ceph-csi/deploy/container-registry.yaml

#
#
# Also requires linking the pushSecret to the builder Service Account:
#   $ oc secrets link builder container-registry-auth
---
apiVersion: v1
kind: Secret
metadata:
  name: container-registry-auth
  labels:
    app: container-registry
stringData:
  username: "@@USERNAME@@"
  password: "@@RANDOM_STRING@@"
  # contents created with:
  #   $ htpasswd -Bbn $USER $PASSWD
  htpasswd: |-
    "@@REPLACE_WITH_OUTPUT_OF_HTPASSWD_CMD@@"
  # contents created with:
  #   $ podman login -u $USER -p $PASSWD --authfile=config.json $URL
  config.json: |-
    {
      "auths": {
        "registry-ceph-csi.apps.ocp.ci.centos.org": {
          "auth": "@@SOME_B64ENCODED_STRING@@"
        }
      }
    }
---
kind: DeploymentConfig
apiVersion: apps.openshift.io/v1
metadata:
  name: container-registry
  labels:
    app: container-registry
spec:
  triggers:
    - type: ConfigChange
  replicas: 1
  template:
    metadata:
      labels:
        name: container-registry
    spec:
      restartPolicy: Always
      containers:
        - name: docker-registry
          image: docker.io/library/registry:2
          volumeMounts:
            - name: container-images
              mountPath: /var/lib/registry
            - name: htpasswd
              mountPath: /auth
          env:
            - name: REGISTRY_AUTH
              value: htpasswd
            - name: REGISTRY_AUTH_HTPASSWD_REALM
              value: Ceph-CSI CI Container Registry
            - name: REGISTRY_AUTH_HTPASSWD_PATH
              value: /auth/htpasswd
      volumes:
        - name: container-images
          persistentVolumeClaim:
            claimName: ceph-csi-image-registry
        - name: htpasswd
          secret:
            secretName: container-registry-auth
---
apiVersion: v1
kind: Service
metadata:
  name: container-registry
  labels:
    app: container-registry
spec:
  type: ClusterIP
  ports:
    - port: 5000
      protocol: TCP
      targetPort: 5000
  selector:
    name: container-registry
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: registry
  labels:
    app: container-registry
spec:
  port:
    targetPort: 5000
  tls:
    insecureEdgeTerminationPolicy: Allow
    termination: edge
  to:
    kind: Service
    name: container-registry
    weight: 100
  wildcardPolicy: None
ci: deploy a private container image registry With a private container image registry, the images that CI jobs use can be cached and re-used. This speeds up the CI jobs, as building the container images takes up the majority of the runtime for some jobs. Signed-off-by: Niels de Vos <ndevos@redhat.com> 2020-10-30 09:41:39 +00:00			`#`
			`#`
			`# Also requires linking the pushSecret to the builder Service Account:`
			`# $ oc secrets link builder container-registry-auth`
			`---`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: container-registry-auth`
			`labels:`
			`app: container-registry`
			`stringData:`
			`username: "@@USERNAME@@"`
			`password: "@@RANDOM_STRING@@"`
			`# contents created with:`
			`# $ htpasswd -Bbn $USER $PASSWD`
			`htpasswd: \|-`
			`"@@REPLACE_WITH_OUTPUT_OF_HTPASSWD_CMD@@"`
			`# contents created with:`
			`# $ podman login -u $USER -p $PASSWD --authfile=config.json $URL`
			`config.json: \|-`
			`{`
			`"auths": {`
			`"registry-ceph-csi.apps.ocp.ci.centos.org": {`
			`"auth": "@@SOME_B64ENCODED_STRING@@"`
			`}`
			`}`
			`}`
			`---`
			`kind: DeploymentConfig`
			`apiVersion: apps.openshift.io/v1`
			`metadata:`
			`name: container-registry`
			`labels:`
			`app: container-registry`
			`spec:`
			`triggers:`
			`- type: ConfigChange`
			`replicas: 1`
			`template:`
			`metadata:`
			`labels:`
			`name: container-registry`
			`spec:`
			`restartPolicy: Always`
			`containers:`
			`- name: docker-registry`
			`image: docker.io/library/registry:2`
			`volumeMounts:`
			`- name: container-images`
			`mountPath: /var/lib/registry`
			`- name: htpasswd`
			`mountPath: /auth`
			`env:`
			`- name: REGISTRY_AUTH`
			`value: htpasswd`
			`- name: REGISTRY_AUTH_HTPASSWD_REALM`
			`value: Ceph-CSI CI Container Registry`
			`- name: REGISTRY_AUTH_HTPASSWD_PATH`
			`value: /auth/htpasswd`
			`volumes:`
			`- name: container-images`
			`persistentVolumeClaim:`
			`claimName: ceph-csi-image-registry`
			`- name: htpasswd`
			`secret:`
			`secretName: container-registry-auth`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: container-registry`
			`labels:`
			`app: container-registry`
			`spec:`
			`type: ClusterIP`
			`ports:`
			`- port: 5000`
			`protocol: TCP`
			`targetPort: 5000`
			`selector:`
			`name: container-registry`
			`---`
			`apiVersion: route.openshift.io/v1`
			`kind: Route`
			`metadata:`
			`name: registry`
			`labels:`
			`app: container-registry`
			`spec:`
			`port:`
			`targetPort: 5000`
			`tls:`
			`insecureEdgeTerminationPolicy: Allow`
			`termination: edge`
			`to:`
			`kind: Service`
			`name: container-registry`
			`weight: 100`
			`wildcardPolicy: None`