jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
config-driven
provisioning/o-klab/sgoyol/clusters/oci-reg.k

251 lines
8.5 KiB
Plaintext
Raw Permalink Normal View History

chore: add current provisioning state before migration
2025-09-22 22:11:41 +00:00
_http = OCIRegHTTP {
address = "0.0.0.0",
port = 5000
realm = "zot"
tls = OCIRegTLS {
cert = "/etc/zot/ssl/fullchain.pem",
key = "/etc/zot/ssl/privkey.pem"
}
auth = OCIRegAuth {
htpasswd = OCIRegHtpasswd { path = "/etc/zot/htpasswd" }
failDelay = 5
}
}
_log = OCIRegLog {
level = "debug",
output = "/var/log/zot/zot.log",
audit = "/var/log/zot/zot-audit.log"
}
if _kys != Undefined and _kys.oci_reg_s3.accesskey != Undefined and _kys.oci_reg_s3.accesskey == "":
#if _kys.storageDriver == Undefined:
_oci_config = OCIRegConfig {
storage = OCIRegStorage {
rootDirectory = "/data/zot/"
dedupe = True
storageDriver = OCIRegStorageDriver {
name = "s3",
rootdirectory = "/zot",
region = "europe-1",
bucket = "termas",
secure = True,
regionendpoint = "https://50bv2.upcloudobjects.com",
accesskey = "_kys.oci_reg_s3.accesskey",
secretkey = "_kys.oci_reg_s3.secretkey",
skipverify = False
}
}
http = _http
log = _log
}
else:
_oci_config = OCIRegConfig {
storage = OCIRegStorage {
rootDirectory = "/data/zot/"
gc = True
gcDelay = "1h"
gcInterval = "6h"
}
http = _http
log = _log
extensions = OCIRegExtensions {
ui = OCIRegExtUI { enable = True }
search = OCIRegExtSearch { enable = True }
}
}
service = OCIReg {
not_use = False
name = "oci-reg"
version = "1.0.1"
template = "k8s-deploy"
def ="K8sDeploy"
oci_memory_high = 15
oci_memory_max = 16
copy_paths = ["reg-ssl|ssl"]
config = _oci_config
#admin_host = "lab-cp-0"
# Cluster services admin hosts port to connect via SSH
#admin_port = 22
# Cluster services admin user connect via SSH
#admin_user = "root"
#admin_user = "admin"
#local_def_path = "services/web"
}
_k8s_dply = provisioning.K8sDefs {
name = "reg"
domain = "librecloud"
ns = "${name}-${domain}"
primary_dom = "online"
full_domain = "${name}.${domain}.${primary_dom}"
cluster_domain = "svc.cluster.local"
}
k8s_deploy = provisioning.K8sDeploy {
name = "${_k8s_dply.name}"
#name_in_files = "${name}"
namespace = "${_k8s_dply.ns}"
create_ns = True
full_domain = "${_k8s_dply.full_domain}"
labels = [
provisioning.K8sKeyVal{key ="app",value= "${name}"},
provisioning.K8sKeyVal{key ="target",value = "${_k8s_dply.domain}"},
provisioning.K8sKeyVal{key ="registry",value = "oci"},
]
spec = provisioning.K8sDeploySpec {
replicas = 1
#hostUser = False
containers = [
provisioning.K8sContainers {
name = "zot"
image = "ghcr.io/project-zot/zot-linux-amd64:v2.0.0"
#cmd = ""
imagePull = "IfNotPresent"
#env = [
# provisioning.K8sKeyVal{key ="registry",value = "oci"},
# }
#]
ports = [
provisioning.K8sPort {
name = "main"
typ = ""
container = 5000
#target_port = 0
}
]
volumeMounts = [
provisioning.K8sVolumeMount {
name = "${_k8s_dply.name}-vol-data"
mountPath = "/data"
},
provisioning.K8sVolumeMount {
name = "${_k8s_dply.name}-vol-log"
mountPath = "/var/log/zot"
},
provisioning.K8sVolumeMount {
name = "${_k8s_dply.name}-etc"
readOnly = True
mountPath = "/etc/zot/config.json"
subPath = "config.json"
},
provisioning.K8sVolumeMount {
name = "${_k8s_dply.name}-etc"
readOnly = True
mountPath = "/etc/zot/htpasswd"
subPath = "htpasswd"
},
provisioning.K8sVolumeMount {
name = "${_k8s_dply.name}-certs"
readOnly = True
mountPath = "/etc/zot/ssl"
}
]
resources_limits = provisioning.K8sResources { memory = "128Mi", cpu = "500Mi" }
resources_requests = provisioning.K8sResources { memory = "64Mi", cpu = "250m" }
},
]
volumes = [
provisioning.K8sVolume {
name = "${_k8s_dply.name}-vol-data"
typ = "volumeClaim"
persitentVolumeClaim = provisioning.K8sVolumeClaim {
name = "${_k8s_dply.name}-claim-data"
storageClassName: "nfs-client"
storage = "5Gi"
reclaimPolicy = "Retain"
}
},
provisioning.K8sVolume {
name = "${_k8s_dply.name}-vol-log"
typ = "volumeClaim"
persitentVolumeClaim = provisioning.K8sVolumeClaim {
name = "${_k8s_dply.name}-claim-log"
storageClassName: "nfs-client"
storage = "1Gi"
reclaimPolicy = "Retain"
}
},
provisioning.K8sVolume {
name = "${_k8s_dply.name}-etc"
typ = "configMap"
items = [
provisioning.K8sKeyPath{key = "htpasswd",path = "htpasswd"},
provisioning.K8sKeyPath{key = "config.json",path = "config.json"}
]
},
provisioning.K8sVolume {
name = "${_k8s_dply.name}-certs"
typ = "secret"
items = [
provisioning.K8sKeyPath{key = "tls.crt",path = "fullchain.pem"},
provisioning.K8sKeyPath{key = "tls.key",path = "privkey.pem"}
]
},
]
secrets = [
provisioning.K8sSecret{
name = ""
items = [
provisioning.K8sKeyPath{key = "target",path = "librecloud"}
]
}
]
}
prxy = "istio"
prxy_ns = "istio-system"
prxyGatewayServers = [
provisioning.K8sPrxyGatewayServer{
port = provisioning.K8sPrxyPort { name = "http-reg", number = 80, proto = "HTTP" }
tls = provisioning.K8sPrxyTLS { httpsRedirect = True, mode = "" }
hosts = ["${_k8s_dply.full_domain}"]
},
provisioning.K8sPrxyGatewayServer{
port = provisioning.K8sPrxyPort { name = "https-reg", number = 5000, proto = "HTTPS" }
tls = provisioning.K8sPrxyTLS { mode = "PASSTHROUGH" }
#tls = provisioning.K8sPrxyTLS { mode = "SIMPLE", credentialName = "${_k8s_dply.name}-credentials" }
hosts = ["${_k8s_dply.full_domain}"]
},
]
prxyVirtualService = provisioning.K8sPrxyVirtualService{
hosts = ["${_k8s_dply.full_domain}"]
gateways = ["${_k8s_dply.name}-${_k8s_dply.ns}-gwy"]
matches = [
provisioning.K8sPrxyVirtualServiceMatch {
typ = "tcp",
location = [
provisioning.K8sPrxyVirtualServiceMatchURL { port: 443, } #sniHosts = ["${_k8s_dply.full_domain}"]
],
route_destination = [
provisioning.K8sPrxyVirtualServiceRoute {
port_number = 5000,
host = "${_k8s_dply.name}.${_k8s_dply.ns}.${_k8s_dply.cluster_domain}"
}
],
}
]
}
tls_path = "ssl"
bin_apply = True
service = provisioning.K8sService{
name = ""
typ = "NodePort"
ports = [
provisioning.K8sPort{
name = "main"
#proto = ""
container = 5000
#target_port = 0
}
]
}
# backups = [
# provisioning.K8sBackup{
# name = ""
# typ = ""
# mount_path = ""
# }
# ]
}
Reference in New Issue Copy Permalink