From 5614cf7832cd15a40e67f39a3c1a4f14e4924c29 Mon Sep 17 00:00:00 2001 From: "Keerthan Reddy Mala (kmala)" Date: Fri, 7 Oct 2016 16:00:04 -0600 Subject: [PATCH] feat(charts): Add helm charts for registry --- charts/registry/Chart.yaml | 7 ++ .../templates/registry-deployment.yaml | 72 +++++++++++++++++++ .../templates/registry-service-account.yaml | 8 +++ .../registry/templates/registry-service.yaml | 15 ++++ .../templates/registry-storage-secret.yaml | 27 +++++++ charts/registry/values.yaml | 55 ++++++++++++++ 6 files changed, 184 insertions(+) create mode 100644 charts/registry/Chart.yaml create mode 100644 charts/registry/templates/registry-deployment.yaml create mode 100644 charts/registry/templates/registry-service-account.yaml create mode 100644 charts/registry/templates/registry-service.yaml create mode 100644 charts/registry/templates/registry-storage-secret.yaml create mode 100644 charts/registry/values.yaml diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml new file mode 100644 index 0000000..3a08566 --- /dev/null +++ b/charts/registry/Chart.yaml @@ -0,0 +1,7 @@ +name: registry +home: https://github.com/deis/registry +version: +description: Docker registry for Deis Workflow. +maintainers: + - name: Deis Team + email: engineering@deis.com diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml new file mode 100644 index 0000000..a55fbe9 --- /dev/null +++ b/charts/registry/templates/registry-deployment.yaml @@ -0,0 +1,72 @@ +{{- if eq .Values.global.registry_location "on-cluster" }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: deis-registry + labels: + heritage: deis + annotations: + component.deis.io/version: {{ .Values.docker_tag }} +spec: + replicas: 1 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: deis-registry + template: + metadata: + labels: + app: deis-registry + spec: + serviceAccount: deis-registry + containers: + - name: deis-registry + image: quay.io/{{.Values.org}}/registry:{{.Values.docker_tag}} + imagePullPolicy: {{.Values.pull_policy}} +{{- if or (.Values.limits_cpu) (.Values.limits_memory)}} + resources: + limits: +{{- if (.Values.limits_cpu) }} + cpu: {{.Values.limits_cpu}} +{{- end}} +{{- if (.Values.limits_memory) }} + memory: {{.Values.limits_memory}} +{{- end}} +{{- end}} + livenessProbe: + httpGet: + path: /v2/ + port: 5000 + initialDelaySeconds: 1 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /v2/ + port: 5000 + initialDelaySeconds: 1 + timeoutSeconds: 1 + env: + - name: REGISTRY_STORAGE_DELETE_ENABLED + value: "true" + - name: REGISTRY_LOG_LEVEL + value: info + - name: REGISTRY_STORAGE + value: "{{ .Values.global.storage }}" + ports: + - containerPort: 5000 + volumeMounts: + - name: registry-storage + mountPath: /var/lib/registry + - name: registry-creds + mountPath: /var/run/secrets/deis/registry/creds + volumes: + - name: registry-storage + emptyDir: {} + - name: registry-creds + secret: + secretName: registry-storage-keyfile +{{- end }} diff --git a/charts/registry/templates/registry-service-account.yaml b/charts/registry/templates/registry-service-account.yaml new file mode 100644 index 0000000..a253818 --- /dev/null +++ b/charts/registry/templates/registry-service-account.yaml @@ -0,0 +1,8 @@ +{{- if eq .Values.global.registry_location "on-cluster" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: deis-registry + labels: + heritage: deis +{{- end }} diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml new file mode 100644 index 0000000..86222c1 --- /dev/null +++ b/charts/registry/templates/registry-service.yaml @@ -0,0 +1,15 @@ +{{- if eq .Values.global.registry_location "on-cluster" }} +apiVersion: v1 +kind: Service +metadata: + name: deis-registry + labels: + heritage: deis +spec: + ports: + - name: http + port: 80 + targetPort: 5000 + selector: + app: deis-registry +{{- end }} diff --git a/charts/registry/templates/registry-storage-secret.yaml b/charts/registry/templates/registry-storage-secret.yaml new file mode 100644 index 0000000..f4b5f08 --- /dev/null +++ b/charts/registry/templates/registry-storage-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: registry-storage-keyfile + labels: + heritage: deis + annotations: + deis.io/objectstorage: "{{ .Values.global.storage }}" +type: Opaque +data: {{ if eq .Values.global.storage "gcs"}} + key.json: {{.Values.gcs.key_json | b64enc}} + registry-bucket: {{.Values.gcs.registry_bucket | b64enc}}{{ else if eq .Values.global.storage "azure"}} + accountname: {{.Values.azure.accountname | b64enc }} + accountkey: {{ .Values.azure.accountkey | b64enc }} + registry-container: {{ .Values.azure.registry_container | b64enc }}{{ else if eq .Values.global.storage "s3"}} + accesskey: {{ .Values.s3.accesskey | b64enc }} + secretkey: {{ .Values.s3.secretkey | b64enc }} + region: {{ .Values.s3.region | b64enc }} + registry-bucket: {{ .Values.s3.registry_bucket | b64enc }}{{ else if eq .Values.global.storage "swift"}} + username: {{ .swift.username | b64enc }} + password: {{ .swift.password | b64enc }} + authurl: {{ .swift.authurl | b64enc }} + tenant: {{ .swift.tenant | b64enc }} + authversion: {{ .swift.authversion | b64enc }} + registry-container: {{ .swift.registry_container | b64enc }}{{else if eq .Values.global.storage "minio"}} + accesskey: OFRaUlkySlJXTVBUNlVNWFI2STU= + secretkey: Z2JzdHJPdm90TU1jZzJzTWZHVWhBNWE2RXQvRUk1QUx0SUhzb2JZaw=={{ end }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml new file mode 100644 index 0000000..306a35b --- /dev/null +++ b/charts/registry/values.yaml @@ -0,0 +1,55 @@ +org: "deisci" +pull_policy: "Always" +docker_tag: canary +# limits_cpu: "100m" +# limits_memory: "50Mi" + +global: + # Set the storage backend + # + # Valid values are: + # - s3: Store persistent data in AWS S3 (configure in S3 section) + # - azure: Store persistent data in Azure's object storage + # - gcs: Store persistent data in Google Cloud Storage + # - minio: Store persistent data on in-cluster Minio server + storage: "" + + # Set the location of Workflow's Registry + # + # Valid values are: + # - on-cluster: Run registry within the Kubernetes cluster + # - off-cluster: Use registry outside the Kubernetes cluster (example: dockerhub,quay.io,self-hosted) + # - ecr: Use Amazon's ECR + # - gcr: Use Google's GCR + registry_location: "on-cluster" + + +s3: + # Your AWS access key. Leave it empty if you want to use IAM credentials. + accesskey: "" + # Your AWS secret key. Leave it empty if you want to use IAM credentials. + secretkey: "" + # Any S3 region + region: "us-west-1" + # Your buckets. + registry_bucket: "your-registry-bucket-name" + +azure: + accountname: "YOUR ACCOUNT NAME" + accountkey: "YOUR ACCOUNT KEY" + registry_container: "your-registry-container-name" + +gcs: + # key_json is expanded into a JSON file on the remote server. It must be + # well-formatted JSON data. + key_json: '' + registry_bucket: "your-registry-bucket-name" + +swift: + username: "Your OpenStack Swift Username" + password: "Your OpenStack Swift Password" + authurl: "Swift auth URL for obtaining an auth token" + # Your OpenStack tenant name if you are using auth version 2 or 3. + tenant: "" + authversion: "Your OpenStack swift auth version" + registry_container: "your-registry-container-name"