Blame - core/installer/values-tmpl/zot.cue - pcloud

blob: 6b86890a1e328e1d20b92ec78b246d47f51f6e46 [file] [log] [blame]

gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	1	import (
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	2	"encoding/yaml"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	3	"encoding/json"
				4	)
				5
				6	input: {
gio	44f621b	2024-04-29 09:44:38 +0400	[diff] [blame]	7	network: #Network @name(Network)
				8	subdomain: string @name(Subdomain)
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	9	}
				10
				11	_domain: "\(input.subdomain).\(input.network.domain)"
gio	09a3e5b	2024-04-26 14:11:06 +0400	[diff] [blame]	12	url: "https://\(_domain)"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	13
gio	44f621b	2024-04-29 09:44:38 +0400	[diff] [blame]	14	name: "Zot"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	15	namespace: "app-zot"
				16	readme: "OCI-native container image registry, simplified"
				17	description: "OCI-native container image registry, simplified"
				18	icon: "<svg xmlns='http://www.w3.org/2000/svg' width='50' height='50' viewBox='0 0 24 24'><path fill='currentColor' d='M21.231 2.462L7.18 20.923h14.564V24H2.256v-2.462L16.308 3.076H2.975V0h18.256z'/></svg>"
				19
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	20	ingress: {
				21	zot: {
				22	auth: enabled: false
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	23	network: input.network
				24	subdomain: input.subdomain
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	25	service: {
				26	name: "zot"
				27	port: number: _httpPort // TODO(gio): make optional
				28	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	29	}
				30	}
				31
				32	// TODO(gio): configure busybox
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	33	images: {
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	34	zot: {
				35	registry: "ghcr.io"
				36	repository: "project-zot"
				37	name: "zot-linux-amd64"
				38	tag: "v2.0.3"
				39	pullPolicy: "IfNotPresent"
				40	}
				41	}
				42
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	43	charts: {
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	44	zot: {
gio	f884341	2024-05-22 16:38:05 +0400	[diff] [blame]	45	kind: "GitRepository"
				46	address: "https://github.com/giolekva/pcloud.git"
				47	branch: "main"
				48	path: "charts/zot"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	49	}
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	50	oauth2Client: {
				51	kind: "GitRepository"
				52	address: "https://github.com/giolekva/pcloud.git"
				53	branch: "main"
				54	path: "charts/oauth2-client"
				55	}
				56	resourceRenderer: {
				57	kind: "GitRepository"
				58	address: "https://github.com/giolekva/pcloud.git"
				59	branch: "main"
				60	path: "charts/resource-renderer"
				61	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	62	}
				63
gio	01cf5cb	2024-06-28 00:18:18 +0400	[diff] [blame]	64	volumes: zot: size: "100Gi"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	65
				66	_httpPort: 80
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	67	_oauth2ClientSecretName: "oauth2-client"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	68
gio	1de4958	2024-04-21 08:33:57 +0400	[diff] [blame]	69	helm: {
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	70	"oauth2-client": {
				71	chart: charts.oauth2Client
				72	info: "Creating OAuth2 client"
				73	// TODO(gio): remove once hydra maester is installed as part of dodo itself
				74	dependsOn: [{
				75	name: "auth"
				76	namespace: "\(global.namespacePrefix)core-auth"
				77	}]
				78	values: {
				79	name: "\(release.namespace)-zot"
				80	secretName: _oauth2ClientSecretName
				81	grantTypes: ["authorization_code"]
				82	responseTypes: ["code"]
				83	scope: "openid profile email groups"
				84	redirectUris: ["https://\(_domain)/zot/auth/callback/oidc"]
				85	hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
				86	}
				87	}
				88	"config-renderer": {
				89	chart: charts.resourceRenderer
				90	info: "Generating Zot configuration"
				91	values: {
				92	name: "config-renderer"
				93	secretName: _oauth2ClientSecretName
				94	resourceTemplate: yaml.Marshal({
				95	apiVersion: "v1"
				96	kind: "ConfigMap"
				97	metadata: {
				98	name: _zotConfigMapName
				99	namespace: "\(release.namespace)"
				100	}
				101	data: {
				102	"config.json": json.Marshal({
				103	storage: rootDirectory: "/var/lib/registry"
				104	http: {
				105	address: "0.0.0.0"
				106	port: "5000"
				107	externalUrl: url
				108	auth: openid: providers: oidc: {
				109	name: "dodo:"
				110	issuer: "https://hydra.\(networks.public.domain)"
				111	clientid: "{{ .client_id }}"
				112	clientsecret: "{{ .client_secret }}"
				113	keypath: ""
				114	scopes: ["openid", "profile", "email", "groups"]
				115	}
				116	accessControl: {
				117	repositories: {
				118	"**": {
				119	defaultPolicy: ["read", "create", "update", "delete"]
				120	anonymousPolicy: ["read"]
				121	}
				122	}
				123	}
				124	}
				125	log: level: "debug"
				126	extensions: {
				127	ui: enable: true
				128	search: enable: true
				129	}
				130	})
				131	}
				132	})
				133	}
				134	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	135	zot: {
				136	chart: charts.zot
gio	f9f0bee	2024-06-11 20:10:05 +0400	[diff] [blame]	137	info: "Installing Zot server"
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	138	values: {
				139	image: {
				140	repository: images.zot.fullName
				141	tag: images.zot.tag
				142	pullPolicy: images.zot.pullPolicy
				143	}
				144	service: {
				145	type: "ClusterIP"
				146	additionalAnnotations: {
				147	"metallb.universe.tf/address-pool": global.id
				148	}
				149	port: _httpPort
				150	}
				151	ingress: enabled: false
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	152	mountConfig: false
gio	f884341	2024-05-22 16:38:05 +0400	[diff] [blame]	153	persistence: true
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	154	pvc: {
				155	create: false
				156	name: volumes.zot.name
				157	}
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	158	extraVolumes: [{
				159	name: "config"
				160	configMap: name: _zotConfigMapName
				161	}]
				162	extraVolumeMounts: [{
				163	name: "config"
				164	mountPath: "/etc/zot"
				165	}]
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	166	startupProbe: {}
				167	}
				168	}
gio	4a9d83d	2024-04-14 13:14:40 +0400	[diff] [blame]	169	}
gio	4699440	2024-07-31 18:11:00 +0400	[diff] [blame]	170
				171	_zotConfigMapName: "zot-config"
				172
				173	help: [{
				174	title: "Authenticate"
				175	contents: """
				176	First generate new API key.
				177	docker login \\-\\-username=\\<YOUR-USERNAME\\>@\(networks.public.domain) \\-\\-password=\\<YOUR-API-KEY\\> \(_domain)
				178	docker build \\-\\-tag=\(_domain)/\\<IMAGE-NAME\\>:\\<IMAGE-TAG\\> .
				179	docker push \\-\\-tag=\(_domain)/\\<IMAGE-NAME\\>:\\<IMAGE-TAG\\>
				180	"""
				181	}]