- name: REGISTRY_STORAGE_S3_BUCKET
|
||||
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
|
||||
{{- if .Values.s3.rootdirectory }}
|
||||
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
|
||||
value: {{ .Values.s3.rootdirectory | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.s3.encrypt }}
|
||||
- name: REGISTRY_STORAGE_S3_ENCRYPT
|
||||
value: {{ .Values.s3.encrypt | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.s3.secure }}
|
||||
- name: REGISTRY_STORAGE_S3_SECURE
|
||||
value: {{ .Values.s3.secure | quote }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.storage "swift" }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
|
||||
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftUsername
|
||||
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftPassword
|
||||
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
|
||||
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
|
||||
{{- end }}
|
||||
{{- if .Values.proxy.enabled }}
|
||||
- name: REGISTRY_PROXY_REMOTEURL
|
||||
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
|
||||
- name: REGISTRY_PROXY_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyUsername
|
||||
- name: REGISTRY_PROXY_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyPassword
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.deleteEnabled }}
|
||||
- name: REGISTRY_STORAGE_DELETE_ENABLED
|
||||
value: "true"
|
||||
{{- end }}
|
||||
{{- with .Values.extraEnvVars }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
mountPath: /auth
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
mountPath: /var/lib/registry/
|
||||
{{- end }}
|
||||
- name: "{{ template "docker-registry.fullname" . }}-config"
|
||||
mountPath: "/etc/docker/registry"
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- mountPath: /etc/ssl/docker
|
||||
name: tls-cert
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
secret:
|
||||
secretName: {{ template "docker-registry.fullname" . }}-secret
|
||||
items:
|
||||
- key: htpasswd
|
||||
path: htpasswd
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
- name: {{ template "docker-registry.fullname" . }}-config
|
||||
configMap:
|
||||
name: {{ template "docker-registry.fullname" . }}-config
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: tls-cert
|
||||
secret:
|
||||
secretName: {{ .Values.tlsSecretName }}
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
resources: {{ toYaml .Values.resources | nindent 12 }}
|
||||
env: {{ include "docker-registry.envs" . | nindent 12 }}
|
||||
volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 12 }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity: {{ toYaml .Values.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes: {{ include "docker-registry.volumes" . | nindent 8 }}
|
||||
|
||||
Reference in New Issue
Block a user