From d78c010ca556a6bfc7650b575180ddf4d0fadc44 Mon Sep 17 00:00:00 2001 From: ddelange <14880945+ddelange@users.noreply.github.com> Date: Fri, 5 Aug 2022 14:11:37 +0200 Subject: [PATCH 1/5] Revert "Make the changes additive" This reverts commit fd7fdcaa441f496a77b23ebba771b03543f1c3df. --- README.md | 2 +- templates/_helpers.tpl | 187 +++++++++++++++++++++++++++++++++ templates/cronjob.yaml | 161 +--------------------------- templates/deployment.yaml | 213 +++++--------------------------------- values.yaml | 1 + 5 files changed, 218 insertions(+), 346 deletions(-) diff --git a/README.md b/README.md index 6f32d81..1a7d2a4 100644 --- a/README.md +++ b/README.md @@ -117,7 +117,7 @@ their default values. | `initContainers` | Init containers to be created in the pod | `[]` | | `garbageCollect.enabled` | If true, will deploy garbage-collector cronjob | `false` | | `garbageCollect.deleteUntagged` | If true, garbage-collector will delete manifests that are not currently referenced via tag | `true` | | -| `garbageCollect.schedule` | CronTab schedule, please use standard crontab format | `0 1 * * *` | | +| `garbageCollect.schedule` | CronTab schedule, please use standard crontab format | `0 1 * * *` | | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index a91077e..0cf03fc 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -22,3 +22,190 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} {{- end -}} + +{{- define "docker-registry.envs" -}} +{{- if .Values.secrets.htpasswd }} +- name: REGISTRY_AUTH + value: "htpasswd" +- name: REGISTRY_AUTH_HTPASSWD_REALM + value: "Registry Realm" +- name: REGISTRY_AUTH_HTPASSWD_PATH + value: "/auth/htpasswd" +{{- end }} + +- name: REGISTRY_HTTP_SECRET + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: haSharedSecret + +{{- if .Values.tlsSecretName }} +- name: REGISTRY_HTTP_TLS_CERTIFICATE + value: /etc/ssl/docker/tls.crt +- name: REGISTRY_HTTP_TLS_KEY + value: /etc/ssl/docker/tls.key +{{- end }} + +{{- if eq .Values.storage "filesystem" }} +- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY + value: "/var/lib/registry" +{{- else if eq .Values.storage "azure" }} +- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: azureAccountName +- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: azureAccountKey +- name: REGISTRY_STORAGE_AZURE_CONTAINER + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: azureContainer +{{- else if eq .Values.storage "s3" }} + +- name: REGISTRY_STORAGE_S3_REGION + value: {{ required ".Values.s3.region is required" .Values.s3.region }} +- name: REGISTRY_STORAGE_S3_BUCKET + value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} + +{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }} +- name: REGISTRY_STORAGE_S3_ACCESSKEY + valueFrom: + secretKeyRef: + name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} + key: s3AccessKey +- name: REGISTRY_STORAGE_S3_SECRETKEY + valueFrom: + secretKeyRef: + name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} + key: s3SecretKey +{{- end }} + +{{- if .Values.s3.regionEndpoint }} +- name: REGISTRY_STORAGE_S3_REGIONENDPOINT + value: {{ .Values.s3.regionEndpoint }} +{{- end }} + +{{- if .Values.s3.rootdirectory }} +- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY + value: {{ .Values.s3.rootdirectory | quote }} +{{- end }} + +{{- if .Values.s3.encrypt }} +- name: REGISTRY_STORAGE_S3_ENCRYPT + value: {{ .Values.s3.encrypt | quote }} +{{- end }} + +{{- if .Values.s3.secure }} +- name: REGISTRY_STORAGE_S3_SECURE + value: {{ .Values.s3.secure | quote }} +{{- end }} + +{{- else if eq .Values.storage "swift" }} +- name: REGISTRY_STORAGE_SWIFT_AUTHURL + value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} +- name: REGISTRY_STORAGE_SWIFT_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: swiftUsername +- name: REGISTRY_STORAGE_SWIFT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: swiftPassword +- name: REGISTRY_STORAGE_SWIFT_CONTAINER + value: {{ required ".Values.swift.container is required" .Values.swift.container }} +{{- end }} + +{{- if .Values.proxy.enabled }} +- name: REGISTRY_PROXY_REMOTEURL + value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }} +- name: REGISTRY_PROXY_USERNAME + valueFrom: + secretKeyRef: + name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} + key: proxyUsername +- name: REGISTRY_PROXY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} + key: proxyPassword +{{- end }} + +{{- if .Values.persistence.deleteEnabled }} +- name: REGISTRY_STORAGE_DELETE_ENABLED + value: "true" +{{- end }} + +{{- with .Values.extraEnvVars }} + {{- toYaml . | nindent 12 }} +{{- end }} + +{{- end -}} + +{{- define "docker-registry.volumeMounts" -}} +- name: "{{ template "docker-registry.fullname" . }}-config" + mountPath: "/etc/docker/registry" + +{{- if .Values.secrets.htpasswd }} +- name: auth + mountPath: /auth + readOnly: true +{{- end }} + +{{- if eq .Values.storage "filesystem" }} +- name: data + mountPath: /var/lib/registry/ +{{- end }} + +{{- if .Values.tlsSecretName }} +- mountPath: /etc/ssl/docker + name: tls-cert + readOnly: true +{{- end }} + +{{- with .Values.extraVolumeMounts }} +{{- toYaml . }} +{{- end }} + +{{- end -}} + +{{- define "docker-registry.volumes" -}} +- name: {{ template "docker-registry.fullname" . }}-config + configMap: + name: {{ template "docker-registry.fullname" . }}-config + +{{- if .Values.secrets.htpasswd }} +- name: auth + secret: + secretName: {{ template "docker-registry.fullname" . }}-secret + items: + - key: htpasswd + path: htpasswd +{{- end }} + +{{- if eq .Values.storage "filesystem" }} +- name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }} + {{- else }} + emptyDir: {} + {{- end -}} +{{- end }} + +{{- if .Values.tlsSecretName }} +- name: tls-cert + secret: + secretName: {{ .Values.tlsSecretName }} +{{- end }} + +{{- with .Values.extraVolumes }} +{{- toYaml . }} +{{- end }} +{{- end -}} diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml index f784469..6cf1253 100644 --- a/templates/cronjob.yaml +++ b/templates/cronjob.yaml @@ -31,135 +31,8 @@ spec: - garbage-collect - --delete-untagged={{ .Values.garbageCollect.deleteUntagged }} - /etc/docker/registry/config.yml - env: -{{- if .Values.secrets.htpasswd }} - - name: REGISTRY_AUTH - value: "htpasswd" - - name: REGISTRY_AUTH_HTPASSWD_REALM - value: "Registry Realm" - - name: REGISTRY_AUTH_HTPASSWD_PATH - value: "/auth/htpasswd" -{{- end }} - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: haSharedSecret -{{- if .Values.tlsSecretName }} - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: /etc/ssl/docker/tls.crt - - name: REGISTRY_HTTP_TLS_KEY - value: /etc/ssl/docker/tls.key -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: "/var/lib/registry" -{{- else if eq .Values.storage "azure" }} - - name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountName - - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountKey - - name: REGISTRY_STORAGE_AZURE_CONTAINER - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureContainer -{{- else if eq .Values.storage "s3" }} - {{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }} - - name: REGISTRY_STORAGE_S3_ACCESSKEY - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: s3AccessKey - - name: REGISTRY_STORAGE_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: s3SecretKey - {{- end }} - - name: REGISTRY_STORAGE_S3_REGION - value: {{ required ".Values.s3.region is required" .Values.s3.region }} - {{- if .Values.s3.regionEndpoint }} - - name: REGISTRY_STORAGE_S3_REGIONENDPOINT - value: {{ .Values.s3.regionEndpoint }} - {{- end }} - - name: REGISTRY_STORAGE_S3_BUCKET - value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} - {{- if .Values.s3.rootdirectory }} - - name: REGISTRY_STORAGE_S3_ROOTDIRECTORY - value: {{ .Values.s3.rootdirectory | quote }} - {{- end }} - {{- if .Values.s3.encrypt }} - - name: REGISTRY_STORAGE_S3_ENCRYPT - value: {{ .Values.s3.encrypt | quote }} - {{- end }} - {{- if .Values.s3.secure }} - - name: REGISTRY_STORAGE_S3_SECURE - value: {{ .Values.s3.secure | quote }} - {{- end }} -{{- else if eq .Values.storage "swift" }} - - name: REGISTRY_STORAGE_SWIFT_AUTHURL - value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} - - name: REGISTRY_STORAGE_SWIFT_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftUsername - - name: REGISTRY_STORAGE_SWIFT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftPassword - - name: REGISTRY_STORAGE_SWIFT_CONTAINER - value: {{ required ".Values.swift.container is required" .Values.swift.container }} -{{- end }} -{{- if .Values.proxy.enabled }} - - name: REGISTRY_PROXY_REMOTEURL - value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }} - - name: REGISTRY_PROXY_USERNAME - valueFrom: - secretKeyRef: - name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: proxyUsername - - name: REGISTRY_PROXY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: proxyPassword -{{- end }} -{{- if .Values.persistence.deleteEnabled }} - - name: REGISTRY_STORAGE_DELETE_ENABLED - value: "true" -{{- end }} -{{- with .Values.extraEnvVars }} - {{- toYaml . | nindent 14 }} -{{- end }} - volumeMounts: -{{- if .Values.secrets.htpasswd }} - - name: auth - mountPath: /auth - readOnly: true -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - mountPath: /var/lib/registry/ -{{- end }} - - name: "{{ template "docker-registry.fullname" . }}-config" - mountPath: "/etc/docker/registry" -{{- if .Values.tlsSecretName }} - - mountPath: /etc/ssl/docker - name: tls-cert - readOnly: true -{{- end }} -{{- with .Values.extraVolumeMounts }} - {{- toYaml . | nindent 16 }} -{{- end }} + env: {{ include "docker-registry.envs" . | nindent 16 }} + volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 16 }} restartPolicy: OnFailure {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }} @@ -170,33 +43,5 @@ spec: {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | nindent 12 }} {{- end }} - volumes: -{{- if .Values.secrets.htpasswd }} - - name: auth - secret: - secretName: {{ template "docker-registry.fullname" . }}-secret - items: - - key: htpasswd - path: htpasswd -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end -}} -{{- end }} - - name: {{ template "docker-registry.fullname" . }}-config - configMap: - name: {{ template "docker-registry.fullname" . }}-config -{{- if .Values.tlsSecretName }} - - name: tls-cert - secret: - secretName: {{ .Values.tlsSecretName }} -{{- end }} -{{- with .Values.extraVolumes }} - {{- toYaml . | nindent 12 }} -{{- end }} + volumes: {{ include "docker-registry.volumes" . | nindent 12 }} {{- end }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 88b941e..ab77236 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -14,18 +14,17 @@ spec: app: {{ template "docker-registry.name" . }} release: {{ .Release.Name }} replicas: {{ .Values.replicaCount }} -{{- if .Values.updateStrategy }} - strategy: -{{ toYaml .Values.updateStrategy | indent 4 }} -{{- end }} + {{- if .Values.updateStrategy }} + strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} minReadySeconds: 5 template: metadata: labels: app: {{ template "docker-registry.name" . }} release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} + {{- with .Values.podLabels }} + {{ toYaml . | nindent 8 }} {{- end }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} @@ -38,13 +37,12 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }} {{- end }} {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} -{{- if .Values.priorityClassName }} + {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" -{{- end }} -{{- if .Values.securityContext.enabled }} + {{- end }} + {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} runAsUser: {{ .Values.securityContext.runAsUser }} @@ -70,187 +68,28 @@ spec: {{- end }} livenessProbe: httpGet: -{{- if .Values.tlsSecretName }} + {{- if .Values.tlsSecretName }} scheme: HTTPS -{{- end }} + {{- end }} path: / port: 5000 readinessProbe: httpGet: -{{- if .Values.tlsSecretName }} + {{- if .Values.tlsSecretName }} scheme: HTTPS -{{- end }} + {{- end }} path: / port: 5000 - resources: -{{ toYaml .Values.resources | indent 12 }} - env: -{{- if .Values.secrets.htpasswd }} - - name: REGISTRY_AUTH - value: "htpasswd" - - name: REGISTRY_AUTH_HTPASSWD_REALM - value: "Registry Realm" - - name: REGISTRY_AUTH_HTPASSWD_PATH - value: "/auth/htpasswd" -{{- end }} - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: haSharedSecret -{{- if .Values.tlsSecretName }} - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: /etc/ssl/docker/tls.crt - - name: REGISTRY_HTTP_TLS_KEY - value: /etc/ssl/docker/tls.key -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: "/var/lib/registry" -{{- else if eq .Values.storage "azure" }} - - name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountName - - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountKey - - name: REGISTRY_STORAGE_AZURE_CONTAINER - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureContainer -{{- else if eq .Values.storage "s3" }} - {{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }} - - name: REGISTRY_STORAGE_S3_ACCESSKEY - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: s3AccessKey - - name: REGISTRY_STORAGE_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: s3SecretKey - {{- end }} - - name: REGISTRY_STORAGE_S3_REGION - value: {{ required ".Values.s3.region is required" .Values.s3.region }} - {{- if .Values.s3.regionEndpoint }} - - name: REGISTRY_STORAGE_S3_REGIONENDPOINT - value: {{ .Values.s3.regionEndpoint }} - {{- end }} - - name: REGISTRY_STORAGE_S3_BUCKET - value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} - {{- if .Values.s3.rootdirectory }} - - name: REGISTRY_STORAGE_S3_ROOTDIRECTORY - value: {{ .Values.s3.rootdirectory | quote }} - {{- end }} - {{- if .Values.s3.encrypt }} - - name: REGISTRY_STORAGE_S3_ENCRYPT - value: {{ .Values.s3.encrypt | quote }} - {{- end }} - {{- if .Values.s3.secure }} - - name: REGISTRY_STORAGE_S3_SECURE - value: {{ .Values.s3.secure | quote }} - {{- end }} -{{- else if eq .Values.storage "swift" }} - - name: REGISTRY_STORAGE_SWIFT_AUTHURL - value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} - - name: REGISTRY_STORAGE_SWIFT_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftUsername - - name: REGISTRY_STORAGE_SWIFT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftPassword - - name: REGISTRY_STORAGE_SWIFT_CONTAINER - value: {{ required ".Values.swift.container is required" .Values.swift.container }} -{{- end }} -{{- if .Values.proxy.enabled }} - - name: REGISTRY_PROXY_REMOTEURL - value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }} - - name: REGISTRY_PROXY_USERNAME - valueFrom: - secretKeyRef: - name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: proxyUsername - - name: REGISTRY_PROXY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: proxyPassword -{{- end }} -{{- if .Values.persistence.deleteEnabled }} - - name: REGISTRY_STORAGE_DELETE_ENABLED - value: "true" -{{- end }} -{{- with .Values.extraEnvVars }} - {{- toYaml . | nindent 12 }} -{{- end }} - volumeMounts: -{{- if .Values.secrets.htpasswd }} - - name: auth - mountPath: /auth - readOnly: true -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - mountPath: /var/lib/registry/ -{{- end }} - - name: "{{ template "docker-registry.fullname" . }}-config" - mountPath: "/etc/docker/registry" -{{- if .Values.tlsSecretName }} - - mountPath: /etc/ssl/docker - name: tls-cert - readOnly: true -{{- end }} -{{- with .Values.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - volumes: -{{- if .Values.secrets.htpasswd }} - - name: auth - secret: - secretName: {{ template "docker-registry.fullname" . }}-secret - items: - - key: htpasswd - path: htpasswd -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end -}} -{{- end }} - - name: {{ template "docker-registry.fullname" . }}-config - configMap: - name: {{ template "docker-registry.fullname" . }}-config -{{- if .Values.tlsSecretName }} - - name: tls-cert - secret: - secretName: {{ .Values.tlsSecretName }} -{{- end }} -{{- with .Values.extraVolumes }} - {{- toYaml . | nindent 8 }} -{{- end }} + resources: {{ toYaml .Values.resources | nindent 12 }} + env: {{ include "docker-registry.envs" . | nindent 12 }} + volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{ toYaml .Values.tolerations | nindent 8 }} + {{- end }} + volumes: {{ include "docker-registry.volumes" . | nindent 8 }} diff --git a/values.yaml b/values.yaml index 8285f67..b1d28cd 100644 --- a/values.yaml +++ b/values.yaml @@ -80,6 +80,7 @@ secrets: azure: {} s3: {} swift: {} + # Secrets for Azure # azure: # accountName: "" From fb2132a0c778a41ff4a73ad0f0a393a97a02d383 Mon Sep 17 00:00:00 2001 From: ddelange <14880945+ddelange@users.noreply.github.com> Date: Mon, 8 Aug 2022 10:57:43 +0200 Subject: [PATCH 2/5] PR Suggestions --- templates/cronjob.yaml | 20 ++++++++++++++++++++ values.yaml | 5 ----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml index 6cf1253..08acbb0 100644 --- a/templates/cronjob.yaml +++ b/templates/cronjob.yaml @@ -3,6 +3,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: {{ template "docker-registry.fullname" . }}-garbage-collector + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: app: {{ template "docker-registry.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -11,12 +12,31 @@ metadata: spec: schedule: {{ .Values.garbageCollect.schedule | quote }} jobTemplate: + metadata: + labels: + app: {{ template "docker-registry.name" . }} + release: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- if $.Values.podAnnotations }} +{{ toYaml $.Values.podAnnotations | indent 8 }} +{{- end }} spec: template: spec: + {{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }} + serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }} + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 12 }} {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} diff --git a/values.yaml b/values.yaml index b1d28cd..074a386 100644 --- a/values.yaml +++ b/values.yaml @@ -77,9 +77,6 @@ storage: filesystem secrets: haSharedSecret: "" htpasswd: "" - azure: {} - s3: {} - swift: {} # Secrets for Azure # azure: @@ -97,7 +94,6 @@ secrets: # username: "" # password: "" -s3: {} # Options for s3 storage type: # s3: # region: us-east-1 @@ -107,7 +103,6 @@ s3: {} # encrypt: false # secure: true -swift: {} # Options for swift storage type: # swift: # authurl: http://swift.example.com/ From 5a831ab9d35f2744a5a81d8cb1ba60edb88e3416 Mon Sep 17 00:00:00 2001 From: ddelange <14880945+ddelange@users.noreply.github.com> Date: Tue, 9 Aug 2022 22:00:43 +0300 Subject: [PATCH 3/5] :fire: Remove merge remnant --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d5cf1ba..a4d6efb 100644 --- a/README.md +++ b/README.md @@ -117,7 +117,7 @@ their default values. | `initContainers` | Init containers to be created in the pod | `[]` | | `garbageCollect.enabled` | If true, will deploy garbage-collector cronjob | `false` | | `garbageCollect.deleteUntagged` | If true, garbage-collector will delete manifests that are not currently referenced via tag | `true` | | -| `garbageCollect.schedule` | CronTab schedule, please use standard crontab format | `0 1 * * *` | | +| `garbageCollect.schedule` | CronTab schedule, please use standard crontab format | `0 1 * * *` | | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. From 52a5d4ba15981b1b6f26239540a4036da6527cee Mon Sep 17 00:00:00 2001 From: ddelange <14880945+ddelange@users.noreply.github.com> Date: Wed, 10 Aug 2022 09:05:50 +0200 Subject: [PATCH 4/5] Fix extraEnvVars indentation, remove env whitespaces --- templates/_helpers.tpl | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 0cf03fc..c6266d5 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -24,6 +24,12 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- define "docker-registry.envs" -}} +- name: REGISTRY_HTTP_SECRET + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: haSharedSecret + {{- if .Values.secrets.htpasswd }} - name: REGISTRY_AUTH value: "htpasswd" @@ -33,18 +39,12 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this value: "/auth/htpasswd" {{- end }} -- name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: haSharedSecret - {{- if .Values.tlsSecretName }} - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/ssl/docker/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/ssl/docker/tls.key -{{- end }} +{{- end -}} {{- if eq .Values.storage "filesystem" }} - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY @@ -66,12 +66,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this name: {{ template "docker-registry.fullname" . }}-secret key: azureContainer {{- else if eq .Values.storage "s3" }} - - name: REGISTRY_STORAGE_S3_REGION value: {{ required ".Values.s3.region is required" .Values.s3.region }} - name: REGISTRY_STORAGE_S3_BUCKET value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} - {{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }} - name: REGISTRY_STORAGE_S3_ACCESSKEY valueFrom: @@ -83,27 +81,27 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this secretKeyRef: name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} key: s3SecretKey -{{- end }} +{{- end -}} {{- if .Values.s3.regionEndpoint }} - name: REGISTRY_STORAGE_S3_REGIONENDPOINT value: {{ .Values.s3.regionEndpoint }} -{{- end }} +{{- end -}} {{- if .Values.s3.rootdirectory }} - name: REGISTRY_STORAGE_S3_ROOTDIRECTORY value: {{ .Values.s3.rootdirectory | quote }} -{{- end }} +{{- end -}} {{- if .Values.s3.encrypt }} - name: REGISTRY_STORAGE_S3_ENCRYPT value: {{ .Values.s3.encrypt | quote }} -{{- end }} +{{- end -}} {{- if .Values.s3.secure }} - name: REGISTRY_STORAGE_S3_SECURE value: {{ .Values.s3.secure | quote }} -{{- end }} +{{- end -}} {{- else if eq .Values.storage "swift" }} - name: REGISTRY_STORAGE_SWIFT_AUTHURL @@ -120,7 +118,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this key: swiftPassword - name: REGISTRY_STORAGE_SWIFT_CONTAINER value: {{ required ".Values.swift.container is required" .Values.swift.container }} -{{- end }} +{{- end -}} {{- if .Values.proxy.enabled }} - name: REGISTRY_PROXY_REMOTEURL @@ -135,16 +133,16 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this secretKeyRef: name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} key: proxyPassword -{{- end }} +{{- end -}} {{- if .Values.persistence.deleteEnabled }} - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" -{{- end }} +{{- end -}} {{- with .Values.extraEnvVars }} - {{- toYaml . | nindent 12 }} -{{- end }} +{{ toYaml . }} +{{- end -}} {{- end -}} From b4b319496c00c711ca5400e805f31e436413c999 Mon Sep 17 00:00:00 2001 From: ddelange <14880945+ddelange@users.noreply.github.com> Date: Wed, 10 Aug 2022 10:08:13 +0200 Subject: [PATCH 5/5] Fix more indentations --- templates/cronjob.yaml | 6 +++--- templates/deployment.yaml | 20 ++++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml index 08acbb0..3a04680 100644 --- a/templates/cronjob.yaml +++ b/templates/cronjob.yaml @@ -22,9 +22,9 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- if $.Values.podAnnotations }} -{{ toYaml $.Values.podAnnotations | indent 8 }} -{{- end }} + {{- if .Values.podAnnotations }} + {{ toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} spec: template: spec: diff --git a/templates/deployment.yaml b/templates/deployment.yaml index ab77236..6d2ff0e 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -29,13 +29,13 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- if $.Values.podAnnotations }} -{{ toYaml $.Values.podAnnotations | indent 8 }} -{{- end }} + {{- if .Values.podAnnotations }} + {{ toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} spec: -{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }} + {{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }} serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }} -{{- end }} + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} @@ -46,11 +46,11 @@ spec: securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} runAsUser: {{ .Values.securityContext.runAsUser }} -{{- end }} -{{- with .Values.initContainers }} + {{- end }} + {{- with .Values.initContainers }} initContainers: {{- toYaml . | nindent 8 }} -{{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -61,11 +61,11 @@ spec: - /etc/docker/registry/config.yml ports: - containerPort: 5000 -{{- if .Values.metrics.enabled }} + {{- if .Values.metrics.enabled }} - containerPort: {{ (split ":" .Values.configData.http.debug.addr)._1 }} name: http-metrics protocol: TCP -{{- end }} + {{- end }} livenessProbe: httpGet: {{- if .Values.tlsSecretName }}