davad/argo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(docker-registry): add registry

Browse source
This commit is contained in:
David Landry 2024-10-16 15:13:35 -04:00
parent 5832b208f3
commit 1b4f9114a1
14 changed files with 406 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
apps/docker-registry/overlays/system/config.json Normal file
View file

@ -0,0 +1,11 @@
{
"appName": "docker-registry",
"userGivenName": "docker-registry",
"destNamespace": "gitops",
"destServer": "https://kubernetes.default.svc",
"srcPath": "apps/docker-registry/overlays/system",
"srcRepoURL": "ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git",
"srcTargetRevision": "",
"labels": null,
"annotations": null
}

10
apps/docker-registry/overlays/system/deployment.patch.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: docker-registry
spec:
template:
metadata:
annotations:
updated-at/secret: 2024-10-16T15:23-04:00

10
apps/docker-registry/overlays/system/kustomization.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
generators:
- ./secret-generator.yaml
patches:
- path: ./deployment.patch.yaml

15
apps/docker-registry/overlays/system/secret-generator.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
# Specify a name
name: example-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
# if the binary is in your PATH, you can do
path: ksops
# otherwise, path should be relative to manifest files, like
# path: ../../../ksops
files:
- ./secret.enc.yaml

39
apps/docker-registry/overlays/system/secret.enc.yaml Normal file
View file

@ -0,0 +1,39 @@
# htpasswd is what our docker client uses to authenticate
# haSharedSecret, I _think_ is used internally by the registry
# proxyUsername and proxyPassword are used to pull from the upstream registry
apiVersion: v1
kind: Secret
metadata:
name: docker-registry-secret
namespace: gitops
labels:
app: docker-registry
chart: docker-registry-2.2.3
heritage: Helm
release: docker-registry
type: Opaque
data:
htpasswd: ENC[AES256_GCM,data:UnlnZU6jYITgVdinR6IMpirR85ewV5dcmJhC7hlRc0eqWXuD+5WpktFI7S6Uki5qKKesftD8zYvsxLH+FdYYKOQKsVwJx1kLGf2XY52/siAFAn3xQqilhQ==,iv:cF2GhzrJhgpOqjMJdWdqqpSS0DHY/qLZPfDn3ZrRgd0=,tag:pBJ+DbP/733U3abPWyWlrQ==,type:str]
haSharedSecret: ENC[AES256_GCM,data:zEl3ztvuhXQpBTAnf7CzuSSwdvQFOfLA,iv:Saka/heNDTUmZyPTo4sBjmy/epCMIZgF4aOzNPmkVtI=,tag:6PWelWs6jOBY2bVCThJKJg==,type:str]
proxyUsername: ""
proxyPassword: ""
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1V1FKR1pWdzg2UkloUmJv
ZnU0b0hUQmZqUk04T3ZhT2pFYys3VTJNZW1nCmV2QkQ4WEhsbHl2MDVEWGtHY3Zz
Y2hXMnRkTGRRTlJZdnJWYS8yNVcvaGcKLS0tIGNUSnpIbEMrdW92eVJWdjhLbXNF
anYrWjFIN3kxM1k0TTV5REhyMXZYNW8KCK7diWMKH6HiizVKZVevjVSEYPVolm84
bqbvxoR+YZ+OmKoHG5DtXwMSAvjjG2pz6GrteInRSb/WqtWKuldrfQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-16T19:22:05Z"
mac: ENC[AES256_GCM,data:yqFueJcs6Ja6qFE9y6Q/SRQaIcXERdRCUo6iqpzJaNiDW9346sGMkBTvIvGXv/E22wABLTfJ/xe+jgK3BzdEm6DvW7UnBwJ0hRq0d9G+7c94If4km+ZADh3EHCweSv8RiF525UR2R38kENKsZ6xppfXSi2iVwqPXwHeMmf2pTwY=,iv:6dk/M60HSxxwi4PI7fT2bQYYlT4YPXpWJYNejNwCn1c=,tag:AI446UtFceDQyeuX0zplVQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.1