bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

zot fixes

Browse Source
This commit is contained in:
Brad Stein 2025-08-13 17:21:23 -05:00
parent fadfdbd8c0
commit 46d94f6052
6 changed files with 69 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
infrastructure/flux-system/kustomization-zot.yaml
View File

@ -14,3 +14,5 @@ spec:
name: flux-system name: flux-system
namespace: flux-system namespace: flux-system
wait: true wait: true
dependsOn:
- name: core

24
services/zot/config.json
View File

@ -1,24 +0,0 @@
{
"storage": { "rootDirectory": "/var/lib/registry" },
"log": { "level": "info" },
"http": {
"address": "0.0.0.0",
"port": "5000",
"auth": {
"htpasswd": { "path": "/etc/zot/htpasswd" }
},
"accessControl": {
"repositories": {
"**": {
"anonymousPolicy": ["read"],
"policies": [
{
"users": ["bstein"],
"actions": ["create", "update", "delete"]
}
]
}
}
}
}
}

32
services/zot/configmap.yaml Normal file
View File

@ -0,0 +1,32 @@
# services/zot/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: zot-config
namespace: zot
data:
config.json: |
{
"storage": { "rootDirectory": "/var/lib/registry" },
"http": {
"address": "0.0.0.0",
"port": "5000",
"auth": {
"htpasswd": {
"path": "/etc/zot/htpasswd",
"realm": "zot"
}
},
"accessControl": {
"repositories": [
{
"pattern": "**",
"policies": [
{ "users": ["*"], "actions": ["read"] }
]
}
]
}
},
"log": { "level": "info" }
}

51
services/zot/deployment.yaml
View File

@ -17,41 +17,50 @@ spec:
kubernetes.io/arch: arm64 kubernetes.io/arch: arm64
containers: containers:
- name: zot - name: zot
image: ghcr.io/project-zot/zot-linux-arm64:v2.1.7 image: ghcr.io/project-zot/zot-linux-arm64:latest
imagePullPolicy: IfNotPresent
args: ["serve", "/etc/zot/config.json"] args: ["serve", "/etc/zot/config.json"]
ports: ports:
- name: http - { name: http, containerPort: 5000 }
containerPort: 5000
volumeMounts: volumeMounts:
- name: cfg
mountPath: /etc/zot/config.json
subPath: config.json
readOnly: true
- name: htpasswd
mountPath: /etc/zot/htpasswd
subPath: htpasswd
readOnly: true
- name: zot-data - name: zot-data
mountPath: /var/lib/registry mountPath: /var/lib/registry
- name: cfg
mountPath: /etc/zot
readinessProbe: readinessProbe:
tcpSocket: { port: 5000 } httpGet:
path: /v2/
port: http
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 10 periodSeconds: 10
livenessProbe:
httpGet:
path: /v2/
port: http
initialDelaySeconds: 15
periodSeconds: 20
resources: resources:
requests: requests:
cpu: "50m" cpu: 50m
memory: "64Mi" memory: 64Mi
limits:
memory: "256Mi"
volumes: volumes:
- name: zot-data
persistentVolumeClaim:
claimName: zot-data
- name: cfg - name: cfg
projected: configMap:
sources:
- configMap:
name: zot-config name: zot-config
items: items:
- key: config.json - key: config.json
path: config.json path: config.json
- secret: - name: htpasswd
name: zot-htpasswd secret:
items: secretName: zot-htpasswd
- key: htpasswd - name: zot-data
path: htpasswd persistentVolumeClaim:
claimName: zot-data

8
services/zot/kustomization.yaml
View File

@ -5,13 +5,7 @@ resources:
- namespace.yaml - namespace.yaml
- pvc.yaml - pvc.yaml
- deployment.yaml - deployment.yaml
- configmap.yaml
- service.yaml - service.yaml
- ingress.yaml - ingress.yaml
configMapGenerator:
- name: zot-config
files:
- config.json=config.json
generatorOptions:
disableNameSuffixHash: true

1
services/zot/pvc.yaml
View File

@ -10,3 +10,4 @@ spec:
resources: resources:
requests: requests:
storage: 25Gi storage: 25Gi
storageClassName: asteria