mirror of
https://github.com/twuni/docker-registry.helm.git
synced 2026-02-19 22:59:50 +00:00
Compare commits
57 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
95ab1afa98 | ||
|
|
471cb14632 | ||
|
|
8707c92f64 | ||
|
7e099191b3 | ||
|
23608f3fa7 | ||
|
|
9023f38343 | ||
|
|
4a6440da88 | ||
|
|
4b69284642 | ||
|
|
4091345244 | ||
|
|
9b65310c58 | ||
|
|
d6f9bdc4f1 | ||
|
|
c4e5c3860c | ||
|
|
f7c99a3dd4 | ||
|
|
94d36dc9cd | ||
|
|
186e23c219 | ||
|
|
b4b319496c | ||
|
|
52a5d4ba15 | ||
|
|
5a831ab9d3 | ||
|
|
f22f42d2b2 | ||
|
|
411fd99f68 | ||
|
|
171632afef | ||
|
|
25bf25dda1 | ||
|
|
76ff283a25 | ||
|
|
fb2132a0c7 | ||
|
|
d78c010ca5 | ||
|
|
fd7fdcaa44 | ||
|
|
3b4ff679f8 | ||
|
|
79c14893af | ||
|
257d223141 | ||
|
|
29a0863ee2 | ||
|
|
f158323875 | ||
|
39788072e6 | ||
|
|
0b6729f21d | ||
|
|
b5ad18ea83 | ||
|
|
297f860dd6 | ||
|
c91c8139c5 | ||
|
|
4b5531d4ef | ||
|
|
489a5a25d9 | ||
|
|
2884368a08 | ||
|
5d738bd9e7 | ||
|
98bdab8c45 | ||
|
|
2703d08224 | ||
|
|
62c5b344a9 | ||
|
266b0ea8d8 | ||
|
|
e224a31190 | ||
|
|
a36de54d0c | ||
|
2b24174cea | ||
|
|
2fd6d8fbf0 | ||
|
|
6305476063 | ||
|
|
cfb7daa4e4 | ||
|
851575797a | ||
|
|
489a0cfe5e | ||
|
|
f38b9b4a58 | ||
|
a95a3480c6 | ||
|
|
c855e53b9e | ||
|
|
944cf7eb62 | ||
|
|
2726d10083 |
52
.github/workflows/pr_diff.yaml
vendored
Normal file
52
.github/workflows/pr_diff.yaml
vendored
Normal file
@@ -0,0 +1,52 @@
|
||||
name: PR Diff for Helm chart
|
||||
on:
|
||||
pull_request:
|
||||
pull_request_target:
|
||||
|
||||
permissions:
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
diff:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: azure/setup-helm@v3
|
||||
- name: Run diff
|
||||
id: diff
|
||||
run: |
|
||||
OPTIONS=(
|
||||
--set serviceAccount.create=true
|
||||
--set priorityClassName=high
|
||||
--set podAnnotations.test=annotation
|
||||
--set extraEnvVars[0].name=TEST_NAME
|
||||
--set extraEnvVars[0].value=TEST_VALUE
|
||||
--set secrets.htpasswd=abc
|
||||
--set tlsSecretName=abc
|
||||
--set garbageCollect.enabled=true
|
||||
--set proxy.enabled=true
|
||||
--set storage=s3
|
||||
--set secrets.s3.secretKey=abc
|
||||
--set secrets.s3.accessKey=def
|
||||
--set s3.region=us-42
|
||||
--set s3.bucket=abc
|
||||
--set s3.encrypt=abc
|
||||
)
|
||||
helm template --debug ${OPTIONS[@]} --output-dir before ${{ github.server_url }}/${{ github.repository }}/archive/refs/heads/${{ github.base_ref }}.tar.gz
|
||||
helm template --debug ${OPTIONS[@]} --output-dir after .
|
||||
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
|
||||
echo 'HELM_DIFF<<EOF' >> $GITHUB_ENV
|
||||
echo "$(diff -ur before after)" >> $GITHUB_ENV
|
||||
echo 'EOF' >> $GITHUB_ENV
|
||||
- uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443
|
||||
with:
|
||||
message: |
|
||||
Running a `helm template` smoketest on commit ${{ github.ref }} results in the following diff against `${{ github.base_ref }}`:
|
||||
|
||||
<details><summary>diff</summary><p>
|
||||
|
||||
```diff
|
||||
${{ env.HELM_DIFF }}
|
||||
```
|
||||
|
||||
</p></details>
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
description: A Helm chart for Docker Registry
|
||||
name: docker-registry
|
||||
version: 1.14.0
|
||||
version: 2.2.1
|
||||
appVersion: 2.7.1
|
||||
home: https://hub.docker.com/_/registry/
|
||||
icon: https://helm.twun.io/docker-registry.png
|
||||
|
||||
26
README.md
26
README.md
@@ -43,6 +43,9 @@ their default values.
|
||||
| `persistence.size` | Amount of space to claim for PVC | `10Gi` |
|
||||
| `persistence.storageClass` | Storage Class to use for PVC | `-` |
|
||||
| `persistence.existingClaim` | Name of an existing PVC to use for config | `nil` |
|
||||
| `serviceAccount.create` | Create ServiceAccount | `false` |
|
||||
| `serviceAccount.name` | ServiceAccount name | `nil` |
|
||||
| `serviceAccount.annotations` | Annotations to add to the ServiceAccount | `{}` |
|
||||
| `service.port` | TCP port on which the service is exposed | `5000` |
|
||||
| `service.type` | service type | `ClusterIP` |
|
||||
| `service.clusterIP` | if `service.type` is `ClusterIP` and this is non-empty, sets the cluster IP of the service | `nil` |
|
||||
@@ -58,6 +61,12 @@ their default values.
|
||||
| `podDisruptionBudget` | Pod disruption budget | `{}` |
|
||||
| `resources.limits.cpu` | Container requested CPU | `nil` |
|
||||
| `resources.limits.memory` | Container requested memory | `nil` |
|
||||
| `autoscaling.enabled` | Enable autoscaling using HorizontalPodAutoscaler | `false` |
|
||||
| `autoscaling.minReplicas` | Minimal number of replicas | `1` |
|
||||
| `autoscaling.maxReplicas` | Maximal number of replicas | `2` |
|
||||
| `autoscaling.targetCPUUtilizationPercentage` | Target average utilization of CPU on Pods | `60` |
|
||||
| `autoscaling.targetMemoryUtilizationPercentage` | (Kubernetes ≥1.23) Target average utilization of Memory on Pods | `60` |
|
||||
| `autoscaling.behavior` | (Kubernetes ≥1.23) Configurable scaling behavior | `{}` |
|
||||
| `priorityClassName ` | priorityClassName | `""` |
|
||||
| `storage` | Storage system to use | `filesystem` |
|
||||
| `tlsSecretName` | Name of secret for TLS certs | `nil` |
|
||||
@@ -67,7 +76,7 @@ their default values.
|
||||
| `secrets.s3.secretRef` | The ref for an external secret containing the accessKey and secretKey keys | `""` |
|
||||
| `secrets.swift.username` | Username for Swift configuration | `nil` |
|
||||
| `secrets.swift.password` | Password for Swift configuration | `nil` |
|
||||
| `haSharedSecret` | Shared secret for Registry | `nil` |
|
||||
| `secrets.haSharedSecret` | Shared secret for Registry | `nil` |
|
||||
| `configData` | Configuration hash for docker | `nil` |
|
||||
| `s3.region` | S3 region | `nil` |
|
||||
| `s3.regionEndpoint` | S3 region endpoint | `nil` |
|
||||
@@ -82,6 +91,7 @@ their default values.
|
||||
| `proxy.username` | Remote registry login username | `nil` |
|
||||
| `proxy.password` | Remote registry login password | `nil` |
|
||||
| `proxy.secretRef` | The ref for an external secret containing the proxyUsername and proxyPassword keys | `""` |
|
||||
| `namespace` | specify a namespace to install the chart to - defaults to `.Release.Namespace` | `{{ .Release.Namespace }}` |
|
||||
| `nodeSelector` | node labels for pod assignment | `{}` |
|
||||
| `affinity` | affinity settings | `{}` |
|
||||
| `tolerations` | pod tolerations | `[]` |
|
||||
@@ -91,9 +101,23 @@ their default values.
|
||||
| `ingress.path` | Ingress service path | `/` |
|
||||
| `ingress.hosts` | Ingress hostnames | `[]` |
|
||||
| `ingress.tls` | Ingress TLS configuration (YAML) | `[]` |
|
||||
| `ingress.className` | Ingress controller class name | `nginx` |
|
||||
| `metrics.enabled` | Enable metrics on Service | `false` |
|
||||
| `metrics.port` | TCP port on which the service metrics is exposed | `5001` |
|
||||
| `metrics.serviceMonitor.annotations` | Prometheus Operator ServiceMonitor annotations | `{}` |
|
||||
| `metrics.serviceMonitor.enable` | If true, Prometheus Operator ServiceMonitor will be created | `false` |
|
||||
| `metrics.serviceMonitor.labels` | Prometheus Operator ServiceMonitor labels | `{}` |
|
||||
| `metrics.prometheusRule.annotations` | Prometheus Operator PrometheusRule annotations | `{}` |
|
||||
| `metrics.prometheusRule.enable` | If true, Prometheus Operator prometheusRule will be created | `false` |
|
||||
| `metrics.prometheusRule.labels` | Prometheus Operator prometheusRule labels | `{}` |
|
||||
| `metrics.prometheusRule.rules` | PrometheusRule defining alerting rules for a Prometheus instance | `{}` |
|
||||
| `extraVolumeMounts` | Additional volumeMounts to the registry container | `[]` |
|
||||
| `extraVolumes` | Additional volumes to the pod | `[]` |
|
||||
| `extraEnvVars` | Additional environment variables to the pod | `[]` |
|
||||
| `initContainers` | Init containers to be created in the pod | `[]` |
|
||||
| `garbageCollect.enabled` | If true, will deploy garbage-collector cronjob | `false` |
|
||||
| `garbageCollect.deleteUntagged` | If true, garbage-collector will delete manifests that are not currently referenced via tag | `true` | |
|
||||
| `garbageCollect.schedule` | CronTab schedule, please use standard crontab format | `0 1 * * *` | |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to
|
||||
`helm install`.
|
||||
|
||||
@@ -22,3 +22,188 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "docker-registry.envs" -}}
|
||||
- name: REGISTRY_HTTP_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: haSharedSecret
|
||||
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: REGISTRY_AUTH
|
||||
value: "htpasswd"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_REALM
|
||||
value: "Registry Realm"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_PATH
|
||||
value: "/auth/htpasswd"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: REGISTRY_HTTP_TLS_CERTIFICATE
|
||||
value: /etc/ssl/docker/tls.crt
|
||||
- name: REGISTRY_HTTP_TLS_KEY
|
||||
value: /etc/ssl/docker/tls.key
|
||||
{{- end -}}
|
||||
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
|
||||
value: "/var/lib/registry"
|
||||
{{- else if eq .Values.storage "azure" }}
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountName
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountKey
|
||||
- name: REGISTRY_STORAGE_AZURE_CONTAINER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureContainer
|
||||
{{- else if eq .Values.storage "s3" }}
|
||||
- name: REGISTRY_STORAGE_S3_REGION
|
||||
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
|
||||
- name: REGISTRY_STORAGE_S3_BUCKET
|
||||
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
|
||||
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
|
||||
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3AccessKey
|
||||
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3SecretKey
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.s3.regionEndpoint }}
|
||||
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
||||
value: {{ .Values.s3.regionEndpoint }}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.s3.rootdirectory }}
|
||||
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
|
||||
value: {{ .Values.s3.rootdirectory | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.s3.encrypt }}
|
||||
- name: REGISTRY_STORAGE_S3_ENCRYPT
|
||||
value: {{ .Values.s3.encrypt | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.s3.secure }}
|
||||
- name: REGISTRY_STORAGE_S3_SECURE
|
||||
value: {{ .Values.s3.secure | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{- else if eq .Values.storage "swift" }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
|
||||
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftUsername
|
||||
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftPassword
|
||||
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
|
||||
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.proxy.enabled }}
|
||||
- name: REGISTRY_PROXY_REMOTEURL
|
||||
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
|
||||
- name: REGISTRY_PROXY_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyUsername
|
||||
- name: REGISTRY_PROXY_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyPassword
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.persistence.deleteEnabled }}
|
||||
- name: REGISTRY_STORAGE_DELETE_ENABLED
|
||||
value: "true"
|
||||
{{- end -}}
|
||||
|
||||
{{- with .Values.extraEnvVars }}
|
||||
{{ toYaml . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- define "docker-registry.volumeMounts" -}}
|
||||
- name: "{{ template "docker-registry.fullname" . }}-config"
|
||||
mountPath: "/etc/docker/registry"
|
||||
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
mountPath: /auth
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
mountPath: /var/lib/registry/
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- mountPath: /etc/ssl/docker
|
||||
name: tls-cert
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- define "docker-registry.volumes" -}}
|
||||
- name: {{ template "docker-registry.fullname" . }}-config
|
||||
configMap:
|
||||
name: {{ template "docker-registry.fullname" . }}-config
|
||||
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
secret:
|
||||
secretName: {{ template "docker-registry.fullname" . }}-secret
|
||||
items:
|
||||
- key: htpasswd
|
||||
path: htpasswd
|
||||
{{- end }}
|
||||
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: tls-cert
|
||||
secret:
|
||||
secretName: {{ .Values.tlsSecretName }}
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -2,6 +2,7 @@ apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}-config
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
|
||||
67
templates/cronjob.yaml
Normal file
67
templates/cronjob.yaml
Normal file
@@ -0,0 +1,67 @@
|
||||
{{- if .Values.garbageCollect.enabled }}
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}-garbage-collector
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
schedule: {{ .Values.garbageCollect.schedule | quote }}
|
||||
jobTemplate:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
{{ toYaml .Values.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }}
|
||||
serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
securityContext:
|
||||
fsGroup: {{ .Values.securityContext.fsGroup }}
|
||||
runAsUser: {{ .Values.securityContext.runAsUser }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
command:
|
||||
- /bin/registry
|
||||
- garbage-collect
|
||||
- --delete-untagged={{ .Values.garbageCollect.deleteUntagged }}
|
||||
- /etc/docker/registry/config.yml
|
||||
env: {{ include "docker-registry.envs" . | nindent 16 }}
|
||||
volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 16 }}
|
||||
restartPolicy: OnFailure
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity: {{ toYaml .Values.affinity | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations: {{ toYaml .Values.tolerations | nindent 12 }}
|
||||
{{- end }}
|
||||
volumes: {{ include "docker-registry.volumes" . | nindent 12 }}
|
||||
{{- end }}
|
||||
@@ -2,6 +2,7 @@ apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
||||
@@ -13,37 +14,43 @@ spec:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
{{- if .Values.updateStrategy }}
|
||||
strategy:
|
||||
{{ toYaml .Values.updateStrategy | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateStrategy }}
|
||||
strategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
minReadySeconds: 5
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- if .Values.podLabels }}
|
||||
{{ toYaml .Values.podLabels | indent 8 }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
{{- if $.Values.podAnnotations }}
|
||||
{{ toYaml $.Values.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
{{ toYaml .Values.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }}
|
||||
serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
securityContext:
|
||||
fsGroup: {{ .Values.securityContext.fsGroup }}
|
||||
runAsUser: {{ .Values.securityContext.runAsUser }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.initContainers }}
|
||||
initContainers:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
@@ -54,189 +61,35 @@ spec:
|
||||
- /etc/docker/registry/config.yml
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- containerPort: {{ (split ":" .Values.configData.http.debug.addr)._1 }}
|
||||
name: http-metrics
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
{{- if .Values.tlsSecretName }}
|
||||
{{- if .Values.tlsSecretName }}
|
||||
scheme: HTTPS
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
path: /
|
||||
port: 5000
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
{{- if .Values.tlsSecretName }}
|
||||
{{- if .Values.tlsSecretName }}
|
||||
scheme: HTTPS
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
path: /
|
||||
port: 5000
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 12 }}
|
||||
env:
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: REGISTRY_AUTH
|
||||
value: "htpasswd"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_REALM
|
||||
value: "Registry Realm"
|
||||
- name: REGISTRY_AUTH_HTPASSWD_PATH
|
||||
value: "/auth/htpasswd"
|
||||
{{- end }}
|
||||
- name: REGISTRY_HTTP_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: haSharedSecret
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: REGISTRY_HTTP_TLS_CERTIFICATE
|
||||
value: /etc/ssl/docker/tls.crt
|
||||
- name: REGISTRY_HTTP_TLS_KEY
|
||||
value: /etc/ssl/docker/tls.key
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
|
||||
value: "/var/lib/registry"
|
||||
{{- else if eq .Values.storage "azure" }}
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountName
|
||||
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureAccountKey
|
||||
- name: REGISTRY_STORAGE_AZURE_CONTAINER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: azureContainer
|
||||
{{- else if eq .Values.storage "s3" }}
|
||||
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
|
||||
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3AccessKey
|
||||
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: s3SecretKey
|
||||
{{- end }}
|
||||
- name: REGISTRY_STORAGE_S3_REGION
|
||||
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
|
||||
{{- if .Values.s3.regionEndpoint }}
|
||||
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
||||
value: {{ .Values.s3.regionEndpoint }}
|
||||
{{- end }}
|
||||
- name: REGISTRY_STORAGE_S3_BUCKET
|
||||
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
|
||||
{{- if .Values.s3.rootdirectory }}
|
||||
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
|
||||
value: {{ .Values.s3.rootdirectory | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.s3.encrypt }}
|
||||
- name: REGISTRY_STORAGE_S3_ENCRYPT
|
||||
value: {{ .Values.s3.encrypt | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.s3.secure }}
|
||||
- name: REGISTRY_STORAGE_S3_SECURE
|
||||
value: {{ .Values.s3.secure | quote }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.storage "swift" }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
|
||||
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
|
||||
- name: REGISTRY_STORAGE_SWIFT_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftUsername
|
||||
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
key: swiftPassword
|
||||
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
|
||||
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
|
||||
{{- end }}
|
||||
{{- if .Values.proxy.enabled }}
|
||||
- name: REGISTRY_PROXY_REMOTEURL
|
||||
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
|
||||
- name: REGISTRY_PROXY_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyUsername
|
||||
- name: REGISTRY_PROXY_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
|
||||
key: proxyPassword
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.deleteEnabled }}
|
||||
- name: REGISTRY_STORAGE_DELETE_ENABLED
|
||||
value: "true"
|
||||
{{- end }}
|
||||
{{- with .Values.extraEnvVars }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
mountPath: /auth
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
mountPath: /var/lib/registry/
|
||||
{{- end }}
|
||||
- name: "{{ template "docker-registry.fullname" . }}-config"
|
||||
mountPath: "/etc/docker/registry"
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- mountPath: /etc/ssl/docker
|
||||
name: tls-cert
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.secrets.htpasswd }}
|
||||
- name: auth
|
||||
secret:
|
||||
secretName: {{ template "docker-registry.fullname" . }}-secret
|
||||
items:
|
||||
- key: htpasswd
|
||||
path: htpasswd
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "filesystem" }}
|
||||
- name: data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
- name: {{ template "docker-registry.fullname" . }}-config
|
||||
configMap:
|
||||
name: {{ template "docker-registry.fullname" . }}-config
|
||||
{{- if .Values.tlsSecretName }}
|
||||
- name: tls-cert
|
||||
secret:
|
||||
secretName: {{ .Values.tlsSecretName }}
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
resources: {{ toYaml .Values.resources | nindent 12 }}
|
||||
env: {{ include "docker-registry.envs" . | nindent 12 }}
|
||||
volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 12 }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity: {{ toYaml .Values.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes: {{ include "docker-registry.volumes" . | nindent 8 }}
|
||||
|
||||
42
templates/hpa.yaml
Normal file
42
templates/hpa.yaml
Normal file
@@ -0,0 +1,42 @@
|
||||
{{- if .Values.autoscaling.enabled }}
|
||||
{{- $apiVersions := .Capabilities.APIVersions -}}
|
||||
{{- if $apiVersions.Has "autoscaling/v2" }}
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- with .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.autoscaling.behavior }}
|
||||
behavior:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
22
templates/hpaV1.yaml
Normal file
22
templates/hpaV1.yaml
Normal file
@@ -0,0 +1,22 @@
|
||||
{{- if .Values.autoscaling.enabled }}
|
||||
{{- $apiVersions := .Capabilities.APIVersions -}}
|
||||
{{- if not ($apiVersions.Has "autoscaling/v2") }}
|
||||
apiVersion: autoscaling/v1
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||
targetCPUUtilizationPercentage: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,11 +1,13 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $apiVersions := .Capabilities.APIVersions -}}
|
||||
{{- $serviceName := include "docker-registry.fullname" . -}}
|
||||
{{- $servicePort := .Values.service.port -}}
|
||||
{{- $path := .Values.ingress.path -}}
|
||||
apiVersion: {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} networking.k8s.io/v1beta1 {{- else }} extensions/v1beta1 {{- end }}
|
||||
apiVersion: {{- if $apiVersions.Has "networking.k8s.io/v1" }} networking.k8s.io/v1 {{- else }} networking.k8s.io/v1beta1 {{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
||||
@@ -19,15 +21,27 @@ metadata:
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $apiVersions.Has "networking.k8s.io/v1" }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
- host: {{ $host }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ $path }}
|
||||
{{- if $apiVersions.Has "networking.k8s.io/v1" }}
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: {{ $serviceName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- else }}
|
||||
backend:
|
||||
serviceName: {{ $serviceName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
|
||||
@@ -3,6 +3,7 @@ apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
||||
|
||||
17
templates/prometheusrules.yaml
Normal file
17
templates/prometheusrules.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled -}}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
labels:
|
||||
app.kubernetes.io/component: controller
|
||||
{{- if .Values.metrics.prometheusRule.labels }}
|
||||
{{- toYaml .Values.metrics.prometheusRule.labels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.metrics.prometheusRule.rules }}
|
||||
groups:
|
||||
- name: {{ template "docker-registry.fullname" . }}
|
||||
rules: {{- toYaml .Values.metrics.prometheusRule.rules | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -4,6 +4,7 @@ kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.fullname" . }}
|
||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
|
||||
@@ -2,6 +2,7 @@ apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}-secret
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
|
||||
@@ -2,6 +2,7 @@ apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
||||
@@ -36,6 +37,12 @@ spec:
|
||||
targetPort: 5000
|
||||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
|
||||
nodePort: {{ .Values.service.nodePort }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- port: {{ .Values.metrics.port }}
|
||||
protocol: TCP
|
||||
name: http-metrics
|
||||
targetPort: {{ (split ":" .Values.configData.http.debug.addr)._1 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
|
||||
19
templates/serviceaccount.yaml
Normal file
19
templates/serviceaccount.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- if .Values.serviceAccount.name }}
|
||||
name: {{ .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
name: {{ include "docker-registry.fullname" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
21
templates/servicemonitor.yaml
Normal file
21
templates/servicemonitor.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled -}}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "docker-registry.fullname" . }}-servicemonitor
|
||||
labels:
|
||||
app: {{ template "docker-registry.name" . }}-metrics
|
||||
release: {{ .Release.Name }}
|
||||
{{- if .Values.metrics.serviceMonitor.labels }}
|
||||
{{ toYaml .Values.metrics.serviceMonitor.labels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "docker-registry.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
endpoints:
|
||||
- port: http-metrics
|
||||
interval: 15s
|
||||
{{- end }}
|
||||
59
values.yaml
59
values.yaml
@@ -12,6 +12,11 @@ updateStrategy: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
|
||||
serviceAccount:
|
||||
create: false
|
||||
name: ""
|
||||
annotations: {}
|
||||
|
||||
image:
|
||||
repository: registry
|
||||
tag: 2.7.1
|
||||
@@ -32,6 +37,7 @@ service:
|
||||
# foo.io/bar: "true"
|
||||
ingress:
|
||||
enabled: false
|
||||
className: nginx
|
||||
path: /
|
||||
# Used to create an Ingress record.
|
||||
hosts:
|
||||
@@ -110,6 +116,19 @@ proxy:
|
||||
# Keys: proxyUsername, proxyPassword
|
||||
secretRef: ""
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
port: 5001
|
||||
# Create a prometheus-operator servicemonitor
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
labels: {}
|
||||
# prometheus-operator PrometheusRule defining alerting rules for a Prometheus instance
|
||||
prometheusRule:
|
||||
enabled: false
|
||||
labels: {}
|
||||
rules: {}
|
||||
|
||||
configData:
|
||||
version: 0.1
|
||||
log:
|
||||
@@ -122,6 +141,11 @@ configData:
|
||||
addr: :5000
|
||||
headers:
|
||||
X-Content-Type-Options: [nosniff]
|
||||
debug:
|
||||
addr: :5001
|
||||
prometheus:
|
||||
enabled: false
|
||||
path: /metrics
|
||||
health:
|
||||
storagedriver:
|
||||
enabled: true
|
||||
@@ -139,6 +163,30 @@ podDisruptionBudget: {}
|
||||
# maxUnavailable: 1
|
||||
# minAvailable: 2
|
||||
|
||||
autoscaling:
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 2
|
||||
targetCPUUtilizationPercentage: 60
|
||||
targetMemoryUtilizationPercentage: 60 # available only on Kubernetes ≥1.23 [required "autoscaling/v2"]
|
||||
behavior: {} # available only on Kubernetes ≥1.23 [required "autoscaling/v2"]
|
||||
# scaleDown:
|
||||
# stabilizationWindowSeconds: 300
|
||||
# policies:
|
||||
# - type: Percent
|
||||
# value: 100
|
||||
# periodSeconds: 15
|
||||
# scaleUp:
|
||||
# stabilizationWindowSeconds: 0
|
||||
# policies:
|
||||
# - type: Percent
|
||||
# value: 100
|
||||
# periodSeconds: 15
|
||||
# - type: Pods
|
||||
# value: 4
|
||||
# periodSeconds: 15
|
||||
# selectPolicy: Max
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
affinity: {}
|
||||
@@ -165,3 +213,14 @@ extraEnvVars: []
|
||||
## Additional ENV variables to set
|
||||
# - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
|
||||
# value: "/var/lib/example"
|
||||
|
||||
initContainers: []
|
||||
## Init containers to add to the Deployment
|
||||
# - name: init
|
||||
# image: busybox
|
||||
# command: []
|
||||
|
||||
garbageCollect:
|
||||
enabled: false
|
||||
deleteUntagged: true
|
||||
schedule: "0 1 * * *"
|
||||
|
||||
Reference in New Issue
Block a user