Fixing stuff for production deployment

opencloud/charts/docker-registry-ui/templates/NOTES.txt

@@ -0,0 +1,8 @@
+Thank you for installing Joxit's Docker Registry UI!
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, run:
+
+  $ helm status {{ .Release.Name }} {{- if .Release.Namespace }} --namespace {{ .Release.Namespace }}{{ end }}
+  $ helm get all {{ .Release.Name }} {{- if .Release.Namespace }} --namespace {{ .Release.Namespace }}{{ end }}

opencloud/charts/docker-registry-ui/templates/_helpers.tpl

@@ -0,0 +1,43 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). Supports the legacy fullnameOverride setting
+as well as the global.name setting.
+*/}}
+{{- define "docker-registry-ui.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else if .Values.global.name -}}
+{{- .Values.global.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "docker-registry-ui.chart" -}}
+{{- printf "%s-helm" .Chart.Name | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "docker-registry-ui.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels.
+*/}}
+{{- define "docker-registry-ui.labels" -}}
+app.kubernetes.io/name: {{ include "docker-registry-ui.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ include "docker-registry-ui.chart" . }}
+{{- end -}}

opencloud/charts/docker-registry-ui/templates/registry-deployment.yaml

@@ -0,0 +1,101 @@
+{{- if .Values.registry.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "docker-registry-ui.fullname" . }}-registry-server
+  labels:
+    app.kubernetes.io/component	: registry-server
+    {{- include "docker-registry-ui.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.registry.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/component	: registry-server
+      {{- include "docker-registry-ui.labels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component	: registry-server
+        {{- include "docker-registry-ui.labels" . | nindent 8 }}
+      {{- if .Values.registry.annotations }}
+      annotations:
+        {{- toYaml .Values.registry.annotations | nindent 8 }}
+      {{- end }}
+    spec:
+    {{- if ne (.Values.registry.imagePullSecrets | toString) "-" }}
+      imagePullSecrets:
+        {{- toYaml .Values.registry.imagePullSecrets | nindent 8 }}
+    {{- else }}
+      imagePullSecrets:
+        {{- toYaml .Values.global.imagePullSecrets | nindent 8 }}
+    {{- end}}
+      containers:
+        - name: "registry-server"
+          image: {{ .Values.registry.image | quote }}
+          imagePullPolicy: {{ if ne (.Values.registry.imagePullPolicy | toString) "-" }}{{ .Values.registry.imagePullPolicy }}{{ else }}{{ .Values.global.imagePullPolicy }}{{ end }}
+          env:
+            - name: REGISTRY_HTTP_ADDR
+              value: {{ printf "%s:%d" "0.0.0.0" (.Values.registry.service.targetPort | int) }}
+            {{- if .Values.ui.deleteImages }}
+            - name: REGISTRY_STORAGE_DELETE_ENABLED
+              value: 'true'
+            {{- end }}
+            {{- if .Values.registry.auth.basic.enabled }}
+            - name: REGISTRY_AUTH
+              value: htpasswd
+            - name: REGISTRY_AUTH_HTPASSWD_REALM
+              value: {{ if ne (.Values.registry.auth.basic.realm | toString) "-" }}{{ .Values.registry.auth.basic.realm }}{{ else }}{{ "Docker registry" }}{{ end }}
+            - name: REGISTRY_AUTH_HTPASSWD_PATH
+              value: {{ if ne (.Values.registry.auth.basic.htpasswdPath | toString) "-" }}{{ .Values.registry.auth.basic.htpasswdPath }}{{ else }}{{ "/etc/docker/registry/auth/htpasswd" }}{{ end }}
+            {{- end }}
+            {{- range .Values.registry.extraEnv }}
+            - name: {{ .name | quote }}
+              value: {{ .value | quote }}
+            {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.registry.service.targetPort }}
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /var/lib/registry
+              name: data
+            {{- if .Values.registry.auth.basic.enabled }}
+            - name: htpasswd
+              mountPath: {{ if ne (.Values.registry.auth.basic.htpasswdPath | toString) "-" }}{{ dir .Values.registry.auth.basic.htpasswdPath }}{{ else }}{{ "/etc/docker/registry/auth" }}{{ end }}
+              readOnly: true
+            {{- end }}
+          resources:
+            {{- toYaml .Values.registry.resources | nindent 12 }}
+      volumes:
+        - name: data
+          {{- if .Values.registry.dataVolume }}
+            {{- toYaml .Values.registry.dataVolume | nindent 10 }}
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
+        {{- if .Values.registry.auth.basic.enabled }}
+        - name: htpasswd
+          secret:
+            secretName: {{ if .Values.registry.auth.basic.secretName  }}{{ .Values.registry.auth.basic.secretName }}{{ else }}{{ fail "Basic auth secret name is required" }}{{ end }}
+        {{- end }}
+      {{- with .Values.registry.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.registry.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.registry.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- if not .Values.registry.runAsRoot }}
+      securityContext:
+        runAsUser: 101
+        fsGroup: 101
+    {{- end }}
+    {{- if .Values.registry.additionalSpec }}
+      {{ tpl .Values.registry.additionalSpec . | nindent 6 | trim }}
+    {{- end }}
+{{- end }}

opencloud/charts/docker-registry-ui/templates/registry-ingress.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.registry.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "docker-registry-ui.fullname" . }}-registry-server
+  labels:
+    app.kubernetes.io/component	: registry-server
+    {{- include "docker-registry-ui.labels" . | nindent 4 }}
+  {{- with .Values.registry.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.registry.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.registry.ingress.ingressClassName }}
+  {{- end -}}
+{{- if .Values.registry.ingress.tls }}
+  tls:
+{{ tpl (toYaml .Values.registry.ingress.tls) $ | indent 4 }}
+{{- end }}
+  rules:
+    - http:
+        paths:
+          - backend:
+              service:
+                name: {{ include "docker-registry-ui.fullname" . }}-registry-server
+                port:
+                  number: {{ .Values.registry.service.port }}
+            {{- if .Values.registry.ingress.path }}
+            path: {{ .Values.registry.ingress.path }}
+            {{- end }}
+            {{- if .Values.registry.ingress.pathType }}
+            pathType: {{ .Values.registry.ingress.pathType }}
+            {{- end }}
+      {{- if .Values.registry.ingress.host }}
+      host: {{ .Values.registry.ingress.host | quote }}
+      {{- end -}}
+{{- end }}

opencloud/charts/docker-registry-ui/templates/registry-service.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.registry.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "docker-registry-ui.fullname" . }}-registry-server
+  labels:
+    app.kubernetes.io/component	: registry-server
+    {{- include "docker-registry-ui.labels" . | nindent 4 }}
+  {{- with .Values.registry.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    app.kubernetes.io/component	: registry-server
+    {{- include "docker-registry-ui.labels" . | nindent 4 }}
+  type: {{ .Values.registry.service.type }}
+  ports:
+    - port: {{ .Values.registry.service.port }}
+      targetPort: {{ .Values.registry.service.targetPort }}
+      protocol: TCP
+      name: http
+      {{- if (and (eq .Values.registry.service.type "NodePort") .Values.registry.service.nodePort) }}
+      nodePort: {{ .Values.registry.service.nodePort }}
+      {{- end }}
+  {{- if .Values.registry.service.additionalSpec }}
+  {{ tpl .Values.registry.service.additionalSpec . | nindent 2 | trim }}
+  {{- end }}
+{{- end }}

opencloud/charts/docker-registry-ui/templates/ui-deployment.yaml

@@ -0,0 +1,139 @@
+{{- if and (not .Values.ui.runAsRoot) (lt (.Values.ui.service.targetPort | int) 1024) }}
+{{ fail "When `ui.runAsRoot` is false `ui.service.targetPort` must be less than 1024." }}
+{{- end }}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "docker-registry-ui.fullname" . }}-user-interface
+  labels:
+    app.kubernetes.io/component	: user-interface
+    {{- include "docker-registry-ui.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.ui.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/component	: user-interface
+      {{- include "docker-registry-ui.labels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component	: user-interface
+        {{- include "docker-registry-ui.labels" . | nindent 8 }}
+      {{- if .Values.ui.annotations }}
+      annotations:
+        {{- toYaml .Values.ui.annotations | nindent 8 }}
+      {{- end }}
+    spec:
+    {{- if ne (.Values.ui.imagePullSecrets | toString) "-" }}
+      imagePullSecrets:
+        {{- toYaml .Values.ui.imagePullSecrets | nindent 8 }}
+    {{- else }}
+      imagePullSecrets:
+        {{- toYaml .Values.global.imagePullSecrets | nindent 8 }}
+    {{- end}}
+      containers:
+        - name: "registry-ui"
+          image: {{ .Values.ui.image | quote }}
+          imagePullPolicy: {{ if ne (.Values.ui.imagePullPolicy | toString) "-" }}{{ .Values.ui.imagePullPolicy }}{{ else }}{{ .Values.global.imagePullPolicy }}{{ end }}
+          env:
+            - name: REGISTRY_TITLE
+              value: {{ .Values.ui.title | quote }}
+            - name: DELETE_IMAGES
+              value: {{ .Values.ui.deleteImages | quote }}
+            {{- if .Values.ui.proxy }}
+            {{- if .Values.ui.dockerRegistryUrl }}
+            - name: NGINX_PROXY_PASS_URL
+              value: {{ .Values.ui.dockerRegistryUrl | quote }}
+            {{- else if .Values.registry.enabled }}
+            - name: NGINX_PROXY_PASS_URL
+              value: {{ printf "http://%s-registry-server:%d" (include "docker-registry-ui.fullname" .) (.Values.registry.service.port | int) }}
+            {{- end }}
+            {{- range $header := .Values.ui.nginxProxyHeaders }}
+            {{- range $key, $value := $header }}
+            - name: {{ printf "NGINX_PROXY_HEADER_%s" $key }}
+              value: {{ $value }}
+            {{- end }}
+            {{- end }}
+            {{- range $header := .Values.ui.nginxProxyPassHeaders }}
+            - name: {{ printf "NGINX_PROXY_PASS_HEADER_%s" $header }}
+            {{- end }}
+            {{- else }}
+            - name: REGISTRY_URL
+              value: {{ .Values.ui.dockerRegistryUrl | quote }}
+            {{- end }}
+            - name: PULL_URL
+              value: {{ .Values.ui.pullUrl | quote }}
+            - name: SHOW_CATALOG_NB_TAGS
+              value: {{ .Values.ui.showCatalogNbTags | quote }}
+            - name: SHOW_CONTENT_DIGEST
+              value: {{ .Values.ui.showContentDigest | quote }}
+            - name: SINGLE_REGISTRY
+              value: {{ .Values.ui.singleRegistry | quote }}
+            - name: CATALOG_ELEMENTS_LIMIT
+              value: {{ .Values.ui.catalogElementsLimit | quote }}
+            - name: HISTORY_CUSTOM_LABELS
+              value: {{ .Values.ui.historyCustomLabels | join "," }}
+            - name: NGINX_LISTEN_PORT
+              value: {{ .Values.ui.service.targetPort | quote }}
+            - name: USE_CONTROL_CACHE_HEADER
+              value: {{ .Values.ui.useControlCacheHeader | quote }}
+            - name: TAGLIST_ORDER
+              value: {{ .Values.ui.taglistOrder | quote }}
+            - name: CATALOG_DEFAULT_EXPANDED
+              value: {{ .Values.ui.catalogDefaultExpanded | quote }}
+            - name: CATALOG_MIN_BRANCHES
+              value: {{ .Values.ui.catalogMinBranches | quote }}
+            - name: CATALOG_MAX_BRANCHES
+              value: {{ .Values.ui.catalogMaxBranches | quote }}
+            - name: TAGLIST_PAGE_SIZE
+              value: {{ .Values.ui.taglistPageSize | quote }}
+            - name: REGISTRY_SECURED
+              value: {{ .Values.ui.registrySecured | quote }}
+            - name: THEME
+              value: {{ .Values.ui.defaultTheme | quote }}
+            - name: THEME_PRIMARY_TEXT
+              value: {{ .Values.ui.theme.primaryText | quote }}
+            - name: THEME_NEUTRAL_TEXT
+              value: {{ .Values.ui.theme.neutralText | quote }}
+            - name: THEME_BACKGROUND
+              value: {{ .Values.ui.theme.background | quote }}
+            - name: THEME_HOVER_BACKGROUND
+              value: {{ .Values.ui.theme.hoverBackground | quote }}
+            - name: THEME_ACCENT_TEXT
+              value: {{ .Values.ui.theme.accentText | quote }}
+            - name: THEME_HEADER_TEXT
+              value: {{ .Values.ui.theme.headerText | quote }}
+            - name: THEME_HEADER_BACKGROUND
+              value: {{ .Values.ui.theme.headerBackground | quote }}
+            - name: THEME_FOOTER_TEXT
+              value: {{ .Values.ui.theme.footerText | quote }}
+            - name: THEME_FOOTER_NEUTRAL_TEXT
+              value: {{ .Values.ui.theme.footerNeutralText | quote }}
+            - name: THEME_FOOTER_BACKGROUND
+              value: {{ .Values.ui.theme.footerBackground | quote }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.ui.service.targetPort }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.ui.resources | nindent 12 }}
+      {{- with .Values.ui.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.ui.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.ui.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- if not .Values.ui.runAsRoot }}
+      securityContext:
+        runAsUser: 101
+    {{- end }}
+    {{- if .Values.ui.additionalSpec }}
+      {{ tpl .Values.ui.additionalSpec . | nindent 6 | trim }}
+    {{- end }}

opencloud/charts/docker-registry-ui/templates/ui-ingress.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.ui.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "docker-registry-ui.fullname" . }}-user-interface
+  labels:
+    app.kubernetes.io/component	: user-interface
+    {{- include "docker-registry-ui.labels" . | nindent 4 }}
+  {{- with .Values.ui.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ui.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.ui.ingress.ingressClassName }}
+  {{- end -}}
+{{- if .Values.ui.ingress.tls }}
+  tls:
+{{ tpl (toYaml .Values.ui.ingress.tls) $ | indent 4 }}
+{{- end }}
+  rules:
+    - http:
+        paths:
+          - backend:
+              service:
+                name: {{ include "docker-registry-ui.fullname" . }}-user-interface
+                port:
+                  number: {{ .Values.ui.service.port }}
+            {{- if .Values.ui.ingress.path }}
+            path: {{ .Values.ui.ingress.path }}
+            {{- end }}
+            {{- if .Values.ui.ingress.pathType }}
+            pathType: {{ .Values.ui.ingress.pathType }}
+            {{- end }}
+      {{- if .Values.ui.ingress.host }}
+      host: {{ .Values.ui.ingress.host | quote }}
+      {{- end -}}
+{{- end }}

opencloud/charts/docker-registry-ui/templates/ui-service.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "docker-registry-ui.fullname" . }}-user-interface
+  labels:
+    app.kubernetes.io/component	: user-interface
+    {{- include "docker-registry-ui.labels" . | nindent 4 }}
+  {{- with .Values.ui.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    app.kubernetes.io/component	: user-interface
+    {{- include "docker-registry-ui.labels" . | nindent 4 }}
+  type: {{ .Values.ui.service.type }}
+  ports:
+    - port: {{ .Values.ui.service.port }}
+      targetPort: {{ .Values.ui.service.targetPort }}
+      protocol: TCP
+      name: http
+      {{- if (and (eq .Values.ui.service.type "NodePort") .Values.ui.service.nodePort) }}
+      nodePort: {{ .Values.ui.service.nodePort }}
+      {{- end }}
+  {{- if .Values.ui.service.additionalSpec }}
+  {{ tpl .Values.ui.service.additionalSpec . | nindent 2 | trim }}
+  {{- end }}