github/docker-registry.helm
1
0
Fork 0
mirror of https://github.com/twuni/docker-registry.helm.git synced 2026-03-10 15:10:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:v2.2.0
Branches Tags
github:main github:dependabot/github_actions/actions/checkout-6 github:gh-pages github:dependabot/github_actions/marocchino/sticky-pull-request-comment-2.9.4 github:airbytehq/main
github:v3.0.0 github:v2.3.0 github:v2.2.3 github:v2.2.2 github:v2.2.1 github:v2.2.0 github:v2.1.0 github:v2.0.1 github:v2.0.0 github:v1.16.0 github:v1.15.0 github:v1.14.0 github:v1.13.2 github:v1.13.1 github:v1.13.0 github:v1.12.0 github:v1.11.0 github:v1.10.1 github:v1.10.0 github:v1.9.7
...
compare: github:v2.2.3
Branches Tags
github:dependabot/github_actions/actions/checkout-6 github:main github:gh-pages github:dependabot/github_actions/marocchino/sticky-pull-request-comment-2.9.4 github:airbytehq/main
github:v3.0.0 github:v2.3.0 github:v2.2.3 github:v2.2.2 github:v2.2.1 github:v2.2.0 github:v2.1.0 github:v2.0.1 github:v2.0.0 github:v1.16.0 github:v1.15.0 github:v1.14.0 github:v1.13.2 github:v1.13.1 github:v1.13.0 github:v1.12.0 github:v1.11.0 github:v1.10.1 github:v1.10.0 github:v1.9.7

51 Commits
v2.2.0 ... v2.2.3

Author SHA1 Message Date
Joshua Sizer
524a0a9375 Merge pull request #120 from joshsizer/release-v2.2.3 
🏁 v2.2.3 Release
 2024-03-17 22:06:13 -04:00
Josh Sizer
91124414a5 🏁 v2.2.3 Release 2024-03-16 19:08:18 -04:00
Joshua Sizer
808510d274 Merge pull request #106 from ChevronTango/main 
Adding Deployment Annotations
 2024-03-15 17:13:04 -04:00
Edward Brough
c7d3bc3b42 adding deployment annotations 
Signed-off-by: Edward Brough <edward.brough@gmail.com>
 2024-03-15 17:25:42 +00:00
Joshua Sizer
baae5c6986 Merge pull request #117 from laverya/patch-1 
Update README.md to use correct default version
 2024-03-12 21:15:51 -04:00
Andrew Lavery
a03420f765 Update README.md to use correct default version 2024-03-12 11:19:31 -04:00
Vyas
7d16b3c57b Merge pull request #114 from ddelange/patch-3 
Fix backwards compatibility for k8s 1.24
 2024-03-08 09:49:40 -06:00
ddelange
c112edabe5 Revert version 2024-03-08 06:45:07 +01:00
ddelange
456d4f0308 Remove .github/workflows/healm_publish.yaml 2024-03-06 07:20:19 +01:00
Vyas
419a289a0e Merge pull request #102 from erikfuego/security-context-missing-fields 
Add missing fields for Security context  and secrets
 2024-03-05 13:59:41 -06:00
erikfuego
ed0a778281 Add missing fields for Security context and secrets 2024-03-04 12:36:40 -05:00
ddelange
9193ce0ae8 Bump chart version 
This reverts commit 345f178c44ab853fb603dab5bba6c58eae3e954b.
 2024-01-04 10:49:33 +01:00
ddelange
ebc2372fb4 Merge branch 'helm-publish' of https://github.com/ddelange/docker-registry.helm into patch-3 
* 'helm-publish' of https://github.com/ddelange/docker-registry.helm:
  Publish helm chart as release asset
  Fix backwards compatibility for k8s 1.24
 2024-01-04 10:20:52 +01:00
ddelange
38acafc680 Fix backwards compatibility for k8s 1.24 2024-01-04 10:20:25 +01:00
ddelange
a1b77cb212 Publish helm chart as release asset 2024-01-04 10:09:33 +01:00
ddelange
05d75cad63 Fix backwards compatibility for k8s 1.24 2024-01-04 10:01:08 +01:00
Devin Canterberry
d74c33abd9 Merge pull request #88 from syseleven/deprecation-1.25 
Migrate PodDisruptionBudget policy/v1beta1 to policy/v1
 2023-02-24 08:05:02 -08:00
Stefan Andres
fc2ab7e7ac Migrate PodDisruptionBudget policy/v1beta1 to policy/v1 
In k8s 1.25 policy/v1beta1 is no longer served, migrate to policy/v1.

https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25
 2022-12-13 15:58:54 +01:00
Devin Canterberry
405346f80e 🏁 v2.2.2 Release 2022-08-18 10:20:10 -07:00
Devin Canterberry
b152f62233 Merge pull request #79 from pieveee/fix/#73 
fix extraVolumes and extraVolumeMounts (hypen typo) #78 #77
 2022-08-18 10:19:07 -07:00
Michael Blickenstorfer
55647356c5 fix #73 2022-08-18 12:20:21 +02:00
Devin Canterberry
294d61f9d3 Merge pull request #75 from canterberry/remove-duplicate-check 
🐞 Fix duplicate PR diff GitHub action and tweak test values
(approved by @ddelange)
 2022-08-17 12:22:40 -07:00
Devin Canterberry
836f46131f 🚦 Hard-coding the "before" chart URL in the PR diff GitHub action 
While this may not be strictly necessary, it's the correct resolution
enough of the time that the clarity of explicitly stating the "before"
is, I think, worth it.
 2022-08-17 12:08:24 -07:00
Devin Canterberry
c7b3257baa 🚦 Add release namespace and target namespaces to PR diff action test values 2022-08-17 11:56:49 -07:00
Devin Canterberry
1315fc281e Merge pull request #65 from canterberry/namespaced-service-account 
🐞 Add missing namespace to ServiceAccount
 2022-08-17 11:50:50 -07:00
Devin Canterberry
635fd0fa0c Merge pull request #72 from edwargix/registr-2.8 
Upgrade default image version from 2.7.1 to 2.8.1
 2022-08-17 11:49:16 -07:00
Devin Canterberry
91dd5f2928 🚦 Add extraVolumes and extraVolumeMounts to PR diff GitHub action 2022-08-17 11:43:37 -07:00
Devin Canterberry
8ce5a40b47 🔥 Remove duplicate trigger for PR diff GitHub action 2022-08-17 11:40:34 -07:00
David Florness
96ad7c0eb4 Upgrade default image version from 2.7.1 to 2.8.1 
Includes changes from releases 2.8.0 and 2.8.1, which mostly contain bugfixes:

- https://github.com/distribution/distribution/releases/tag/v2.8.0
- https://github.com/distribution/distribution/releases/tag/v2.8.1
 2022-08-16 22:29:59 -04:00
Devin Canterberry
95ab1afa98 🏁 v2.2.1 Release 2022-08-15 14:47:24 -07:00
Devin Canterberry
471cb14632 Merge pull request #62 from ddelange/garbage-collector 
♻️ Deduplicate definitions from deployment and cronjob
 2022-08-15 14:40:33 -07:00
Devin Canterberry
8707c92f64 Merge pull request #70 from ddelange/patch-1 
👷 Add sticky helm diff PR comment
 2022-08-15 14:38:24 -07:00
Devin Canterberry
7e099191b3 🎨 Specify commit hash in sticky PR comment 
Co-authored-by: ddelange <14880945+ddelange@users.noreply.github.com>
 2022-08-15 14:33:33 -07:00
ddelange
23608f3fa7 Bar permissions and allow forks to run in base scope (#6) 
* Test permissions

* Add back pull_request

* Use full SHA
 2022-08-11 09:34:52 +02:00
ddelange
9023f38343 Revert 2022-08-10 15:09:19 +02:00
ddelange
4a6440da88 Test the smoketest 2022-08-10 15:07:35 +02:00
ddelange
4b69284642 Fix collapsible markdown 2022-08-10 15:06:52 +02:00
ddelange
4091345244 Collapse the diff 2022-08-10 15:04:58 +02:00
ddelange
9b65310c58 Make filenames show up in diff 2022-08-10 15:00:12 +02:00
ddelange
d6f9bdc4f1 Fix 
https://github.com/rlespinasse/git-commit-data-action/pull/12/files
 2022-08-10 13:30:17 +02:00
ddelange
c4e5c3860c Try without alias 2022-08-10 13:23:42 +02:00
ddelange
f7c99a3dd4 Fix alias expansion 
https://github.com/actions/toolkit/issues/766#issuecomment-928305811
 2022-08-10 13:17:23 +02:00
ddelange
94d36dc9cd Fix multiline output 2022-08-10 13:09:44 +02:00
ddelange
186e23c219 👷 Add sticky helm diff PR comment 2022-08-10 11:13:47 +02:00
ddelange
b4b319496c Fix more indentations 2022-08-10 10:08:13 +02:00
ddelange
52a5d4ba15 Fix extraEnvVars indentation, remove env whitespaces 2022-08-10 09:05:50 +02:00
ddelange
5a831ab9d3 🔥 Remove merge remnant 2022-08-09 22:00:43 +03:00
ddelange
f22f42d2b2 Merge branch 'main' into garbage-collector 2022-08-09 20:26:35 +02:00
ddelange
fb2132a0c7 PR Suggestions 2022-08-08 10:57:43 +02:00
ddelange
d78c010ca5 Revert "Make the changes additive" 
This reverts commit fd7fdcaa44.
 2022-08-05 14:11:37 +02:00
Devin Canterberry
a1cd36f55e 🐞 Add missing namespace to ServiceAccount 
When `serviceAccount.create` is `true`, this chart creates
a service account. Currently, that service account will be
created without an explicit namespace. This can be problematic
because the Deployment resource does have an explicit namespace
set. Because the ServiceAccount and Deployment (ultimately, the
Pod) must coexist in the same namespace, we need to follow the
same logic when setting the namespace for both.

Fixes https://github.com/twuni/docker-registry.helm/issues/60.
 2022-07-27 23:50:13 -07:00
9 changed files with 311 additions and 367 deletions
Expand all files Collapse all files

58
.github/workflows/pr_diff.yaml vendored Normal file
View File

@@ -0,0 +1,58 @@
name: PR Diff for Helm chart
on:
pull_request_target:
permissions:
pull-requests: write
jobs:
diff:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: azure/setup-helm@v3
- name: Run diff
id: diff
run: |
OPTIONS=(
--namespace meta-namespace
--set serviceAccount.create=true
--set priorityClassName=high
--set podAnnotations.test=annotation
--set extraEnvVars[0].name=TEST_NAME
--set extraEnvVars[0].value=TEST_VALUE
--set extraVolumes[0].name=test
--set extraVolumes[0].emptyDir.medium=Memory
--set extraVolumeMounts[0].name=test
--set extraVolumeMounts[0].mountPath=/test
--set secrets.htpasswd=abc
--set tlsSecretName=abc
--set garbageCollect.enabled=true
--set namespace=target-namespace
--set proxy.enabled=true
--set storage=s3
--set secrets.s3.secretKey=abc
--set secrets.s3.accessKey=def
--set s3.region=us-42
--set s3.bucket=abc
--set s3.encrypt=abc
)
helm template --debug ${OPTIONS[@]} --output-dir before https://github.com/twuni/docker-registry.helm/archive/refs/heads/main.tar.gz
helm template --debug ${OPTIONS[@]} --output-dir after .
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
echo 'HELM_DIFF<<EOF' >> $GITHUB_ENV
echo "$(diff -ur before after)" >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443
with:
message: |
Running a `helm template` smoketest on commit ${{ github.ref }} results in the following diff against `${{ github.base_ref }}`:
<details><summary>diff</summary><p>
```diff
${{ env.HELM_DIFF }}
```
</p></details>

4
Chart.yaml
View File

@@ -1,8 +1,8 @@
apiVersion: v1
description: A Helm chart for Docker Registry
name: docker-registry
version: 2.2.0
appVersion: 2.7.1
version: 2.2.3
appVersion: 2.8.1
home: https://hub.docker.com/_/registry/
icon: https://helm.twun.io/docker-registry.png
maintainers:

3
README.md
View File

@@ -35,7 +35,7 @@ their default values.
|:----------------------------|:-------------------------------------------------------------------------------------------|:----------------|
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.repository` | Container image to use | `registry` |
| `image.tag` | Container image tag to deploy | `2.7.1` |
| `image.tag` | Container image tag to deploy | `2.8.1` |
| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` |
| `persistence.enabled` | Whether to use a PVC for the Docker storage | `false` |
@@ -46,6 +46,7 @@ their default values.
| `serviceAccount.create` | Create ServiceAccount | `false` |
| `serviceAccount.name` | ServiceAccount name | `nil` |
| `serviceAccount.annotations` | Annotations to add to the ServiceAccount | `{}` |
| `deployment.annotations` | Annotations to add to the Deployment | `{}` |
| `service.port` | TCP port on which the service is exposed | `5000` |
| `service.type` | service type | `ClusterIP` |
| `service.clusterIP` | if `service.type` is `ClusterIP` and this is non-empty, sets the cluster IP of the service | `nil` |

185
templates/_helpers.tpl
View File

@@ -22,3 +22,188 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "docker-registry.envs" -}}
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: haSharedSecret
{{- if .Values.secrets.htpasswd }}
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: "/auth/htpasswd"
{{- end }}
{{- if .Values.tlsSecretName }}
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /etc/ssl/docker/tls.crt
- name: REGISTRY_HTTP_TLS_KEY
value: /etc/ssl/docker/tls.key
{{- end -}}
{{- if eq .Values.storage "filesystem" }}
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: "/var/lib/registry"
{{- else if eq .Values.storage "azure" }}
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountName
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountKey
- name: REGISTRY_STORAGE_AZURE_CONTAINER
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureContainer
{{- else if eq .Values.storage "s3" }}
- name: REGISTRY_STORAGE_S3_REGION
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
- name: REGISTRY_STORAGE_S3_BUCKET
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3AccessKey
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3SecretKey
{{- end -}}
{{- if .Values.s3.regionEndpoint }}
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: {{ .Values.s3.regionEndpoint }}
{{- end -}}
{{- if .Values.s3.rootdirectory }}
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
value: {{ .Values.s3.rootdirectory | quote }}
{{- end -}}
{{- if .Values.s3.encrypt }}
- name: REGISTRY_STORAGE_S3_ENCRYPT
value: {{ .Values.s3.encrypt | quote }}
{{- end -}}
{{- if .Values.s3.secure }}
- name: REGISTRY_STORAGE_S3_SECURE
value: {{ .Values.s3.secure | quote }}
{{- end -}}
{{- else if eq .Values.storage "swift" }}
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
- name: REGISTRY_STORAGE_SWIFT_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftUsername
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftPassword
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
{{- end -}}
{{- if .Values.proxy.enabled }}
- name: REGISTRY_PROXY_REMOTEURL
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
- name: REGISTRY_PROXY_USERNAME
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyUsername
- name: REGISTRY_PROXY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyPassword
{{- end -}}
{{- if .Values.persistence.deleteEnabled }}
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
{{- end -}}
{{- with .Values.extraEnvVars }}
{{ toYaml . }}
{{- end -}}
{{- end -}}
{{- define "docker-registry.volumeMounts" -}}
- name: "{{ template "docker-registry.fullname" . }}-config"
mountPath: "/etc/docker/registry"
{{- if .Values.secrets.htpasswd }}
- name: auth
mountPath: /auth
readOnly: true
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
mountPath: /var/lib/registry/
{{- end }}
{{- if .Values.tlsSecretName }}
- mountPath: /etc/ssl/docker
name: tls-cert
readOnly: true
{{- end }}
{{- with .Values.extraVolumeMounts }}
{{ toYaml . }}
{{- end }}
{{- end -}}
{{- define "docker-registry.volumes" -}}
- name: {{ template "docker-registry.fullname" . }}-config
configMap:
name: {{ template "docker-registry.fullname" . }}-config
{{- if .Values.secrets.htpasswd }}
- name: auth
secret:
secretName: {{ template "docker-registry.fullname" . }}-secret
items:
- key: htpasswd
path: htpasswd
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}
{{- if .Values.tlsSecretName }}
- name: tls-cert
secret:
secretName: {{ .Values.tlsSecretName }}
{{- end }}
{{- with .Values.extraVolumes }}
{{ toYaml . }}
{{- end }}
{{- end -}}

172
templates/cronjob.yaml
View File

@@ -22,9 +22,9 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if $.Values.podAnnotations }}
{{ toYaml $.Values.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
template:
spec:
@@ -38,9 +38,7 @@ spec:
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
securityContext: {{ omit .Values.securityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
@@ -51,135 +49,11 @@ spec:
- garbage-collect
- --delete-untagged={{ .Values.garbageCollect.deleteUntagged }}
- /etc/docker/registry/config.yml
env:
{{- if .Values.secrets.htpasswd }}
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: "/auth/htpasswd"
{{- end }}
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: haSharedSecret
{{- if .Values.tlsSecretName }}
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /etc/ssl/docker/tls.crt
- name: REGISTRY_HTTP_TLS_KEY
value: /etc/ssl/docker/tls.key
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: "/var/lib/registry"
{{- else if eq .Values.storage "azure" }}
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountName
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountKey
- name: REGISTRY_STORAGE_AZURE_CONTAINER
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureContainer
{{- else if eq .Values.storage "s3" }}
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3AccessKey
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3SecretKey
env: {{ include "docker-registry.envs" . | nindent 16 }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{ omit .Values.containerSecurityContext "enabled" | toYaml | nindent 16 }}
{{- end }}
- name: REGISTRY_STORAGE_S3_REGION
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
{{- if .Values.s3.regionEndpoint }}
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: {{ .Values.s3.regionEndpoint }}
{{- end }}
- name: REGISTRY_STORAGE_S3_BUCKET
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
{{- if .Values.s3.rootdirectory }}
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
value: {{ .Values.s3.rootdirectory | quote }}
{{- end }}
{{- if .Values.s3.encrypt }}
- name: REGISTRY_STORAGE_S3_ENCRYPT
value: {{ .Values.s3.encrypt | quote }}
{{- end }}
{{- if .Values.s3.secure }}
- name: REGISTRY_STORAGE_S3_SECURE
value: {{ .Values.s3.secure | quote }}
{{- end }}
{{- else if eq .Values.storage "swift" }}
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
- name: REGISTRY_STORAGE_SWIFT_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftUsername
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftPassword
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
{{- end }}
{{- if .Values.proxy.enabled }}
- name: REGISTRY_PROXY_REMOTEURL
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
- name: REGISTRY_PROXY_USERNAME
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyUsername
- name: REGISTRY_PROXY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyPassword
{{- end }}
{{- if .Values.persistence.deleteEnabled }}
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
{{- end }}
{{- with .Values.extraEnvVars }}
{{- toYaml . | nindent 14 }}
{{- end }}
volumeMounts:
{{- if .Values.secrets.htpasswd }}
- name: auth
mountPath: /auth
readOnly: true
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
mountPath: /var/lib/registry/
{{- end }}
- name: "{{ template "docker-registry.fullname" . }}-config"
mountPath: "/etc/docker/registry"
{{- if .Values.tlsSecretName }}
- mountPath: /etc/ssl/docker
name: tls-cert
readOnly: true
{{- end }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 16 }}
{{- end }}
volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 16 }}
restartPolicy: OnFailure
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
@@ -190,33 +64,5 @@ spec:
{{- if .Values.tolerations }}
tolerations: {{ toYaml .Values.tolerations | nindent 12 }}
{{- end }}
volumes:
{{- if .Values.secrets.htpasswd }}
- name: auth
secret:
secretName: {{ template "docker-registry.fullname" . }}-secret
items:
- key: htpasswd
path: htpasswd
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}
- name: {{ template "docker-registry.fullname" . }}-config
configMap:
name: {{ template "docker-registry.fullname" . }}-config
{{- if .Values.tlsSecretName }}
- name: tls-cert
secret:
secretName: {{ .Values.tlsSecretName }}
{{- end }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumes: {{ include "docker-registry.volumes" . | nindent 12 }}
{{- end }}

244
templates/deployment.yaml
View File

@@ -8,51 +8,51 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.deployment.annotations }}
annotations:
{{ toYaml .Values.deployment.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app: {{ template "docker-registry.name" . }}
release: {{ .Release.Name }}
replicas: {{ .Values.replicaCount }}
{{- if .Values.updateStrategy }}
strategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
{{- end }}
{{- if .Values.updateStrategy }}
strategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
minReadySeconds: 5
template:
metadata:
labels:
app: {{ template "docker-registry.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- with .Values.podLabels }}
{{ toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if $.Values.podAnnotations }}
{{ toYaml $.Values.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }}
{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }}
serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
{{- with .Values.initContainers }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext: {{ omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -63,194 +63,38 @@ spec:
- /etc/docker/registry/config.yml
ports:
- containerPort: 5000
{{- if .Values.metrics.enabled }}
{{- if .Values.metrics.enabled }}
- containerPort: {{ (split ":" .Values.configData.http.debug.addr)._1 }}
name: http-metrics
protocol: TCP
{{- end }}
{{- end }}
livenessProbe:
httpGet:
{{- if .Values.tlsSecretName }}
{{- if .Values.tlsSecretName }}
scheme: HTTPS
{{- end }}
{{- end }}
path: /
port: 5000
readinessProbe:
httpGet:
{{- if .Values.tlsSecretName }}
{{- if .Values.tlsSecretName }}
scheme: HTTPS
{{- end }}
{{- end }}
path: /
port: 5000
resources:
{{ toYaml .Values.resources | indent 12 }}
env:
{{- if .Values.secrets.htpasswd }}
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: "/auth/htpasswd"
{{- end }}
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: haSharedSecret
{{- if .Values.tlsSecretName }}
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /etc/ssl/docker/tls.crt
- name: REGISTRY_HTTP_TLS_KEY
value: /etc/ssl/docker/tls.key
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: "/var/lib/registry"
{{- else if eq .Values.storage "azure" }}
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountName
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountKey
- name: REGISTRY_STORAGE_AZURE_CONTAINER
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureContainer
{{- else if eq .Values.storage "s3" }}
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3AccessKey
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3SecretKey
{{- end }}
- name: REGISTRY_STORAGE_S3_REGION
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
{{- if .Values.s3.regionEndpoint }}
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: {{ .Values.s3.regionEndpoint }}
resources: {{ toYaml .Values.resources | nindent 12 }}
env: {{ include "docker-registry.envs" . | nindent 12 }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{ omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
- name: REGISTRY_STORAGE_S3_BUCKET
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
{{- if .Values.s3.rootdirectory }}
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
value: {{ .Values.s3.rootdirectory | quote }}
{{- end }}
{{- if .Values.s3.encrypt }}
- name: REGISTRY_STORAGE_S3_ENCRYPT
value: {{ .Values.s3.encrypt | quote }}
{{- end }}
{{- if .Values.s3.secure }}
- name: REGISTRY_STORAGE_S3_SECURE
value: {{ .Values.s3.secure | quote }}
{{- end }}
{{- else if eq .Values.storage "swift" }}
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
- name: REGISTRY_STORAGE_SWIFT_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftUsername
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftPassword
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
{{- end }}
{{- if .Values.proxy.enabled }}
- name: REGISTRY_PROXY_REMOTEURL
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
- name: REGISTRY_PROXY_USERNAME
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyUsername
- name: REGISTRY_PROXY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyPassword
{{- end }}
{{- if .Values.persistence.deleteEnabled }}
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
{{- end }}
{{- with .Values.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.secrets.htpasswd }}
- name: auth
mountPath: /auth
readOnly: true
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
mountPath: /var/lib/registry/
{{- end }}
- name: "{{ template "docker-registry.fullname" . }}-config"
mountPath: "/etc/docker/registry"
{{- if .Values.tlsSecretName }}
- mountPath: /etc/ssl/docker
name: tls-cert
readOnly: true
{{- end }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
volumes:
{{- if .Values.secrets.htpasswd }}
- name: auth
secret:
secretName: {{ template "docker-registry.fullname" . }}-secret
items:
- key: htpasswd
path: htpasswd
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}
- name: {{ template "docker-registry.fullname" . }}-config
configMap:
name: {{ template "docker-registry.fullname" . }}-config
{{- if .Values.tlsSecretName }}
- name: tls-cert
secret:
secretName: {{ .Values.tlsSecretName }}
{{- end }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
{{- end }}
volumes: {{ include "docker-registry.volumes" . | nindent 8 }}

4
templates/poddisruptionbudget.yaml
View File

@@ -1,5 +1,9 @@
{{- if .Values.podDisruptionBudget -}}
{{- if .Capabilities.APIVersions.Has "policy/v1" -}}
apiVersion: policy/v1
{{- else}}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: {{ template "docker-registry.fullname" . }}

1
templates/serviceaccount.yaml
View File

@@ -7,6 +7,7 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
namespace: {{ .Values.namespace | default .Release.Namespace }}
{{- if .Values.serviceAccount.name }}
name: {{ .Values.serviceAccount.name }}
{{- else }}

7
values.yaml
View File

@@ -19,10 +19,12 @@ serviceAccount:
image:
repository: registry
tag: 2.7.1
tag: 2.8.1
pullPolicy: IfNotPresent
# imagePullSecrets:
# - name: docker
deployment: {}
# annotations:
service:
name: registry
type: ClusterIP
@@ -152,6 +154,9 @@ configData:
interval: 10s
threshold: 3
containerSecurityContext:
enabled: false
securityContext:
enabled: true
runAsUser: 1000