commit 4a9d83d0879fb97b0edaa6af5f84ea5d22168d3e
author gio <gio@v0.dodo.cloud> Sun Apr 14 13:14:40 2024 +0400
committer gio <gio@v0.dodo.cloud> Mon Apr 15 08:53:12 2024 +0000
tree b7f635f816dbbb7c893c42eae6ab2097d55b8a5d
parent eb8345cf25b1659a7d83b42d6fc0fe820032db24

zot: helm chart and app cue configuration

Zot OCI registry: https://zotregistry.dev/

Change-Id: I40ec7383cdc6450613deae862d92d25cc647c892

charts/zot/templates/deployment.yaml

diff --git a/charts/zot/templates/deployment.yaml b/charts/zot/templates/deployment.yaml
new file mode 100644
index 0000000..8918bc0
--- /dev/null
+++ b/charts/zot/templates/deployment.yaml
@@ -0,0 +1,146 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "zot.fullname" . }}
+  labels:
+    {{- include "zot.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  {{- with .Values.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "zot.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- if and .Values.mountConfig .Values.configFiles }}
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.forceRoll }}
+        rollme: {{ randAlphaNum 5 | quote }}
+        {{- end }}
+      labels:
+        {{- include "zot.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "zot.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            {{- toYaml .Values.env | nindent 12 }}
+          ports:
+            - name: zot
+              containerPort: 5000
+              protocol: TCP
+          {{- if or (not (empty .Values.extraVolumeMounts)) .Values.mountConfig .Values.mountSecret .Values.persistence .Values.externalSecrets }}
+          volumeMounts:
+          {{- if .Values.mountConfig }}
+            - mountPath: '/etc/zot'
+              name: {{ .Release.Name }}-config
+          {{- end }}
+          {{- if .Values.mountSecret }}
+            - mountPath: '/secret'
+              name: {{ .Release.Name }}-secret
+          {{- end }}
+          {{- range .Values.externalSecrets }}
+            - mountPath: {{ .mountPath | quote }}
+              name: {{ .secretName | quote }}
+          {{- end }}
+          {{- if .Values.persistence }}
+            - mountPath: '/var/lib/registry'
+              name: {{ .Release.Name }}-volume
+          {{- end }}
+          {{- with .Values.extraVolumeMounts }}
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- end }}
+          livenessProbe:
+            initialDelaySeconds: 5
+            httpGet:
+              path: /v2/
+              port: 5000
+              scheme: {{ .Values.httpGet.scheme }}
+              {{- if .Values.authHeader }}
+              httpHeaders:
+                - name: Authorization
+                  value: Basic {{ .Values.authHeader }}
+              {{- end }}
+          readinessProbe:
+            initialDelaySeconds: 5
+            httpGet:
+              path: /v2/
+              port: 5000
+              scheme: {{ .Values.httpGet.scheme }}
+              {{- if .Values.authHeader }}
+              httpHeaders:
+                - name: Authorization
+                  value: Basic {{ .Values.authHeader }}
+              {{- end }}
+          startupProbe:
+            initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.startupProbe.periodSeconds }}
+            failureThreshold: {{ .Values.startupProbe.failureThreshold }}
+            httpGet:
+              path: /v2/
+              port: 5000
+              scheme: {{ .Values.httpGet.scheme }}
+              {{- if .Values.authHeader }}
+              httpHeaders:
+                - name: Authorization
+                  value: Basic {{ .Values.authHeader }}
+              {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- if or .Values.mountConfig .Values.mountSecret .Values.persistence .Values.externalSecrets (not (empty .Values.extraVolumes))}}
+      volumes:
+      {{- if .Values.mountConfig }}
+        - name: {{ .Release.Name }}-config
+          configMap:
+            name: {{ .Release.Name }}-config
+      {{- end }}
+      {{- if .Values.mountSecret }}
+        - name: {{ .Release.Name }}-secret
+          secret:
+            secretName: {{ .Release.Name }}-secret
+      {{- end }}
+      {{- range .Values.externalSecrets }}
+        - name: {{ .secretName }}
+          secret:
+            secretName: {{ .secretName }}
+      {{- end }}
+      {{- if .Values.persistence }}
+        - name: {{ .Release.Name }}-volume
+          persistentVolumeClaim:
+            claimName: {{ .Values.pvc.name | default (printf "%s-pvc" .Release.Name) }}
+      {{- end }}
+      {{- with .Values.extraVolumes }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}