Blame - core/installer/values-tmpl/zot.cue - pcloud

blob: 4e659cedaf2f18f4c787ea327fc4a718f3f1c612 [file] [log] [blame]

gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	1	import (
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	2	"encoding/yaml"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	3	"encoding/json"
				4	)
				5
				6	input: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	7	network: #Network @name(Network)
				8	subdomain: string @name(Subdomain)
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	9	}
				10
				11	_domain: "\(input.subdomain).\(input.network.domain)"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	12	url: "https://\(_domain)"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	13
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	14	name: "Zot"
				15	namespace: "app-zot"
				16	readme: "OCI-native container image registry, simplified"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	17	description: "OCI-native container image registry, simplified"
gio	8c942d2	2024-07-17 13:43:02 +0400	[diff] [blame]	18	icon: """
gio	d2d2df0	2025-05-03 19:15:17 +0400	[diff] [blame]	19	<svg width='50px' height='50px' xmlns='http://www.w3.org/2000/svg' viewBox='0 0 39.68503937 36.27146462'>
				20	<defs>
				21	<style>
				22	.cls-1 {
				23	fill: currentColor;
				24	}
				25
				26	.cls-2 {
				27	fill: none;
				28	stroke: #3a3a3a;
				29	stroke-miterlimit: 10;
				30	stroke-width: .98133445px;
				31	}
				32	</style>
				33	</defs>
				34	<rect class='cls-2' x='-9.97439025' y='-11.68117763' width='59.63381987' height='59.63381987'/>
				35	<g>
				36	<path class='cls-1' d='m29.74314495,24.98575641c-.75549716.74180664-1.41447384,1.43782557-2.10953123,2.09286451,1.88242421.2298085,3.61301638.54546895,5.1121059.94080001,3.75092895.97523237,4.57602343,2.025465,4.57602343,2.25055737,0,.22504658-.82509448,1.27527921-4.57602343,2.25055737-3.45092789.90018632-8.02713447,1.3878254-12.90334211,1.3878254-1.50330199,0-2.98132917-.04670346-4.40734152-.13717997,3.86411616-1.46447402,11.01249296-5.7430605,20.91142889-17.34213977C25.02701114,26.53182412,10.52274765,29.31182475,2.37253582,30.22290854c.09505528-.29812376,1.02930765-1.28379573,4.56668274-2.20348761.98370309-.2566401,2.06154572-.47848154,3.20898565-.66630271,2.60660258-.52536815,7.09562936-1.84945706,10.511026-3.07968117-.27252843-.00302199-.54505686-.00494507-.81685269-.00494507-9.56486882,0-19.84237751,1.87546447-19.84237751,6.00148632s10.27750869,6.00148632,19.84237751,6.00148632,19.87992343-1.87546447,19.84256066-6.00148632c0-2.67107167-4.30917267-4.3977261-9.94179322-5.28422189Z'/>
				37	<path class='cls-1' d='m19.84237751,12.00297264c4.12895226,0,8.39600024-.35036753,11.91139722-1.07953677-.06043977,4.29255173-6.00643139,9.89499819-8.79288808,11.37302537,3.02968099-1.43677245,16.76031538-5.95079933,16.72405152-16.29497492C39.68493817,1.87546447,29.40724633,0,19.84237751,0S0,1.87546447,0,6.00148632s10.27750869,6.00148632,19.84237751,6.00148632ZM6.93921856,3.75092895c3.45092789-.90027789,8.02695132-1.38787118,12.90315895-1.38787118s9.48996013.48759329,12.90334211,1.38787118c3.75092895.97518658,4.57602343,2.025465,4.57602343,2.25055737,0,.22500079-.82509448,1.27527921-4.57602343,2.25055737-3.45092789.90018632-8.02713447,1.3878254-12.90334211,1.3878254s-9.48977698-.48763908-12.90315895-1.3878254c-3.75092895-.97527816-4.57602343-2.02555658-4.57602343-2.25055737,0-.22509237.82509448-1.27537079,4.57602343-2.25055737Z'/>
				38	<path class='cls-1' d='m22.96088665,22.29646124c-.10128241.0480313-.19120946.09281168-.26776651.13406641.08553144-.03988109.17490904-.08484462.26776651-.13406641Z'/>
				39	</g>
				40	</svg>"""
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	41
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	42	out: {
				43	ingress: {
				44	zot: {
				45	auth: enabled: false
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	46	network: input.network
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	47	subdomain: input.subdomain
				48	service: {
				49	name: "zot"
gio	24312cc	2025-04-20 15:53:15 +0400	[diff] [blame]	50	port: _httpPort
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	51	}
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	52	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	53	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	54
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	55	// TODO(gio): configure busybox
				56	images: {
				57	zot: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	58	registry: "ghcr.io"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	59	repository: "project-zot"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	60	name: "zot-linux-amd64"
				61	tag: "v2.0.3"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	62	pullPolicy: "IfNotPresent"
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	63	}
				64	}
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	65
				66	charts: {
				67	zot: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	68	kind: "GitRepository"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	69	address: "https://code.v1.dodo.cloud/helm-charts"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	70	branch: "main"
				71	path: "charts/zot"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	72	}
				73	oauth2Client: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	74	kind: "GitRepository"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	75	address: "https://code.v1.dodo.cloud/helm-charts"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	76	branch: "main"
				77	path: "charts/oauth2-client"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	78	}
				79	resourceRenderer: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	80	kind: "GitRepository"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	81	address: "https://code.v1.dodo.cloud/helm-charts"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	82	branch: "main"
				83	path: "charts/resource-renderer"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	84	}
				85	}
				86
gio	fc441e3	2024-11-11 16:26:14 +0400	[diff] [blame]	87	volume: zot: size: "100Gi"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	88
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	89	_httpPort: 80
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	90	_oauth2ClientSecretName: "oauth2-client"
				91
				92	helm: {
				93	"oauth2-client": {
				94	chart: charts.oauth2Client
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	95	info: "Creating OAuth2 client"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	96	// TODO(gio): remove once hydra maester is installed as part of dodo itself
				97	dependsOn: [{
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	98	name: "auth"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	99	namespace: "\(global.namespacePrefix)core-auth"
				100	}]
				101	values: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	102	name: "\(release.namespace)-zot"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	103	secretName: _oauth2ClientSecretName
				104	grantTypes: ["authorization_code"]
				105	responseTypes: ["code"]
				106	scope: "openid profile email groups"
				107	redirectUris: ["https://\(_domain)/zot/auth/callback/oidc"]
				108	hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
				109	}
				110	}
				111	"config-renderer": {
				112	chart: charts.resourceRenderer
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	113	info: "Generating Zot configuration"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	114	values: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	115	name: "config-renderer"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	116	secretName: _oauth2ClientSecretName
				117	resourceTemplate: yaml.Marshal({
				118	apiVersion: "v1"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	119	kind: "ConfigMap"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	120	metadata: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	121	name: _zotConfigMapName
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	122	namespace: "\(release.namespace)"
				123	}
				124	data: {
				125	"config.json": json.Marshal({
				126	storage: rootDirectory: "/var/lib/registry"
				127	http: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	128	address: "0.0.0.0"
				129	port: "5000"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	130	externalUrl: url
				131	auth: openid: providers: oidc: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	132	name: "dodo:"
				133	issuer: "https://hydra.\(networks.public.domain)"
				134	clientid: "{{ .client_id }}"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	135	clientsecret: "{{ .client_secret }}"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	136	keypath: ""
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	137	scopes: ["openid", "profile", "email", "groups"]
				138	}
				139	accessControl: {
				140	repositories: {
				141	"**": {
				142	defaultPolicy: ["read", "create", "update", "delete"]
				143	anonymousPolicy: ["read"]
				144	}
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	145	}
				146	}
				147	}
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	148	log: level: "debug"
				149	extensions: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	150	ui: enable: true
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	151	search: enable: true
				152	}
				153	})
				154	}
				155	})
				156	}
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	157	}
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	158	zot: {
				159	chart: charts.zot
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	160	info: "Installing Zot server"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	161	values: {
				162	image: {
				163	repository: images.zot.fullName
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	164	tag: images.zot.tag
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	165	pullPolicy: images.zot.pullPolicy
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	166	}
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	167	service: {
				168	type: "ClusterIP"
				169	additionalAnnotations: {
				170	"metallb.universe.tf/address-pool": global.id
				171	}
				172	port: _httpPort
				173	}
				174	ingress: enabled: false
				175	mountConfig: false
				176	persistence: true
				177	pvc: {
				178	create: false
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	179	name: volume.zot.name
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	180	}
				181	extraVolumes: [{
				182	name: "config"
				183	configMap: name: _zotConfigMapName
				184	}]
				185	extraVolumeMounts: [{
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	186	name: "config"
gio	7fbd4ad	2024-08-27 10:06:39 +0400	[diff] [blame]	187	mountPath: "/etc/zot"
				188	}]
				189	startupProbe: {}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	190	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	191	}
				192	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	193	}
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	194
				195	_zotConfigMapName: "zot-config"
				196
				197	help: [{
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	198	title: "Authenticate"
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	199	contents: """
				200	First generate new API key.
				201	docker login \\-\\-username=\\<YOUR-USERNAME\\>@\(networks.public.domain) \\-\\-password=\\<YOUR-API-KEY\\> \(_domain)
				202	docker build \\-\\-tag=\(_domain)/\\<IMAGE-NAME\\>:\\<IMAGE-TAG\\> .
				203	docker push \\-\\-tag=\(_domain)/\\<IMAGE-NAME\\>:\\<IMAGE-TAG\\>
				204	"""
				205	}]