Blame - core/installer/values-tmpl/zot.cue - pcloud

blob: 6c3336541f68241cba0aa3a016dbea0aa598ca8f [file] [log] [blame]

gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	1	import (
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	2	"encoding/yaml"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	3	"encoding/json"
				4	)
				5
				6	input: {
gio	44f621b	2024-04-29 09:44:38 +0400	[diff] [blame]	7	network: #Network @name(Network)
				8	subdomain: string @name(Subdomain)
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	9	}
				10
				11	_domain: "\(input.subdomain).\(input.network.domain)"
gio	09a3e5b	2024-04-26 14:11:06 +0400	[diff] [blame]	12	url: "https://\(_domain)"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	13
gio	44f621b	2024-04-29 09:44:38 +0400	[diff] [blame]	14	name: "Zot"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	15	namespace: "app-zot"
				16	readme: "OCI-native container image registry, simplified"
				17	description: "OCI-native container image registry, simplified"
gio	8c942d2	2024-07-17 13:43:02 +0400	[diff] [blame]	18	icon: """
				19	<svg width='50px' height='50px' xmlns='http://www.w3.org/2000/svg' viewBox='0 0 39.68503937 36.27146462'>
				20	<defs>
				21	<style>
				22	.cls-1 {
				23	fill: currentColor;
				24	}
				25
				26	.cls-2 {
				27	fill: none;
				28	stroke: #3a3a3a;
				29	stroke-miterlimit: 10;
				30	stroke-width: .98133445px;
				31	}
				32	</style>
				33	</defs>
				34	<rect class='cls-2' x='-9.97439025' y='-11.68117763' width='59.63381987' height='59.63381987'/>
				35	<g>
				36	<path class='cls-1' d='m29.74314495,24.98575641c-.75549716.74180664-1.41447384,1.43782557-2.10953123,2.09286451,1.88242421.2298085,3.61301638.54546895,5.1121059.94080001,3.75092895.97523237,4.57602343,2.025465,4.57602343,2.25055737,0,.22504658-.82509448,1.27527921-4.57602343,2.25055737-3.45092789.90018632-8.02713447,1.3878254-12.90334211,1.3878254-1.50330199,0-2.98132917-.04670346-4.40734152-.13717997,3.86411616-1.46447402,11.01249296-5.7430605,20.91142889-17.34213977C25.02701114,26.53182412,10.52274765,29.31182475,2.37253582,30.22290854c.09505528-.29812376,1.02930765-1.28379573,4.56668274-2.20348761.98370309-.2566401,2.06154572-.47848154,3.20898565-.66630271,2.60660258-.52536815,7.09562936-1.84945706,10.511026-3.07968117-.27252843-.00302199-.54505686-.00494507-.81685269-.00494507-9.56486882,0-19.84237751,1.87546447-19.84237751,6.00148632s10.27750869,6.00148632,19.84237751,6.00148632,19.87992343-1.87546447,19.84256066-6.00148632c0-2.67107167-4.30917267-4.3977261-9.94179322-5.28422189Z'/>
				37	<path class='cls-1' d='m19.84237751,12.00297264c4.12895226,0,8.39600024-.35036753,11.91139722-1.07953677-.06043977,4.29255173-6.00643139,9.89499819-8.79288808,11.37302537,3.02968099-1.43677245,16.76031538-5.95079933,16.72405152-16.29497492C39.68493817,1.87546447,29.40724633,0,19.84237751,0S0,1.87546447,0,6.00148632s10.27750869,6.00148632,19.84237751,6.00148632ZM6.93921856,3.75092895c3.45092789-.90027789,8.02695132-1.38787118,12.90315895-1.38787118s9.48996013.48759329,12.90334211,1.38787118c3.75092895.97518658,4.57602343,2.025465,4.57602343,2.25055737,0,.22500079-.82509448,1.27527921-4.57602343,2.25055737-3.45092789.90018632-8.02713447,1.3878254-12.90334211,1.3878254s-9.48977698-.48763908-12.90315895-1.3878254c-3.75092895-.97527816-4.57602343-2.02555658-4.57602343-2.25055737,0-.22509237.82509448-1.27537079,4.57602343-2.25055737Z'/>
				38	<path class='cls-1' d='m22.96088665,22.29646124c-.10128241.0480313-.19120946.09281168-.26776651.13406641.08553144-.03988109.17490904-.08484462.26776651-.13406641Z'/>
				39	</g>
				40	</svg>"""
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	41
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	42	ingress: {
				43	zot: {
				44	auth: enabled: false
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	45	network: input.network
				46	subdomain: input.subdomain
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	47	service: {
				48	name: "zot"
				49	port: number: _httpPort // TODO(gio): make optional
				50	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	51	}
				52	}
				53
				54	// TODO(gio): configure busybox
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	55	images: {
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	56	zot: {
				57	registry: "ghcr.io"
				58	repository: "project-zot"
				59	name: "zot-linux-amd64"
				60	tag: "v2.0.3"
				61	pullPolicy: "IfNotPresent"
				62	}
				63	}
				64
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	65	charts: {
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	66	zot: {
gio	f884341	2024-05-22 16:38:05 +0400	[diff] [blame]	67	kind: "GitRepository"
				68	address: "https://github.com/giolekva/pcloud.git"
				69	branch: "main"
				70	path: "charts/zot"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	71	}
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	72	oauth2Client: {
				73	kind: "GitRepository"
				74	address: "https://github.com/giolekva/pcloud.git"
				75	branch: "main"
				76	path: "charts/oauth2-client"
				77	}
				78	resourceRenderer: {
				79	kind: "GitRepository"
				80	address: "https://github.com/giolekva/pcloud.git"
				81	branch: "main"
				82	path: "charts/resource-renderer"
				83	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	84	}
				85
gio	01cf5cb	2024-06-28 00:18:18 +0400	[diff] [blame]	86	volumes: zot: size: "100Gi"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	87
				88	_httpPort: 80
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	89	_oauth2ClientSecretName: "oauth2-client"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	90
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	91	helm: {
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	92	"oauth2-client": {
				93	chart: charts.oauth2Client
				94	info: "Creating OAuth2 client"
				95	// TODO(gio): remove once hydra maester is installed as part of dodo itself
				96	dependsOn: [{
				97	name: "auth"
				98	namespace: "\(global.namespacePrefix)core-auth"
				99	}]
				100	values: {
				101	name: "\(release.namespace)-zot"
				102	secretName: _oauth2ClientSecretName
				103	grantTypes: ["authorization_code"]
				104	responseTypes: ["code"]
				105	scope: "openid profile email groups"
				106	redirectUris: ["https://\(_domain)/zot/auth/callback/oidc"]
				107	hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
				108	}
				109	}
				110	"config-renderer": {
				111	chart: charts.resourceRenderer
				112	info: "Generating Zot configuration"
				113	values: {
				114	name: "config-renderer"
				115	secretName: _oauth2ClientSecretName
				116	resourceTemplate: yaml.Marshal({
				117	apiVersion: "v1"
				118	kind: "ConfigMap"
				119	metadata: {
				120	name: _zotConfigMapName
				121	namespace: "\(release.namespace)"
				122	}
				123	data: {
				124	"config.json": json.Marshal({
				125	storage: rootDirectory: "/var/lib/registry"
				126	http: {
				127	address: "0.0.0.0"
				128	port: "5000"
				129	externalUrl: url
				130	auth: openid: providers: oidc: {
				131	name: "dodo:"
				132	issuer: "https://hydra.\(networks.public.domain)"
				133	clientid: "{{ .client_id }}"
				134	clientsecret: "{{ .client_secret }}"
				135	keypath: ""
				136	scopes: ["openid", "profile", "email", "groups"]
				137	}
				138	accessControl: {
				139	repositories: {
				140	"**": {
				141	defaultPolicy: ["read", "create", "update", "delete"]
				142	anonymousPolicy: ["read"]
				143	}
				144	}
				145	}
				146	}
				147	log: level: "debug"
				148	extensions: {
				149	ui: enable: true
				150	search: enable: true
				151	}
				152	})
				153	}
				154	})
				155	}
				156	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	157	zot: {
				158	chart: charts.zot
gio	f9f0bee	2024-06-11 20:10:05 +0400	[diff] [blame]	159	info: "Installing Zot server"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	160	values: {
				161	image: {
				162	repository: images.zot.fullName
				163	tag: images.zot.tag
				164	pullPolicy: images.zot.pullPolicy
				165	}
				166	service: {
				167	type: "ClusterIP"
				168	additionalAnnotations: {
				169	"metallb.universe.tf/address-pool": global.id
				170	}
				171	port: _httpPort
				172	}
				173	ingress: enabled: false
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	174	mountConfig: false
gio	f884341	2024-05-22 16:38:05 +0400	[diff] [blame]	175	persistence: true
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	176	pvc: {
				177	create: false
				178	name: volumes.zot.name
				179	}
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	180	extraVolumes: [{
				181	name: "config"
				182	configMap: name: _zotConfigMapName
				183	}]
				184	extraVolumeMounts: [{
				185	name: "config"
				186	mountPath: "/etc/zot"
				187	}]
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	188	startupProbe: {}
				189	}
				190	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	191	}
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	192
				193	_zotConfigMapName: "zot-config"
				194
				195	help: [{
				196	title: "Authenticate"
				197	contents: """
				198	First generate new API key.
				199	docker login \\-\\-username=\\<YOUR-USERNAME\\>@\(networks.public.domain) \\-\\-password=\\<YOUR-API-KEY\\> \(_domain)
				200	docker build \\-\\-tag=\(_domain)/\\<IMAGE-NAME\\>:\\<IMAGE-TAG\\> .
				201	docker push \\-\\-tag=\(_domain)/\\<IMAGE-NAME\\>:\\<IMAGE-TAG\\>
				202	"""
				203	}]