ntr/ntwl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

registry

Browse Source
This commit is contained in:
Nathan Rashleigh 2025-04-08 01:36:11 +10:00
parent 61643c4c72
commit 260a072aa7
3 changed files with 145 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ops/generate_auth.sh
View File

@ -11,7 +11,7 @@ htpasswd() {
htpasswd -Bbn ${1} ${2} | head -n 1 2> /dev/null\"" htpasswd -Bbn ${1} ${2} | head -n 1 2> /dev/null\""
} }
K3S_HOST=strix.systems K3S_HOST=ntwl.xyz
REGISTRY_ADMIN=ntr REGISTRY_ADMIN=ntr
REGISTRY_PASSWORD=$(gen_password) REGISTRY_PASSWORD=$(gen_password)
REGISTRY_AUTH=$(htpasswd ${REGISTRY_ADMIN} ${REGISTRY_PASSWORD}) REGISTRY_AUTH=$(htpasswd ${REGISTRY_ADMIN} ${REGISTRY_PASSWORD})
@ -24,7 +24,7 @@ echo REGISTRY_AUTH is ${REGISTRY_AUTH}
echo REGISTRY_HTTP_SECRET is ${REGISTRY_HTTP_SECRET} echo REGISTRY_HTTP_SECRET is ${REGISTRY_HTTP_SECRET}
kubectl create secret generic registry \ kubectl create secret generic registry \
-n ops -n ops \
--from-literal=REGISTRY_ADMIN=${REGISTRY_ADMIN} \ --from-literal=REGISTRY_ADMIN=${REGISTRY_ADMIN} \
--from-literal=REGISTRY_PASSWORD=${REGISTRY_PASSWORD} \ --from-literal=REGISTRY_PASSWORD=${REGISTRY_PASSWORD} \
--from-literal=REGISTRY_HTTP_SECRET=${REGISTRY_HTTP_SECRET} \ --from-literal=REGISTRY_HTTP_SECRET=${REGISTRY_HTTP_SECRET} \
@ -32,11 +32,11 @@ kubectl create secret generic registry \
# cat <<EOF | ssh root@strix tee /etc/rancher/k3s/registries.yaml # cat <<EOF | ssh root@strix tee /etc/rancher/k3s/registries.yaml
# mirrors: # mirrors:
# registry.strix.systems: # registry.ntwl.xyz:
# endpoint: # endpoint:
# - "https://registry.strix.systems" # - "https://registry.ntwl.xyz"
# configs: # configs:
# "registry.strix.systems": # "registry.ntwl.xyz":
# auth: # auth:
# username: ntr # username: ntr
# password: pw # password: pw

130
ops/git.yaml Normal file
View File

@ -0,0 +1,130 @@
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-admin-secret
namespace: ops
type: Opaque
stringData:
username: ntr
password: "ghastly ghouls"
email: "ntr@strix.systems"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: gitea-data
namespace: ops
spec:
storageClassName: fast
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: gitea-redis
namespace: ops
spec:
storageClassName: fast
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: gitea-pg
namespace: ops
spec:
storageClassName: fast
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: gitea
namespace: ops
spec:
repo: https://dl.gitea.com/charts/
chart: gitea
targetNamespace: ops
valuesContent: |-
ingress:
enabled: true
className: haproxy
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
tls:
- secretName: git-tls
hosts:
- git.ntwl.xyz
# - git.strix.systems
hosts:
- host: git.ntwl.xyz
paths:
- path: /
pathType: Prefix
- host: git.strix.systems
paths:
- path: /
pathType: Prefix
service:
ssh:
type: LoadBalancer
port: 60022
externalTrafficPolicy: Local
redis-cluster:
enabled: false
redis:
enabled: true
persistence:
enabled: true
existingClaim: gitea-redis
postgresql:
enabled: true
persistence:
enabled: true
existingClaim: gitea-pg
postgresql-ha:
enabled: false
persistence:
enabled: true
existingClaim: gitea-data
gitea:
config:
database:
DB_TYPE: postgres
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
server:
SSH_PORT: 60022
admin:
existingSecret: gitea-admin-secret

38
ops/registry.yaml
View File

@ -1,37 +1,17 @@
--- ---
apiVersion: v1
kind: PersistentVolume
metadata:
name: registry-pv
spec:
storageClassName: local-path
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
claimRef:
namespace: default
name: registry-pvc
hostPath:
path: "/var/lib/rancher/k3s/storage/registry-pv"
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
apiVersion: v1
metadata: metadata:
name: registry-pvc name: registry-storage
namespace: ops
spec: spec:
volumeName: registry-pv storageClassName: zfs-fast
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi
storageClassName: local-path
--- ---
@ -39,6 +19,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: registry name: registry
namespace: ops
spec: spec:
ports: ports:
- name: web - name: web
@ -53,6 +34,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: registry name: registry
namespace: ops
labels: labels:
app: registry app: registry
spec: spec:
@ -88,7 +70,7 @@ spec:
name: registry name: registry
key: REGISTRY_HTTP_SECRET key: REGISTRY_HTTP_SECRET
volumeMounts: volumeMounts:
- name: registry-pvc - name: registry-storage
mountPath: /var/lib/registry mountPath: /var/lib/registry
- name: registry-auth - name: registry-auth
mountPath: /auth mountPath: /auth
@ -105,9 +87,9 @@ spec:
- name: registry-config - name: registry-config
configMap: configMap:
name: registry name: registry
- name: registry-pvc - name: registry-storage
persistentVolumeClaim: persistentVolumeClaim:
claimName: registry-pvc claimName: registry-storage
--- ---
@ -115,7 +97,7 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: registry name: registry
# namespace: registry namespace: ops
data: data:
config.yml: | config.yml: |
version: 0.1 version: 0.1