core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing stuff for production deployment

Browse Source
This commit is contained in:
plm
2025-02-24 10:00:06 +01:00
parent ab70717458
commit 1ef92e5975
35 changed files with 1566 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
opencloud/charts/docker-registry-ui/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

30
opencloud/charts/docker-registry-ui/Chart.yaml Normal file
View File

@@ -0,0 +1,30 @@
annotations:
artifacthub.io/images: |
- name: docker-registry-ui
image: joxit/docker-registry-ui:2.5.2
- name: registry
image: registry:2.8.2
artifacthub.io/license: MIT
artifacthub.io/links: |
- name: Documentation
url: https://joxit.dev/docker-registry-ui
- name: Joxit/docker-registry-ui
url: https://github.com/Joxit/docker-registry-ui
- name: Joxit/helm-charts
url: https://github.com/Joxit/helm-charts
artifacthub.io/prerelease: "false"
apiVersion: v2
appVersion: 2.5.2
description: The simplest and most complete UI for your private registry
home: https://github.com/Joxit/docker-registry-ui
keywords:
- docker
- registry
- user-interface
- interface
kubeVersion: '>=1.19.0-0'
name: docker-registry-ui
sources:
- https://github.com/Joxit/docker-registry-ui
- https://github.com/Joxit/helm-charts
version: 1.1.3

140
opencloud/charts/docker-registry-ui/README.md Normal file
View File

@@ -0,0 +1,140 @@
# Docker Registry UI Chart
[![Stars](https://img.shields.io/github/stars/joxit/docker-registry-ui.svg?logo=github&maxAge=86400)](https://github.com/Joxit/docker-registry-ui/stargazers)
[![Pulls](https://img.shields.io/docker/pulls/joxit/docker-registry-ui.svg?maxAge=86400)](https://hub.docker.com/r/joxit/docker-registry-ui)
[![Sponsor](https://joxit.dev/images/sponsor.svg)](https://github.com/sponsors/Joxit)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/joxit)](https://artifacthub.io/packages/helm/joxit/docker-registry-ui)
## Overview
This project aims to provide a simple and complete user interface for your private docker registry. You can customize the interface with various options. The major option is `ui.singleRegistry` which allows you to disable the dynamic selection of docker registeries.
If you like my work and want to support it, don't hesitate to [sponsor me](https://github.com/sponsors/Joxit).
## [Project Page](https://joxit.dev/docker-registry-ui), [Live Demo](https://joxit.dev/docker-registry-ui/demo/), [Examples](https://github.com/Joxit/docker-registry-ui/tree/main/examples), [Helm Chart](https://helm.joxit.dev/charts/docker-registry-ui/)
![preview](https://raw.github.com/Joxit/docker-registry-ui/main/docker-registry-ui.gif "Preview of Docker Registry UI")
## Prerequisites
* **Helm 3.2+** (Helm 2 is not supported)
* **Kubernetes 1.19+** - This is the earliest version of Kubernetes tested.
It is possible that this chart works with earlier versions but it is untested.
## Usage
1. Add my Helm repository (named `joxit`)
```
helm repo add joxit https://helm.joxit.dev
```
2. Ensure you have access to the Helm chart and you see the latest chart version listed. If you have previously added the Helm repository, run `helm repo update`.
```
helm search repo joxit/docker-registry-ui
```
3. Now you're ready to install the Docker Registry UI! To install Docker Registry UI with the default configuration using Helm 3.2 run the following command below. This will deploy the Docker Registry UI on the default namespace.
```
helm upgrade --install docker-registry-ui joxit/docker-registry-ui
```
## Configuration
### Global
| Value | Default | Description |
| --- | --- | --- |
| `global.name` | `null` | Set the prefix used for all resources in the Helm chart. If not set, the prefix will be `<helm release name>`. |
| `global.imagePullSecrets` | `[]` | The default array of objects containing image pull secret names that will be applied. |
| `global.imagePullPolicy` | `IfNotPresent` | The default image policy for images: `IfNotPresent`, `Always`, `Never` |
### User Interface
| Value | Default | Description |
| --- | --- | --- |
| `ui.replicas` | `1` | Number of replicas for the Deployment. |
| `ui.title` | `"Docker registry UI"` | Title of the registry |
| `ui.proxy` | `false` | UI behave as a proxy of the registry |
| `ui.dockerRegistryUrl` | `null` | The URL of your docker registry, may be a service (when proxy is on) or an external URL. |
| `ui.pullUrl` | `null` | Override the pull URL |
| `ui.singleRegistry` | `true` | Remove the menu that show the dialogs to add, remove and change the endpoint of your docker registry. |
| `ui.registrySecured` | `false` | By default, the UI will check on every requests if your registry is secured or not (you will see `401` responses in your console). Set to `true` if your registry uses Basic Authentication and divide by two the number of call to your registry. |
| `ui.showCatalogNbTags` | `false` | Show number of tags per images on catalog page. This will produce + nb images requests, not recommended on large registries. |
| `ui.catalogElementsLimit` | `1000` | Limit the number of elements in the catalog page. |
| `ui.catalogDefaultExpanded` | `false` | Expand by default all repositories in catalog |
| `ui.catalogMinBranches` | `1` | Set the minimum repository/namespace to expand (e.g. `joxit/docker-registry-ui` `joxit/` is the repository/namespace). Can be 0 to disable branching. |
| `ui.catalogMaxBranches` | `1` | Set the maximum repository/namespace to expand (e.g. `joxit/docker-registry-ui` `joxit/` is the repository/namespace). Can be 0 to disable branching. |
| `ui.deleteImages` | `false` | Allow delete of images |
| `ui.showContentDigest` | `false` | Show content digest in docker tag list. |
| `ui.taglistOrder` | `alpha-asc;num-desc` | Set the default order for the taglist page, could be `num-asc;alpha-asc`, `num-desc;alpha-asc`, `num-asc;alpha-desc`, `num-desc;alpha-desc`, `alpha-asc;num-asc`, `alpha-asc;num-desc`, `alpha-desc;num-asc` or `alpha-desc;num-desc`. |
| `ui.taglistPageSize` | `100` | Set the number of tags to display in one page. |
| `ui.historyCustomLabels` | `[]` | Expose custom labels in history page, custom labels will be processed like maintainer label. |
| `ui.nginxProxyHeaders` | `[]` | Update the default Nginx configuration and **set custom headers** for your backend docker registry. Only when `ui.proxy` is used. Example: nginxProxyHeaders: [ { my-heeader-name: my-header-value } ] |
| `ui.nginxProxyPassHeaders` | `[]` | Update the default Nginx configuration and **forward custom headers** to your backend docker registry. Only when `ui.proxy` is used. Example: nginxProxyPassHeaders: [ my-first-header, my-second-header ] |
| `ui.useControlCacheHeader` | `false` | Add header Control-Cache: no-store, no-cache on requests to registry server. This needs to update your registry configuration with : `Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']` |
| `ui.runAsRoot` | `true` | Use root or nginx user inside the container, when this is false the target port must be greater or equal to 1024. |
| `ui.defaultTheme` | `"auto"` | Select the default theme to apply, values can be `auto`, `dark` and `light` |
| `ui.theme.background` | `""` | Custom background color for the UI |
| `ui.theme.primaryText` | `""` | Custom primary text color for the UI |
| `ui.theme.neutralText` | `""` | Custom netral color for the UI (icons) |
| `ui.theme.accentText` | `""` | Custom accent color for the UI (buttons) |
| `ui.theme.hoverBackground` | `""` | Custom hover background color for the UI |
| `ui.theme.headerBackground` | `""` | Custom header background color for the UI |
| `ui.theme.headerText` | `""` | Custom header text color for the UI |
| `ui.theme.footerBackground` | `""` | Custom footer background color for the UI |
| `ui.theme.footerText` | `""` | Custom footer text color for the UI |
| `ui.theme.footerNeutralText` | `""` | Custom footer neutral color for the UI (links) |
| `ui.image` | `joxit/docker-registry-ui:2.5.2` | The name and tag of the docker image of the interface |
| `ui.imagePullSecrets` | `"-"` | Override default image pull secrets |
| `ui.imagePullPolicy` | `"-"` | Override default pull policy |
| `ui.resources` | `{}` | The resource settings for user interface pod. |
| `ui.nodeSelector` | `{}` | Optional YAML string to specify a nodeSelector config. |
| `ui.tolerations` | `[]` | Optional YAML string to specify tolerations. |
| `ui.affinity` | `{}` | This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) for server pods. |
| `ui.annotations` | `{}` | Annotations to apply to the user interface deployment. |
| `ui.additionalSpec` | `{}` | Optional YAML string that will be appended to the deployment spec. |
| `ui.service.type` | `ClusterIP` | Type of service: `LoadBalancer`, `ClusterIP` or `NodePort`. If using `NodePort` service type, you must set the desired `nodePorts` setting below. |
| `ui.service.port` | `80` | Ports that will be exposed on the service |
| `ui.service.targetPort` | `80` | The port to listhen on the container. If under 1024, the user must be root |
| `ui.service.nodePort` | `null` | If using a `NodePort` service type, you must specify the desired `nodePort` for each exposed port. |
| `ui.service.annotations` | `{}` | Annotations to apply to the user interface service. |
| `ui.service.additionalSpec` | `{}` | Optional YAML string that will be appended to the Service spec. |
| `ui.ingress.enabled` | `false` | Enable the ingress for the user interface. |
| `ui.ingress.host` | `null` | Fully qualified domain name of a network host. |
| `ui.ingress.path` | `/` | Path is matched against the path of an incoming request. |
| `ui.ingress.pathType` | `Prefix` | Determines the interpretation of the Path matching, must be Prefix to serve assets. |
| `ui.ingress.ingressClassName` | `nginx` | The name of an IngressClass cluster resource. |
| `ui.ingress.tls` | `[]` | TLS configuration |
| `ui.ingress.annotations` | `{}` | Annotations to apply to the user interface ingress. |
### Registry Server
| Value | Default | Description |
| --- | --- | --- |
| `registry.enabled` | `false` | Enable the registry server. |
| `registry.image` | `registry:2.8.2` | The name and tag of the docker registry server image |
| `registry.imagePullSecrets` | `"-"` | Override default image pull secrets |
| `registry.imagePullPolicy` | `"-"` | Override default pull policy |
| `registry.dataVolume` | `null` | Configuration for the data directory. When null it will create an emptyDir. |
| `registry.resources` | `{}` | The resource settings for registry server pod. |
| `registry.nodeSelector` | `{}` | Optional YAML string to specify a nodeSelector config. |
| `registry.tolerations` | `[]` | Optional YAML string to specify tolerations. |
| `registry.affinity` | `{}` | This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) for server pods. |
| `registry.annotations` | `{}` | Annotations to apply to the registry server deployment. |
| `registry.additionalSpec` | `{}` | Optional YAML string that will be appended to the deployment spec. |
| `registry.extraEnv` | `[]` | Extra Environmental Variables for Registry |
| `registry.auth.basic.enabled` | `false` | Enable basic auth for Registry. |
| `registry.auth.basic.realm` | `Docker registry` | Basic auth realm. |
| `registry.auth.basic.htpasswdPath` | `/etc/docker/registry/auth/htpasswd` | Full path for htpasswd file. Note that filename should match the secret key. |
| `registry.auth.basic.secretName` | `''` | htpasswd secret name volume to mount. |
| `registry.service.type` | `ClusterIP` | Type of service: `LoadBalancer`, `ClusterIP` or `NodePort`. If using `NodePort` service type, you must set the desired `nodePorts` setting below. |
| `registry.service.port` | `5000` | Ports that will be exposed on the service |
| `registry.service.targetPort` | `5000` | The port to listhen on the container. |
| `registry.service.nodePort` | `null` | If using a `NodePort` service type, you must specify the desired `nodePort` for each exposed port. |
| `registry.service.annotations` | `{}` | Annotations to apply to the registry server service. |
| `registry.service.additionalSpec` | `{}` | Optional YAML string that will be appended to the Service spec. |
| `registry.ingress.enabled` | `false` | Enable the ingress for the registry server. |
| `registry.ingress.host` | `null` | Fully qualified domain name of a network host. |
| `registry.ingress.path` | `/v2/` | Path is matched against the path of an incoming request. |
| `registry.ingress.pathType` | `Prefix` | Determines the interpretation of the Path matching, must be Prefix to serve assets. |
| `registry.ingress.ingressClassName` | `nginx` | The name of an IngressClass cluster resource. |
| `registry.ingress.tls` | `[]` | TLS configuration |
| `registry.ingress.annotations` | `{}` | Annotations to apply to the registry server ingress. |

28
opencloud/charts/docker-registry-ui/README.tmpl Normal file
View File

@@ -0,0 +1,28 @@
# {{ prettyName }} Chart
[![Stars](https://img.shields.io/github/stars/joxit/docker-registry-ui.svg?logo=github&maxAge=86400)](https://github.com/Joxit/docker-registry-ui/stargazers)
[![Pulls](https://img.shields.io/docker/pulls/joxit/docker-registry-ui.svg?maxAge=86400)](https://hub.docker.com/r/joxit/docker-registry-ui)
[![Sponsor](https://joxit.dev/images/sponsor.svg)](https://github.com/sponsors/Joxit)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/joxit)](https://artifacthub.io/packages/helm/joxit/docker-registry-ui)
## Overview
This project aims to provide a simple and complete user interface for your private docker registry. You can customize the interface with various options. The major option is `ui.singleRegistry` which allows you to disable the dynamic selection of docker registeries.
If you like my work and want to support it, don't hesitate to [sponsor me](https://github.com/sponsors/Joxit).
## [Project Page](https://joxit.dev/docker-registry-ui), [Live Demo](https://joxit.dev/docker-registry-ui/demo/), [Examples](https://github.com/Joxit/docker-registry-ui/tree/main/examples), [Helm Chart](https://helm.joxit.dev/charts/docker-registry-ui/)
![preview](https://raw.github.com/Joxit/docker-registry-ui/main/docker-registry-ui.gif "Preview of Docker Registry UI")
## Prerequisites
{{ prerequisites }}
## Usage
{{ usage }}
## Configuration
{{ configuration }}

8
opencloud/charts/docker-registry-ui/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,8 @@
Thank you for installing Joxit's Docker Registry UI!
Your release is named {{ .Release.Name }}.
To learn more about the release, run:
$ helm status {{ .Release.Name }} {{- if .Release.Namespace }} --namespace {{ .Release.Namespace }}{{ end }}
$ helm get all {{ .Release.Name }} {{- if .Release.Namespace }} --namespace {{ .Release.Namespace }}{{ end }}

43
opencloud/charts/docker-registry-ui/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,43 @@
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to
this (by the DNS naming spec). Supports the legacy fullnameOverride setting
as well as the global.name setting.
*/}}
{{- define "docker-registry-ui.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else if .Values.global.name -}}
{{- .Values.global.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "docker-registry-ui.chart" -}}
{{- printf "%s-helm" .Chart.Name | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "docker-registry-ui.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels.
*/}}
{{- define "docker-registry-ui.labels" -}}
app.kubernetes.io/name: {{ include "docker-registry-ui.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "docker-registry-ui.chart" . }}
{{- end -}}

101
opencloud/charts/docker-registry-ui/templates/registry-deployment.yaml Normal file
View File

@@ -0,0 +1,101 @@
{{- if .Values.registry.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-registry-server
labels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.registry.replicas }}
selector:
matchLabels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 8 }}
{{- if .Values.registry.annotations }}
annotations:
{{- toYaml .Values.registry.annotations | nindent 8 }}
{{- end }}
spec:
{{- if ne (.Values.registry.imagePullSecrets | toString) "-" }}
imagePullSecrets:
{{- toYaml .Values.registry.imagePullSecrets | nindent 8 }}
{{- else }}
imagePullSecrets:
{{- toYaml .Values.global.imagePullSecrets | nindent 8 }}
{{- end}}
containers:
- name: "registry-server"
image: {{ .Values.registry.image | quote }}
imagePullPolicy: {{ if ne (.Values.registry.imagePullPolicy | toString) "-" }}{{ .Values.registry.imagePullPolicy }}{{ else }}{{ .Values.global.imagePullPolicy }}{{ end }}
env:
- name: REGISTRY_HTTP_ADDR
value: {{ printf "%s:%d" "0.0.0.0" (.Values.registry.service.targetPort | int) }}
{{- if .Values.ui.deleteImages }}
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: 'true'
{{- end }}
{{- if .Values.registry.auth.basic.enabled }}
- name: REGISTRY_AUTH
value: htpasswd
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: {{ if ne (.Values.registry.auth.basic.realm | toString) "-" }}{{ .Values.registry.auth.basic.realm }}{{ else }}{{ "Docker registry" }}{{ end }}
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: {{ if ne (.Values.registry.auth.basic.htpasswdPath | toString) "-" }}{{ .Values.registry.auth.basic.htpasswdPath }}{{ else }}{{ "/etc/docker/registry/auth/htpasswd" }}{{ end }}
{{- end }}
{{- range .Values.registry.extraEnv }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.registry.service.targetPort }}
protocol: TCP
volumeMounts:
- mountPath: /var/lib/registry
name: data
{{- if .Values.registry.auth.basic.enabled }}
- name: htpasswd
mountPath: {{ if ne (.Values.registry.auth.basic.htpasswdPath | toString) "-" }}{{ dir .Values.registry.auth.basic.htpasswdPath }}{{ else }}{{ "/etc/docker/registry/auth" }}{{ end }}
readOnly: true
{{- end }}
resources:
{{- toYaml .Values.registry.resources | nindent 12 }}
volumes:
- name: data
{{- if .Values.registry.dataVolume }}
{{- toYaml .Values.registry.dataVolume | nindent 10 }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.registry.auth.basic.enabled }}
- name: htpasswd
secret:
secretName: {{ if .Values.registry.auth.basic.secretName }}{{ .Values.registry.auth.basic.secretName }}{{ else }}{{ fail "Basic auth secret name is required" }}{{ end }}
{{- end }}
{{- with .Values.registry.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.registry.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.registry.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if not .Values.registry.runAsRoot }}
securityContext:
runAsUser: 101
fsGroup: 101
{{- end }}
{{- if .Values.registry.additionalSpec }}
{{ tpl .Values.registry.additionalSpec . | nindent 6 | trim }}
{{- end }}
{{- end }}

38
opencloud/charts/docker-registry-ui/templates/registry-ingress.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if .Values.registry.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-registry-server
labels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 4 }}
{{- with .Values.registry.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.registry.ingress.ingressClassName }}
ingressClassName: {{ .Values.registry.ingress.ingressClassName }}
{{- end -}}
{{- if .Values.registry.ingress.tls }}
tls:
{{ tpl (toYaml .Values.registry.ingress.tls) $ | indent 4 }}
{{- end }}
rules:
- http:
paths:
- backend:
service:
name: {{ include "docker-registry-ui.fullname" . }}-registry-server
port:
number: {{ .Values.registry.service.port }}
{{- if .Values.registry.ingress.path }}
path: {{ .Values.registry.ingress.path }}
{{- end }}
{{- if .Values.registry.ingress.pathType }}
pathType: {{ .Values.registry.ingress.pathType }}
{{- end }}
{{- if .Values.registry.ingress.host }}
host: {{ .Values.registry.ingress.host | quote }}
{{- end -}}
{{- end }}

29
opencloud/charts/docker-registry-ui/templates/registry-service.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- if .Values.registry.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-registry-server
labels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 4 }}
{{- with .Values.registry.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 4 }}
type: {{ .Values.registry.service.type }}
ports:
- port: {{ .Values.registry.service.port }}
targetPort: {{ .Values.registry.service.targetPort }}
protocol: TCP
name: http
{{- if (and (eq .Values.registry.service.type "NodePort") .Values.registry.service.nodePort) }}
nodePort: {{ .Values.registry.service.nodePort }}
{{- end }}
{{- if .Values.registry.service.additionalSpec }}
{{ tpl .Values.registry.service.additionalSpec . | nindent 2 | trim }}
{{- end }}
{{- end }}

139
opencloud/charts/docker-registry-ui/templates/ui-deployment.yaml Normal file
View File

@@ -0,0 +1,139 @@
{{- if and (not .Values.ui.runAsRoot) (lt (.Values.ui.service.targetPort | int) 1024) }}
{{ fail "When `ui.runAsRoot` is false `ui.service.targetPort` must be less than 1024." }}
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-user-interface
labels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.ui.replicas }}
selector:
matchLabels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 8 }}
{{- if .Values.ui.annotations }}
annotations:
{{- toYaml .Values.ui.annotations | nindent 8 }}
{{- end }}
spec:
{{- if ne (.Values.ui.imagePullSecrets | toString) "-" }}
imagePullSecrets:
{{- toYaml .Values.ui.imagePullSecrets | nindent 8 }}
{{- else }}
imagePullSecrets:
{{- toYaml .Values.global.imagePullSecrets | nindent 8 }}
{{- end}}
containers:
- name: "registry-ui"
image: {{ .Values.ui.image | quote }}
imagePullPolicy: {{ if ne (.Values.ui.imagePullPolicy | toString) "-" }}{{ .Values.ui.imagePullPolicy }}{{ else }}{{ .Values.global.imagePullPolicy }}{{ end }}
env:
- name: REGISTRY_TITLE
value: {{ .Values.ui.title | quote }}
- name: DELETE_IMAGES
value: {{ .Values.ui.deleteImages | quote }}
{{- if .Values.ui.proxy }}
{{- if .Values.ui.dockerRegistryUrl }}
- name: NGINX_PROXY_PASS_URL
value: {{ .Values.ui.dockerRegistryUrl | quote }}
{{- else if .Values.registry.enabled }}
- name: NGINX_PROXY_PASS_URL
value: {{ printf "http://%s-registry-server:%d" (include "docker-registry-ui.fullname" .) (.Values.registry.service.port | int) }}
{{- end }}
{{- range $header := .Values.ui.nginxProxyHeaders }}
{{- range $key, $value := $header }}
- name: {{ printf "NGINX_PROXY_HEADER_%s" $key }}
value: {{ $value }}
{{- end }}
{{- end }}
{{- range $header := .Values.ui.nginxProxyPassHeaders }}
- name: {{ printf "NGINX_PROXY_PASS_HEADER_%s" $header }}
{{- end }}
{{- else }}
- name: REGISTRY_URL
value: {{ .Values.ui.dockerRegistryUrl | quote }}
{{- end }}
- name: PULL_URL
value: {{ .Values.ui.pullUrl | quote }}
- name: SHOW_CATALOG_NB_TAGS
value: {{ .Values.ui.showCatalogNbTags | quote }}
- name: SHOW_CONTENT_DIGEST
value: {{ .Values.ui.showContentDigest | quote }}
- name: SINGLE_REGISTRY
value: {{ .Values.ui.singleRegistry | quote }}
- name: CATALOG_ELEMENTS_LIMIT
value: {{ .Values.ui.catalogElementsLimit | quote }}
- name: HISTORY_CUSTOM_LABELS
value: {{ .Values.ui.historyCustomLabels | join "," }}
- name: NGINX_LISTEN_PORT
value: {{ .Values.ui.service.targetPort | quote }}
- name: USE_CONTROL_CACHE_HEADER
value: {{ .Values.ui.useControlCacheHeader | quote }}
- name: TAGLIST_ORDER
value: {{ .Values.ui.taglistOrder | quote }}
- name: CATALOG_DEFAULT_EXPANDED
value: {{ .Values.ui.catalogDefaultExpanded | quote }}
- name: CATALOG_MIN_BRANCHES
value: {{ .Values.ui.catalogMinBranches | quote }}
- name: CATALOG_MAX_BRANCHES
value: {{ .Values.ui.catalogMaxBranches | quote }}
- name: TAGLIST_PAGE_SIZE
value: {{ .Values.ui.taglistPageSize | quote }}
- name: REGISTRY_SECURED
value: {{ .Values.ui.registrySecured | quote }}
- name: THEME
value: {{ .Values.ui.defaultTheme | quote }}
- name: THEME_PRIMARY_TEXT
value: {{ .Values.ui.theme.primaryText | quote }}
- name: THEME_NEUTRAL_TEXT
value: {{ .Values.ui.theme.neutralText | quote }}
- name: THEME_BACKGROUND
value: {{ .Values.ui.theme.background | quote }}
- name: THEME_HOVER_BACKGROUND
value: {{ .Values.ui.theme.hoverBackground | quote }}
- name: THEME_ACCENT_TEXT
value: {{ .Values.ui.theme.accentText | quote }}
- name: THEME_HEADER_TEXT
value: {{ .Values.ui.theme.headerText | quote }}
- name: THEME_HEADER_BACKGROUND
value: {{ .Values.ui.theme.headerBackground | quote }}
- name: THEME_FOOTER_TEXT
value: {{ .Values.ui.theme.footerText | quote }}
- name: THEME_FOOTER_NEUTRAL_TEXT
value: {{ .Values.ui.theme.footerNeutralText | quote }}
- name: THEME_FOOTER_BACKGROUND
value: {{ .Values.ui.theme.footerBackground | quote }}
ports:
- name: http
containerPort: {{ .Values.ui.service.targetPort }}
protocol: TCP
resources:
{{- toYaml .Values.ui.resources | nindent 12 }}
{{- with .Values.ui.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ui.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ui.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if not .Values.ui.runAsRoot }}
securityContext:
runAsUser: 101
{{- end }}
{{- if .Values.ui.additionalSpec }}
{{ tpl .Values.ui.additionalSpec . | nindent 6 | trim }}
{{- end }}

38
opencloud/charts/docker-registry-ui/templates/ui-ingress.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if .Values.ui.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-user-interface
labels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 4 }}
{{- with .Values.ui.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ui.ingress.ingressClassName }}
ingressClassName: {{ .Values.ui.ingress.ingressClassName }}
{{- end -}}
{{- if .Values.ui.ingress.tls }}
tls:
{{ tpl (toYaml .Values.ui.ingress.tls) $ | indent 4 }}
{{- end }}
rules:
- http:
paths:
- backend:
service:
name: {{ include "docker-registry-ui.fullname" . }}-user-interface
port:
number: {{ .Values.ui.service.port }}
{{- if .Values.ui.ingress.path }}
path: {{ .Values.ui.ingress.path }}
{{- end }}
{{- if .Values.ui.ingress.pathType }}
pathType: {{ .Values.ui.ingress.pathType }}
{{- end }}
{{- if .Values.ui.ingress.host }}
host: {{ .Values.ui.ingress.host | quote }}
{{- end -}}
{{- end }}

27
opencloud/charts/docker-registry-ui/templates/ui-service.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-user-interface
labels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 4 }}
{{- with .Values.ui.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 4 }}
type: {{ .Values.ui.service.type }}
ports:
- port: {{ .Values.ui.service.port }}
targetPort: {{ .Values.ui.service.targetPort }}
protocol: TCP
name: http
{{- if (and (eq .Values.ui.service.type "NodePort") .Values.ui.service.nodePort) }}
nodePort: {{ .Values.ui.service.nodePort }}
{{- end }}
{{- if .Values.ui.service.additionalSpec }}
{{ tpl .Values.ui.service.additionalSpec . | nindent 2 | trim }}
{{- end }}

218
opencloud/charts/docker-registry-ui/values.yaml Normal file
View File

@@ -0,0 +1,218 @@
## Global
global:
# Set the prefix used for all resources in the Helm chart. If not set,
# the prefix will be `<helm release name>`.
name: null
# The default array of objects containing image pull secret names that will be applied.
imagePullSecrets: []
# The default image policy for images: `IfNotPresent`, `Always`, `Never`
imagePullPolicy: IfNotPresent
## User Interface
ui:
# Number of replicas for the Deployment.
replicas: 1
# Title of the registry
title: "Docker registry UI"
# UI behave as a proxy of the registry
proxy: false
# The URL of your docker registry, may be a service (when proxy is on) or an external URL.
dockerRegistryUrl: null
# Override the pull URL
pullUrl: null
# Remove the menu that show the dialogs to add, remove and change the endpoint of your docker registry.
singleRegistry: true
# By default, the UI will check on every requests if your registry is secured or not (you will see `401` responses in your console). Set to `true` if your registry uses Basic Authentication and divide by two the number of call to your registry.
registrySecured: false
# Show number of tags per images on catalog page. This will produce + nb images requests, not recommended on large registries.
showCatalogNbTags: false
# Limit the number of elements in the catalog page.
catalogElementsLimit: 1000
# Expand by default all repositories in catalog
catalogDefaultExpanded: false
# Set the minimum repository/namespace to expand (e.g. `joxit/docker-registry-ui` `joxit/` is the repository/namespace). Can be 0 to disable branching.
catalogMinBranches: 1
# Set the maximum repository/namespace to expand (e.g. `joxit/docker-registry-ui` `joxit/` is the repository/namespace). Can be 0 to disable branching.
catalogMaxBranches: 1
# Allow delete of images
deleteImages: false
# Show content digest in docker tag list.
showContentDigest: false
# Set the default order for the taglist page, could be `num-asc;alpha-asc`, `num-desc;alpha-asc`, `num-asc;alpha-desc`, `num-desc;alpha-desc`, `alpha-asc;num-asc`, `alpha-asc;num-desc`, `alpha-desc;num-asc` or `alpha-desc;num-desc`.
taglistOrder: alpha-asc;num-desc
# Set the number of tags to display in one page.
taglistPageSize: 100
# Expose custom labels in history page, custom labels will be processed like maintainer label.
historyCustomLabels: []
# Update the default Nginx configuration and **set custom headers** for your backend docker registry. Only when `ui.proxy` is used.
# Example:
# nginxProxyHeaders:
# [ { my-heeader-name: my-header-value } ]
nginxProxyHeaders: []
# Update the default Nginx configuration and **forward custom headers** to your backend docker registry. Only when `ui.proxy` is used.
# Example:
# nginxProxyPassHeaders: [ my-first-header, my-second-header ]
nginxProxyPassHeaders: []
# Add header Control-Cache: no-store, no-cache on requests to registry server.
# This needs to update your registry configuration with : `Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']`
useControlCacheHeader: false
# Use root or nginx user inside the container, when this is false the target port must be greater or equal to 1024.
runAsRoot: true
# Select the default theme to apply, values can be `auto`, `dark` and `light`
defaultTheme: "auto"
theme:
# Custom background color for the UI
background: ""
# Custom primary text color for the UI
primaryText: ""
# Custom netral color for the UI (icons)
neutralText: ""
# Custom accent color for the UI (buttons)
accentText: ""
# Custom hover background color for the UI
hoverBackground: ""
# Custom header background color for the UI
headerBackground: ""
# Custom header text color for the UI
headerText: ""
# Custom footer background color for the UI
footerBackground: ""
# Custom footer text color for the UI
footerText: ""
# Custom footer neutral color for the UI (links)
footerNeutralText: ""
# The name and tag of the docker image of the interface
image: joxit/docker-registry-ui:2.5.2
# Override default image pull secrets
imagePullSecrets: "-"
# Override default pull policy
imagePullPolicy: "-"
# The resource settings for user interface pod.
resources: {}
# Optional YAML string to specify a nodeSelector config.
nodeSelector: {}
# Optional YAML string to specify tolerations.
tolerations: []
# This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# for server pods.
affinity: {}
# Annotations to apply to the user interface deployment.
annotations: {}
# Optional YAML string that will be appended to the deployment spec.
additionalSpec: {}
service:
# Type of service: `LoadBalancer`, `ClusterIP` or `NodePort`. If using `NodePort` service
# type, you must set the desired `nodePorts` setting below.
type: ClusterIP
# Ports that will be exposed on the service
port: 80
# The port to listhen on the container. If under 1024, the user must be root
targetPort: 80
# If using a `NodePort` service type, you must specify the desired `nodePort` for each exposed port.
nodePort: null
# Annotations to apply to the user interface service.
annotations: {}
# Optional YAML string that will be appended to the Service spec.
additionalSpec: {}
ingress:
# Enable the ingress for the user interface.
enabled: false
# Fully qualified domain name of a network host.
host: null
# Path is matched against the path of an incoming request.
path: /
# Determines the interpretation of the Path matching, must be Prefix to serve assets.
pathType: Prefix
# The name of an IngressClass cluster resource.
ingressClassName: nginx
# TLS configuration
tls: []
# Annotations to apply to the user interface ingress.
annotations: {}
# If you want a custom path, you can try this example:
# path: /ui(/|$)(.*)
# annotations:
# { nginx.ingress.kubernetes.io/rewrite-target: /$2 }
## Registry Server
registry:
# Enable the registry server.
enabled: false
# The name and tag of the docker registry server image
image: registry:2.8.2
# Override default image pull secrets
imagePullSecrets: "-"
# Override default pull policy
imagePullPolicy: "-"
# Configuration for the data directory. When null it will create an emptyDir.
dataVolume: null
# The resource settings for registry server pod.
resources: {}
# Optional YAML string to specify a nodeSelector config.
nodeSelector: {}
# Optional YAML string to specify tolerations.
tolerations: []
# This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# for server pods.
affinity: {}
# Annotations to apply to the registry server deployment.
annotations: {}
# Optional YAML string that will be appended to the deployment spec.
additionalSpec: {}
# Extra Environmental Variables for Registry
extraEnv: []
auth:
basic:
# Enable basic auth for Registry.
enabled: false
# Basic auth realm.
realm: Docker registry
# Full path for htpasswd file. Note that filename should match the secret key.
htpasswdPath: /etc/docker/registry/auth/htpasswd
# htpasswd secret name volume to mount.
secretName: ''
service:
# Type of service: `LoadBalancer`, `ClusterIP` or `NodePort`. If using `NodePort` service
# type, you must set the desired `nodePorts` setting below.
type: ClusterIP
# Ports that will be exposed on the service
port: 5000
# The port to listhen on the container.
targetPort: 5000
# If using a `NodePort` service type, you must specify the desired `nodePort` for each exposed port.
nodePort: null
# Annotations to apply to the registry server service.
annotations: {}
# Optional YAML string that will be appended to the Service spec.
additionalSpec: {}
ingress:
# Enable the ingress for the registry server.
enabled: false
# Fully qualified domain name of a network host.
host: null
# Path is matched against the path of an incoming request.
path: /v2/
# Determines the interpretation of the Path matching, must be Prefix to serve assets.
pathType: Prefix
# The name of an IngressClass cluster resource.
ingressClassName: nginx
# TLS configuration
tls: []
# Annotations to apply to the registry server ingress.
annotations: {}
# If you want a custom path, you can try this example:
# path: /api(/|$)(.*)
# annotations:
# { nginx.ingress.kubernetes.io/rewrite-target: /$2 }