github/docker-registry.helm
1
0
Fork 0
mirror of https://github.com/twuni/docker-registry.helm.git synced 2026-02-18 22:29:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:v2.2.0
Branches Tags
github:main github:dependabot/github_actions/actions/checkout-6 github:gh-pages github:dependabot/github_actions/marocchino/sticky-pull-request-comment-2.9.4 github:airbytehq/main
github:v3.0.0 github:v2.3.0 github:v2.2.3 github:v2.2.2 github:v2.2.1 github:v2.2.0 github:v2.1.0 github:v2.0.1 github:v2.0.0 github:v1.16.0 github:v1.15.0 github:v1.14.0 github:v1.13.2 github:v1.13.1 github:v1.13.0 github:v1.12.0 github:v1.11.0 github:v1.10.1 github:v1.10.0 github:v1.9.7
..
compare: github:v2.2.2
Branches Tags
github:dependabot/github_actions/actions/checkout-6 github:main github:gh-pages github:dependabot/github_actions/marocchino/sticky-pull-request-comment-2.9.4 github:airbytehq/main
github:v3.0.0 github:v2.3.0 github:v2.2.3 github:v2.2.2 github:v2.2.1 github:v2.2.0 github:v2.1.0 github:v2.0.1 github:v2.0.0 github:v1.16.0 github:v1.15.0 github:v1.14.0 github:v1.13.2 github:v1.13.1 github:v1.13.0 github:v1.12.0 github:v1.11.0 github:v1.10.1 github:v1.10.0 github:v1.9.7

33 Commits
v2.2.0 ... v2.2.2

Author SHA1 Message Date
Devin Canterberry
405346f80e 🏁 v2.2.2 Release 2022-08-18 10:20:10 -07:00
Devin Canterberry
b152f62233 Merge pull request #79 from pieveee/fix/#73 
fix extraVolumes and extraVolumeMounts (hypen typo) #78 #77
 2022-08-18 10:19:07 -07:00
Michael Blickenstorfer
55647356c5 fix #73 2022-08-18 12:20:21 +02:00
Devin Canterberry
294d61f9d3 Merge pull request #75 from canterberry/remove-duplicate-check 
🐞 Fix duplicate PR diff GitHub action and tweak test values
(approved by @ddelange)
 2022-08-17 12:22:40 -07:00
Devin Canterberry
836f46131f 🚦 Hard-coding the "before" chart URL in the PR diff GitHub action 
While this may not be strictly necessary, it's the correct resolution
enough of the time that the clarity of explicitly stating the "before"
is, I think, worth it.
 2022-08-17 12:08:24 -07:00
Devin Canterberry
c7b3257baa 🚦 Add release namespace and target namespaces to PR diff action test values 2022-08-17 11:56:49 -07:00
Devin Canterberry
1315fc281e Merge pull request #65 from canterberry/namespaced-service-account 
🐞 Add missing namespace to ServiceAccount
 2022-08-17 11:50:50 -07:00
Devin Canterberry
635fd0fa0c Merge pull request #72 from edwargix/registr-2.8 
Upgrade default image version from 2.7.1 to 2.8.1
 2022-08-17 11:49:16 -07:00
Devin Canterberry
91dd5f2928 🚦 Add extraVolumes and extraVolumeMounts to PR diff GitHub action 2022-08-17 11:43:37 -07:00
Devin Canterberry
8ce5a40b47 🔥 Remove duplicate trigger for PR diff GitHub action 2022-08-17 11:40:34 -07:00
David Florness
96ad7c0eb4 Upgrade default image version from 2.7.1 to 2.8.1 
Includes changes from releases 2.8.0 and 2.8.1, which mostly contain bugfixes:

- https://github.com/distribution/distribution/releases/tag/v2.8.0
- https://github.com/distribution/distribution/releases/tag/v2.8.1
 2022-08-16 22:29:59 -04:00
Devin Canterberry
95ab1afa98 🏁 v2.2.1 Release 2022-08-15 14:47:24 -07:00
Devin Canterberry
471cb14632 Merge pull request #62 from ddelange/garbage-collector 
♻️ Deduplicate definitions from deployment and cronjob
 2022-08-15 14:40:33 -07:00
Devin Canterberry
8707c92f64 Merge pull request #70 from ddelange/patch-1 
👷 Add sticky helm diff PR comment
 2022-08-15 14:38:24 -07:00
Devin Canterberry
7e099191b3 🎨 Specify commit hash in sticky PR comment 
Co-authored-by: ddelange <14880945+ddelange@users.noreply.github.com>
 2022-08-15 14:33:33 -07:00
ddelange
23608f3fa7 Bar permissions and allow forks to run in base scope (#6) 
* Test permissions

* Add back pull_request

* Use full SHA
 2022-08-11 09:34:52 +02:00
ddelange
9023f38343 Revert 2022-08-10 15:09:19 +02:00
ddelange
4a6440da88 Test the smoketest 2022-08-10 15:07:35 +02:00
ddelange
4b69284642 Fix collapsible markdown 2022-08-10 15:06:52 +02:00
ddelange
4091345244 Collapse the diff 2022-08-10 15:04:58 +02:00
ddelange
9b65310c58 Make filenames show up in diff 2022-08-10 15:00:12 +02:00
ddelange
d6f9bdc4f1 Fix 
https://github.com/rlespinasse/git-commit-data-action/pull/12/files
 2022-08-10 13:30:17 +02:00
ddelange
c4e5c3860c Try without alias 2022-08-10 13:23:42 +02:00
ddelange
f7c99a3dd4 Fix alias expansion 
https://github.com/actions/toolkit/issues/766#issuecomment-928305811
 2022-08-10 13:17:23 +02:00
ddelange
94d36dc9cd Fix multiline output 2022-08-10 13:09:44 +02:00
ddelange
186e23c219 👷 Add sticky helm diff PR comment 2022-08-10 11:13:47 +02:00
ddelange
b4b319496c Fix more indentations 2022-08-10 10:08:13 +02:00
ddelange
52a5d4ba15 Fix extraEnvVars indentation, remove env whitespaces 2022-08-10 09:05:50 +02:00
ddelange
5a831ab9d3 🔥 Remove merge remnant 2022-08-09 22:00:43 +03:00
ddelange
f22f42d2b2 Merge branch 'main' into garbage-collector 2022-08-09 20:26:35 +02:00
ddelange
fb2132a0c7 PR Suggestions 2022-08-08 10:57:43 +02:00
ddelange
d78c010ca5 Revert "Make the changes additive" 
This reverts commit fd7fdcaa44.
 2022-08-05 14:11:37 +02:00
Devin Canterberry
a1cd36f55e 🐞 Add missing namespace to ServiceAccount 
When `serviceAccount.create` is `true`, this chart creates
a service account. Currently, that service account will be
created without an explicit namespace. This can be problematic
because the Deployment resource does have an explicit namespace
set. Because the ServiceAccount and Deployment (ultimately, the
Pod) must coexist in the same namespace, we need to follow the
same logic when setting the namespace for both.

Fixes https://github.com/twuni/docker-registry.helm/issues/60.
 2022-07-27 23:50:13 -07:00
7 changed files with 290 additions and 362 deletions
Expand all files Collapse all files

58
.github/workflows/pr_diff.yaml vendored Normal file
View File

@@ -0,0 +1,58 @@
name: PR Diff for Helm chart
on:
pull_request_target:
permissions:
pull-requests: write
jobs:
diff:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: azure/setup-helm@v3
- name: Run diff
id: diff
run: |
OPTIONS=(
--namespace meta-namespace
--set serviceAccount.create=true
--set priorityClassName=high
--set podAnnotations.test=annotation
--set extraEnvVars[0].name=TEST_NAME
--set extraEnvVars[0].value=TEST_VALUE
--set extraVolumes[0].name=test
--set extraVolumes[0].emptyDir.medium=Memory
--set extraVolumeMounts[0].name=test
--set extraVolumeMounts[0].mountPath=/test
--set secrets.htpasswd=abc
--set tlsSecretName=abc
--set garbageCollect.enabled=true
--set namespace=target-namespace
--set proxy.enabled=true
--set storage=s3
--set secrets.s3.secretKey=abc
--set secrets.s3.accessKey=def
--set s3.region=us-42
--set s3.bucket=abc
--set s3.encrypt=abc
)
helm template --debug ${OPTIONS[@]} --output-dir before https://github.com/twuni/docker-registry.helm/archive/refs/heads/main.tar.gz
helm template --debug ${OPTIONS[@]} --output-dir after .
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
echo 'HELM_DIFF<<EOF' >> $GITHUB_ENV
echo "$(diff -ur before after)" >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443
with:
message: |
Running a `helm template` smoketest on commit ${{ github.ref }} results in the following diff against `${{ github.base_ref }}`:
<details><summary>diff</summary><p>
```diff
${{ env.HELM_DIFF }}
```
</p></details>

4
Chart.yaml
View File

@@ -1,8 +1,8 @@
apiVersion: v1
description: A Helm chart for Docker Registry
name: docker-registry
version: 2.2.0
appVersion: 2.7.1
version: 2.2.2
appVersion: 2.8.1
home: https://hub.docker.com/_/registry/
icon: https://helm.twun.io/docker-registry.png
maintainers:

185
templates/_helpers.tpl
View File

@@ -22,3 +22,188 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "docker-registry.envs" -}}
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: haSharedSecret
{{- if .Values.secrets.htpasswd }}
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: "/auth/htpasswd"
{{- end }}
{{- if .Values.tlsSecretName }}
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /etc/ssl/docker/tls.crt
- name: REGISTRY_HTTP_TLS_KEY
value: /etc/ssl/docker/tls.key
{{- end -}}
{{- if eq .Values.storage "filesystem" }}
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: "/var/lib/registry"
{{- else if eq .Values.storage "azure" }}
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountName
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountKey
- name: REGISTRY_STORAGE_AZURE_CONTAINER
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureContainer
{{- else if eq .Values.storage "s3" }}
- name: REGISTRY_STORAGE_S3_REGION
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
- name: REGISTRY_STORAGE_S3_BUCKET
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3AccessKey
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3SecretKey
{{- end -}}
{{- if .Values.s3.regionEndpoint }}
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: {{ .Values.s3.regionEndpoint }}
{{- end -}}
{{- if .Values.s3.rootdirectory }}
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
value: {{ .Values.s3.rootdirectory | quote }}
{{- end -}}
{{- if .Values.s3.encrypt }}
- name: REGISTRY_STORAGE_S3_ENCRYPT
value: {{ .Values.s3.encrypt | quote }}
{{- end -}}
{{- if .Values.s3.secure }}
- name: REGISTRY_STORAGE_S3_SECURE
value: {{ .Values.s3.secure | quote }}
{{- end -}}
{{- else if eq .Values.storage "swift" }}
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
- name: REGISTRY_STORAGE_SWIFT_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftUsername
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftPassword
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
{{- end -}}
{{- if .Values.proxy.enabled }}
- name: REGISTRY_PROXY_REMOTEURL
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
- name: REGISTRY_PROXY_USERNAME
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyUsername
- name: REGISTRY_PROXY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyPassword
{{- end -}}
{{- if .Values.persistence.deleteEnabled }}
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
{{- end -}}
{{- with .Values.extraEnvVars }}
{{ toYaml . }}
{{- end -}}
{{- end -}}
{{- define "docker-registry.volumeMounts" -}}
- name: "{{ template "docker-registry.fullname" . }}-config"
mountPath: "/etc/docker/registry"
{{- if .Values.secrets.htpasswd }}
- name: auth
mountPath: /auth
readOnly: true
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
mountPath: /var/lib/registry/
{{- end }}
{{- if .Values.tlsSecretName }}
- mountPath: /etc/ssl/docker
name: tls-cert
readOnly: true
{{- end }}
{{- with .Values.extraVolumeMounts }}
{{ toYaml . }}
{{- end }}
{{- end -}}
{{- define "docker-registry.volumes" -}}
- name: {{ template "docker-registry.fullname" . }}-config
configMap:
name: {{ template "docker-registry.fullname" . }}-config
{{- if .Values.secrets.htpasswd }}
- name: auth
secret:
secretName: {{ template "docker-registry.fullname" . }}-secret
items:
- key: htpasswd
path: htpasswd
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}
{{- if .Values.tlsSecretName }}
- name: tls-cert
secret:
secretName: {{ .Values.tlsSecretName }}
{{- end }}
{{- with .Values.extraVolumes }}
{{ toYaml . }}
{{- end }}
{{- end -}}

167
templates/cronjob.yaml
View File

@@ -22,9 +22,9 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if $.Values.podAnnotations }}
{{ toYaml $.Values.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
template:
spec:
@@ -51,135 +51,8 @@ spec:
- garbage-collect
- --delete-untagged={{ .Values.garbageCollect.deleteUntagged }}
- /etc/docker/registry/config.yml
env:
{{- if .Values.secrets.htpasswd }}
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: "/auth/htpasswd"
{{- end }}
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: haSharedSecret
{{- if .Values.tlsSecretName }}
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /etc/ssl/docker/tls.crt
- name: REGISTRY_HTTP_TLS_KEY
value: /etc/ssl/docker/tls.key
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: "/var/lib/registry"
{{- else if eq .Values.storage "azure" }}
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountName
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountKey
- name: REGISTRY_STORAGE_AZURE_CONTAINER
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureContainer
{{- else if eq .Values.storage "s3" }}
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3AccessKey
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3SecretKey
{{- end }}
- name: REGISTRY_STORAGE_S3_REGION
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
{{- if .Values.s3.regionEndpoint }}
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: {{ .Values.s3.regionEndpoint }}
{{- end }}
- name: REGISTRY_STORAGE_S3_BUCKET
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
{{- if .Values.s3.rootdirectory }}
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
value: {{ .Values.s3.rootdirectory | quote }}
{{- end }}
{{- if .Values.s3.encrypt }}
- name: REGISTRY_STORAGE_S3_ENCRYPT
value: {{ .Values.s3.encrypt | quote }}
{{- end }}
{{- if .Values.s3.secure }}
- name: REGISTRY_STORAGE_S3_SECURE
value: {{ .Values.s3.secure | quote }}
{{- end }}
{{- else if eq .Values.storage "swift" }}
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
- name: REGISTRY_STORAGE_SWIFT_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftUsername
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftPassword
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
{{- end }}
{{- if .Values.proxy.enabled }}
- name: REGISTRY_PROXY_REMOTEURL
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
- name: REGISTRY_PROXY_USERNAME
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyUsername
- name: REGISTRY_PROXY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyPassword
{{- end }}
{{- if .Values.persistence.deleteEnabled }}
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
{{- end }}
{{- with .Values.extraEnvVars }}
{{- toYaml . | nindent 14 }}
{{- end }}
volumeMounts:
{{- if .Values.secrets.htpasswd }}
- name: auth
mountPath: /auth
readOnly: true
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
mountPath: /var/lib/registry/
{{- end }}
- name: "{{ template "docker-registry.fullname" . }}-config"
mountPath: "/etc/docker/registry"
{{- if .Values.tlsSecretName }}
- mountPath: /etc/ssl/docker
name: tls-cert
readOnly: true
{{- end }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 16 }}
{{- end }}
env: {{ include "docker-registry.envs" . | nindent 16 }}
volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 16 }}
restartPolicy: OnFailure
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
@@ -190,33 +63,5 @@ spec:
{{- if .Values.tolerations }}
tolerations: {{ toYaml .Values.tolerations | nindent 12 }}
{{- end }}
volumes:
{{- if .Values.secrets.htpasswd }}
- name: auth
secret:
secretName: {{ template "docker-registry.fullname" . }}-secret
items:
- key: htpasswd
path: htpasswd
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}
- name: {{ template "docker-registry.fullname" . }}-config
configMap:
name: {{ template "docker-registry.fullname" . }}-config
{{- if .Values.tlsSecretName }}
- name: tls-cert
secret:
secretName: {{ .Values.tlsSecretName }}
{{- end }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumes: {{ include "docker-registry.volumes" . | nindent 12 }}
{{- end }}

235
templates/deployment.yaml
View File

@@ -14,45 +14,43 @@ spec:
app: {{ template "docker-registry.name" . }}
release: {{ .Release.Name }}
replicas: {{ .Values.replicaCount }}
{{- if .Values.updateStrategy }}
strategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
{{- end }}
{{- if .Values.updateStrategy }}
strategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
minReadySeconds: 5
template:
metadata:
labels:
app: {{ template "docker-registry.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- with .Values.podLabels }}
{{ toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if $.Values.podAnnotations }}
{{ toYaml $.Values.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }}
{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }}
serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if .Values.securityContext.enabled }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
{{- with .Values.initContainers }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -63,194 +61,35 @@ spec:
- /etc/docker/registry/config.yml
ports:
- containerPort: 5000
{{- if .Values.metrics.enabled }}
{{- if .Values.metrics.enabled }}
- containerPort: {{ (split ":" .Values.configData.http.debug.addr)._1 }}
name: http-metrics
protocol: TCP
{{- end }}
{{- end }}
livenessProbe:
httpGet:
{{- if .Values.tlsSecretName }}
{{- if .Values.tlsSecretName }}
scheme: HTTPS
{{- end }}
{{- end }}
path: /
port: 5000
readinessProbe:
httpGet:
{{- if .Values.tlsSecretName }}
{{- if .Values.tlsSecretName }}
scheme: HTTPS
{{- end }}
{{- end }}
path: /
port: 5000
resources:
{{ toYaml .Values.resources | indent 12 }}
env:
{{- if .Values.secrets.htpasswd }}
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: "/auth/htpasswd"
{{- end }}
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: haSharedSecret
{{- if .Values.tlsSecretName }}
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /etc/ssl/docker/tls.crt
- name: REGISTRY_HTTP_TLS_KEY
value: /etc/ssl/docker/tls.key
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: "/var/lib/registry"
{{- else if eq .Values.storage "azure" }}
- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountName
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureAccountKey
- name: REGISTRY_STORAGE_AZURE_CONTAINER
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: azureContainer
{{- else if eq .Values.storage "s3" }}
{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }}
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3AccessKey
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: s3SecretKey
{{- end }}
- name: REGISTRY_STORAGE_S3_REGION
value: {{ required ".Values.s3.region is required" .Values.s3.region }}
{{- if .Values.s3.regionEndpoint }}
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: {{ .Values.s3.regionEndpoint }}
{{- end }}
- name: REGISTRY_STORAGE_S3_BUCKET
value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }}
{{- if .Values.s3.rootdirectory }}
- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY
value: {{ .Values.s3.rootdirectory | quote }}
{{- end }}
{{- if .Values.s3.encrypt }}
- name: REGISTRY_STORAGE_S3_ENCRYPT
value: {{ .Values.s3.encrypt | quote }}
{{- end }}
{{- if .Values.s3.secure }}
- name: REGISTRY_STORAGE_S3_SECURE
value: {{ .Values.s3.secure | quote }}
{{- end }}
{{- else if eq .Values.storage "swift" }}
- name: REGISTRY_STORAGE_SWIFT_AUTHURL
value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
- name: REGISTRY_STORAGE_SWIFT_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftUsername
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "docker-registry.fullname" . }}-secret
key: swiftPassword
- name: REGISTRY_STORAGE_SWIFT_CONTAINER
value: {{ required ".Values.swift.container is required" .Values.swift.container }}
{{- end }}
{{- if .Values.proxy.enabled }}
- name: REGISTRY_PROXY_REMOTEURL
value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }}
- name: REGISTRY_PROXY_USERNAME
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyUsername
- name: REGISTRY_PROXY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }}
key: proxyPassword
{{- end }}
{{- if .Values.persistence.deleteEnabled }}
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
{{- end }}
{{- with .Values.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.secrets.htpasswd }}
- name: auth
mountPath: /auth
readOnly: true
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
mountPath: /var/lib/registry/
{{- end }}
- name: "{{ template "docker-registry.fullname" . }}-config"
mountPath: "/etc/docker/registry"
{{- if .Values.tlsSecretName }}
- mountPath: /etc/ssl/docker
name: tls-cert
readOnly: true
{{- end }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
volumes:
{{- if .Values.secrets.htpasswd }}
- name: auth
secret:
secretName: {{ template "docker-registry.fullname" . }}-secret
items:
- key: htpasswd
path: htpasswd
{{- end }}
{{- if eq .Values.storage "filesystem" }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}
- name: {{ template "docker-registry.fullname" . }}-config
configMap:
name: {{ template "docker-registry.fullname" . }}-config
{{- if .Values.tlsSecretName }}
- name: tls-cert
secret:
secretName: {{ .Values.tlsSecretName }}
{{- end }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
resources: {{ toYaml .Values.resources | nindent 12 }}
env: {{ include "docker-registry.envs" . | nindent 12 }}
volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
{{- end }}
volumes: {{ include "docker-registry.volumes" . | nindent 8 }}

1
templates/serviceaccount.yaml
View File

@@ -7,6 +7,7 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
namespace: {{ .Values.namespace | default .Release.Namespace }}
{{- if .Values.serviceAccount.name }}
name: {{ .Values.serviceAccount.name }}
{{- else }}

2
values.yaml
View File

@@ -19,7 +19,7 @@ serviceAccount:
image:
repository: registry
tag: 2.7.1
tag: 2.8.1
pullPolicy: IfNotPresent
# imagePullSecrets:
# - name: docker