Fixing stuff for production deployment

2025-02-24 10:00:06 +01:00
parent ab70717458
commit 1ef92e5975
35 changed files with 1566 additions and 7 deletions
--- a/opencloud/templates/oc-aggregator/deployment.yaml
+++ b/opencloud/templates/oc-aggregator/deployment.yaml
@@ -15,6 +15,10 @@ spec:
      labels:
        app: oc-aggregator
    spec:
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocAggregator.image }}"
        name: oc-aggregator
--- a/opencloud/templates/oc-auth/deployment.yaml
+++ b/opencloud/templates/oc-auth/deployment.yaml
@@ -22,7 +22,11 @@ spec:
            secretName: public-key-secret
        - name: private-key-volume
          secret:
-            secretName: private-key-secret    
+            secretName: private-key-secret  
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocAuth.image }}"
        name: oc-auth
--- a/opencloud/templates/oc-catalog/deployment.yaml
+++ b/opencloud/templates/oc-catalog/deployment.yaml
@@ -15,6 +15,10 @@ spec:
      labels:
        app: oc-catalog
    spec:
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocCatalog.image }}"
        name: oc-catalog
--- a/opencloud/templates/oc-datacenter/deployment.yaml
+++ b/opencloud/templates/oc-datacenter/deployment.yaml
@@ -15,6 +15,10 @@ spec:
      labels:
        app: oc-datacenter
    spec:
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocDatacenter.image }}"
        name: oc-datacenter
--- a/opencloud/templates/oc-discovery/deployment.yaml
+++ b/opencloud/templates/oc-discovery/deployment.yaml
@@ -15,6 +15,10 @@ spec:
      labels:
        app: oc-discovery
    spec:
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocDiscovery.image }}"
        name: oc-discovery
--- a/opencloud/templates/oc-front/deployment.yaml
+++ b/opencloud/templates/oc-front/deployment.yaml
@@ -19,6 +19,10 @@ spec:
          - name: config-volume
            configMap:
              name: front-config
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocFront.image }}"
        name: oc-front
--- a/opencloud/templates/oc-peer/deployment.yaml
+++ b/opencloud/templates/oc-peer/deployment.yaml
@@ -15,6 +15,10 @@ spec:
      labels:
        app: oc-peer
    spec:
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocPeer.image }}"
        name: oc-peer
--- a/opencloud/templates/oc-scheduler/deployment.yaml
+++ b/opencloud/templates/oc-scheduler/deployment.yaml
@@ -16,6 +16,10 @@ spec:
        app: oc-scheduler
    spec:
      serviceAccountName: scheduler-sa
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocScheduler.image }}"
        name: oc-scheduler
--- a/opencloud/templates/oc-schedulerd/deployment.yaml
+++ b/opencloud/templates/oc-schedulerd/deployment.yaml
@@ -15,6 +15,10 @@ spec:
      labels:
        app: oc-schedulerd
    spec:
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocSchedulerd.image }}"
        name: oc-schedulerd
--- a/opencloud/templates/oc-shared/deployment.yaml
+++ b/opencloud/templates/oc-shared/deployment.yaml
@@ -15,6 +15,10 @@ spec:
      labels:
        app: oc-shared
    spec:
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocShared.image }}"
        name: oc-shared
--- a/opencloud/templates/oc-workflow/deployment.yaml
+++ b/opencloud/templates/oc-workflow/deployment.yaml
@@ -15,6 +15,10 @@ spec:
      labels:
        app: oc-workflow
    spec:
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
      containers:
      - image: "{{ .Values.ocWorkflow.image }}"
        name: oc-shared
--- a/opencloud/templates/oc-workspace/deployment.yaml
+++ b/opencloud/templates/oc-workspace/deployment.yaml
@@ -32,4 +32,9 @@ spec:
          requests:
            cpu: "{{ .Values.ocWorkspace.resources.requests.cpu }}"
            memory: "{{ .Values.ocWorkspace.resources.requests.memory }}"
+      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
+
  {{- end }}
--- a/opencloud/templates/openCloudConf.yaml
+++ b/opencloud/templates/openCloudConf.yaml
@@ -23,5 +23,5 @@ data:
  OC_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}"
  OC_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.usernames 0 }}:{{ index .Values.mongodb.auth.passwords 0 }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}"
  OC_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}"
-  OC_NATS_URL: "nats://dev-nats.{{ .Release.Namespace }}:4222"
+  OC_NATS_URL: "nats://{{ .Release.Name }}-nats.{{ .Release.Namespace }}:4222"
  OC_LOKI_URL: "http://{{ .Release.Name }}-loki.{{ .Release.Namespace }}:3100"
--- a/opencloud/templates/registry/docker-registry.yaml
+++ b/opencloud/templates/registry/docker-registry.yaml
@@ -0,0 +1,86 @@
+{{- if index .Values "docker-registry-ui" "enabled" }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ index .Values "docker-registry-ui" "registry" "dataVolume" "persistentVolumeClaim" "claimName" }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  accessModes:
+    - {{ index .Values "docker-registry-ui" "registry" "persistence" "accessMode" }}
+  resources:
+    requests:
+      storage: {{ index .Values "docker-registry-ui" "registry" "persistence" "storage" }}
+  storageClassName: {{ index .Values "docker-registry-ui" "registry" "persistence" "storageClassName" }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: registry-ingress
+  namespace: {{ .Release.Namespace }}
+spec:
+  entryPoints:
+  - web
+  routes:
+  - kind: Rule
+    match: Host(`{{ .Values.registryHost }}`)
+    priority: 5
+    services:
+    - kind: Service
+      name:  {{ .Values.env }}-docker-registry-ui-registry-server
+      namespace: {{ .Release.Namespace }}
+      port: 5000
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: registry-ingress-ui
+  namespace: {{ .Release.Namespace }}
+spec:
+  entryPoints:
+  - web
+  routes:
+  - kind: Rule
+    match: Host(`{{ .Values.registryHost }}`) && PathPrefix(`/ui`)
+    priority: 10
+    services:
+    - kind: Service
+      name:  {{ .Values.env }}-docker-registry-ui-user-interface
+      namespace: {{ .Release.Namespace }}
+      port: 80
+    middlewares:
+      - name: strip-ui-prefix
+
+---
+apiVersion:  traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: strip-ui-prefix
+  namespace: {{ .Release.Namespace }}
+spec:
+  stripPrefix:
+    prefixes:
+      - "/ui"
+---
+#for htpasswd:
+#htpasswd -nbB opencloud_registry Cei9phee | tr -d '\n' | base64 -w 0 
+#for password in dockerconfigjson: 
+#echo "opencloud_registry:Cei9phee" | tr -d '\n' | base64 -w 0 
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry-basic-auth-secret #To configure docker server authentication
+  namespace: {{ .Release.Namespace }}
+data:
+  htpasswd: b3BlbmNsb3VkX3JlZ2lzdHJ5OiQyeSQwNSQ0cjFtV0h0Q3IzTmNPLjhqZjV2TkNPdkUvcFBkTDBmd1NFMkJ6bnI2azlmLjZhaVRHLzE1cQ==
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  name: {{ index .Values "docker-registry-ui" "registry" "secretName" }} #To configure docker client authentication against the server
+  namespace: {{ .Release.Namespace }}
+data:
+  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJyZWdpc3RyeS12YWFzLnBmLmlydC1zYWludGV4dXBlcnkuY29tIjogewoJCQkiYXV0aCI6ICJkbUZoYzE5eVpXZHBjM1J5ZVRva01ua2tNRFVrYjJFeFRFaERjVGw2TWs1WE55NVJjMlZFYVZjMFpUQjVSSGxsTDIxTFp5NUxValJPYkVGR1pqTlpkbnBaZW0weVdFRXlNaTQ9IgoJCX0KCX0KfQ==
+{{- end }}
--- a/opencloud/templates/registry/dockerconfigjson
+++ b/opencloud/templates/registry/dockerconfigjson
@@ -0,0 +1,7 @@
+{
+	"auths": {
+		"registry-vaas.pf.irt-saintexupery.com": {
+			"auth": "dmFhc19yZWdpc3RyeTokMnkkMDUkb2ExTEhDcTl6Mk5XNy5Rc2VEaVc0ZTB5RHllL21LZy5LUjRObEFGZjNZdnpZem0yWEEyMi4="
+		}
+	}
+}