add zot
This commit is contained in:
parent
a30d4b9de5
commit
3742d603ac
2
htpasswd
Normal file
2
htpasswd
Normal file
@ -0,0 +1,2 @@
|
||||
bstein:$2y$05$eBWujs/sCl2sj2nm.bN2CeBll9erbu4Z/XCLBd572yPADtgiuWh5.
|
||||
|
||||
16
infrastructure/flux-system/kustomization-zot.yaml
Normal file
16
infrastructure/flux-system/kustomization-zot.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
# infrastructure/flux-system/kustomization-zot.yaml
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: zot
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m
|
||||
path: ./services/zot
|
||||
targetNamespace: zot
|
||||
prune: false
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
namespace: flux-system
|
||||
wait: true
|
||||
@ -4,6 +4,7 @@ kind: Kustomization
|
||||
resources:
|
||||
- gotk-components.yaml
|
||||
- gotk-sync.yaml
|
||||
- kustomization-zot.yaml
|
||||
- kustomization-core.yaml
|
||||
- kustomization-gitea.yaml
|
||||
- kustomization-crypto.yaml
|
||||
|
||||
24
services/zot/config.json
Normal file
24
services/zot/config.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"storage": { "rootDirectory": "/var/lib/registry" },
|
||||
"log": { "level": "info" },
|
||||
"http": {
|
||||
"address": "0.0.0.0",
|
||||
"port": "5000",
|
||||
"auth": {
|
||||
"htpasswd": { "path": "/etc/zot/htpasswd" }
|
||||
},
|
||||
"accessControl": {
|
||||
"repositories": {
|
||||
"**": {
|
||||
"anonymousPolicy": ["read"],
|
||||
"policies": [
|
||||
{
|
||||
"users": ["bstein"],
|
||||
"actions": ["create", "update", "delete"]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
57
services/zot/deployment.yaml
Normal file
57
services/zot/deployment.yaml
Normal file
@ -0,0 +1,57 @@
|
||||
# services/zot/deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: zot
|
||||
namespace: zot
|
||||
labels: { app: zot }
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels: { app: zot }
|
||||
template:
|
||||
metadata:
|
||||
labels: { app: zot }
|
||||
spec:
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: arm64
|
||||
containers:
|
||||
- name: zot
|
||||
image: ghcr.io/project-zot/zot-linux-arm64:v2.1.7
|
||||
args: ["serve", "/etc/zot/config.json"]
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 5000
|
||||
volumeMounts:
|
||||
- name: zot-data
|
||||
mountPath: /var/lib/registry
|
||||
- name: cfg
|
||||
mountPath: /etc/zot
|
||||
readinessProbe:
|
||||
tcpSocket: { port: 5000 }
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: "64Mi"
|
||||
limits:
|
||||
memory: "256Mi"
|
||||
volumes:
|
||||
- name: zot-data
|
||||
persistentVolumeClaim:
|
||||
claimName: zot-data
|
||||
- name: cfg
|
||||
projected:
|
||||
sources:
|
||||
- configMap:
|
||||
name: zot-config
|
||||
items:
|
||||
- key: config.json
|
||||
path: config.json
|
||||
- secret:
|
||||
name: zot-htpasswd
|
||||
items:
|
||||
- key: htpasswd
|
||||
path: htpasswd
|
||||
|
||||
24
services/zot/ingress.yaml
Normal file
24
services/zot/ingress.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
# services/zot/ingress.yaml
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: zot
|
||||
namespace: zot
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
tls:
|
||||
- hosts: [ "registry.bstein.dev" ]
|
||||
secretName: registry-bstein-dev-tls
|
||||
rules:
|
||||
- host: registry.bstein.dev
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: zot
|
||||
port:
|
||||
number: 5000
|
||||
17
services/zot/kustomization.yaml
Normal file
17
services/zot/kustomization.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
# services/zot/kustomization.yaml
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- pvc.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: zot-config
|
||||
files:
|
||||
- config.json=config.json
|
||||
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
5
services/zot/namespace.yaml
Normal file
5
services/zot/namespace.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
# services/zot/namespace.yaml
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: zot
|
||||
12
services/zot/pvc.yaml
Normal file
12
services/zot/pvc.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
# services/zot/pvc.yaml
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: zot-data
|
||||
namespace: zot
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 25Gi
|
||||
14
services/zot/service.yaml
Normal file
14
services/zot/service.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
# services/zot/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: zot
|
||||
namespace: zot
|
||||
labels: { app: zot }
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector: { app: zot }
|
||||
ports:
|
||||
- name: http
|
||||
port: 5000
|
||||
targetPort: 5000
|
||||
Loading…
x
Reference in New Issue
Block a user