_http = OCIRegHTTP { address = "0.0.0.0", port = 5000 realm = "zot" tls = OCIRegTLS { cert = "/etc/zot/ssl/fullchain.pem", key = "/etc/zot/ssl/privkey.pem" } auth = OCIRegAuth { htpasswd = OCIRegHtpasswd { path = "/etc/zot/htpasswd" } failDelay = 5 } } _log = OCIRegLog { level = "debug", output = "/var/log/zot/zot.log", audit = "/var/log/zot/zot-audit.log" } if _kys != Undefined and _kys.oci_reg_s3.accesskey != Undefined and _kys.oci_reg_s3.accesskey == "": #if _kys.storageDriver == Undefined: _oci_config = OCIRegConfig { storage = OCIRegStorage { rootDirectory = "/data/zot/" dedupe = True storageDriver = OCIRegStorageDriver { name = "s3", rootdirectory = "/zot", region = "europe-1", bucket = "termas", secure = True, regionendpoint = "https://50bv2.upcloudobjects.com", accesskey = "_kys.oci_reg_s3.accesskey", secretkey = "_kys.oci_reg_s3.secretkey", skipverify = False } } http = _http log = _log } else: _oci_config = OCIRegConfig { storage = OCIRegStorage { rootDirectory = "/data/zot/" gc = True gcDelay = "1h" gcInterval = "6h" } http = _http log = _log extensions = OCIRegExtensions { ui = OCIRegExtUI { enable = True } search = OCIRegExtSearch { enable = True } } } service = OCIReg { not_use = False name = "oci-reg" version = "1.0.1" template = "k8s-deploy" def ="K8sDeploy" oci_memory_high = 15 oci_memory_max = 16 copy_paths = ["reg-ssl|ssl"] config = _oci_config #admin_host = "lab-cp-0" # Cluster services admin hosts port to connect via SSH #admin_port = 22 # Cluster services admin user connect via SSH #admin_user = "root" #admin_user = "admin" #local_def_path = "services/web" } _k8s_dply = provisioning.K8sDefs { name = "reg" domain = "librecloud" ns = "${name}-${domain}" primary_dom = "online" full_domain = "${name}.${domain}.${primary_dom}" cluster_domain = "svc.cluster.local" } k8s_deploy = provisioning.K8sDeploy { name = "${_k8s_dply.name}" #name_in_files = "${name}" namespace = "${_k8s_dply.ns}" create_ns = True full_domain = "${_k8s_dply.full_domain}" labels = [ provisioning.K8sKeyVal{key ="app",value= "${name}"}, provisioning.K8sKeyVal{key ="target",value = "${_k8s_dply.domain}"}, provisioning.K8sKeyVal{key ="registry",value = "oci"}, ] spec = provisioning.K8sDeploySpec { replicas = 1 #hostUser = False containers = [ provisioning.K8sContainers { name = "zot" image = "ghcr.io/project-zot/zot-linux-amd64:v2.0.0" #cmd = "" imagePull = "IfNotPresent" #env = [ # provisioning.K8sKeyVal{key ="registry",value = "oci"}, # } #] ports = [ provisioning.K8sPort { name = "main" typ = "" container = 5000 #target_port = 0 } ] volumeMounts = [ provisioning.K8sVolumeMount { name = "${_k8s_dply.name}-vol-data" mountPath = "/data" }, provisioning.K8sVolumeMount { name = "${_k8s_dply.name}-vol-log" mountPath = "/var/log/zot" }, provisioning.K8sVolumeMount { name = "${_k8s_dply.name}-etc" readOnly = True mountPath = "/etc/zot/config.json" subPath = "config.json" }, provisioning.K8sVolumeMount { name = "${_k8s_dply.name}-etc" readOnly = True mountPath = "/etc/zot/htpasswd" subPath = "htpasswd" }, provisioning.K8sVolumeMount { name = "${_k8s_dply.name}-certs" readOnly = True mountPath = "/etc/zot/ssl" } ] resources_limits = provisioning.K8sResources { memory = "128Mi", cpu = "500Mi" } resources_requests = provisioning.K8sResources { memory = "64Mi", cpu = "250m" } }, ] volumes = [ provisioning.K8sVolume { name = "${_k8s_dply.name}-vol-data" typ = "volumeClaim" persitentVolumeClaim = provisioning.K8sVolumeClaim { name = "${_k8s_dply.name}-claim-data" storageClassName: "nfs-client" storage = "5Gi" reclaimPolicy = "Retain" } }, provisioning.K8sVolume { name = "${_k8s_dply.name}-vol-log" typ = "volumeClaim" persitentVolumeClaim = provisioning.K8sVolumeClaim { name = "${_k8s_dply.name}-claim-log" storageClassName: "nfs-client" storage = "1Gi" reclaimPolicy = "Retain" } }, provisioning.K8sVolume { name = "${_k8s_dply.name}-etc" typ = "configMap" items = [ provisioning.K8sKeyPath{key = "htpasswd",path = "htpasswd"}, provisioning.K8sKeyPath{key = "config.json",path = "config.json"} ] }, provisioning.K8sVolume { name = "${_k8s_dply.name}-certs" typ = "secret" items = [ provisioning.K8sKeyPath{key = "tls.crt",path = "fullchain.pem"}, provisioning.K8sKeyPath{key = "tls.key",path = "privkey.pem"} ] }, ] secrets = [ provisioning.K8sSecret{ name = "" items = [ provisioning.K8sKeyPath{key = "target",path = "librecloud"} ] } ] } prxy = "istio" prxy_ns = "istio-system" prxyGatewayServers = [ provisioning.K8sPrxyGatewayServer{ port = provisioning.K8sPrxyPort { name = "http-reg", number = 80, proto = "HTTP" } tls = provisioning.K8sPrxyTLS { httpsRedirect = True, mode = "" } hosts = ["${_k8s_dply.full_domain}"] }, provisioning.K8sPrxyGatewayServer{ port = provisioning.K8sPrxyPort { name = "https-reg", number = 5000, proto = "HTTPS" } tls = provisioning.K8sPrxyTLS { mode = "PASSTHROUGH" } #tls = provisioning.K8sPrxyTLS { mode = "SIMPLE", credentialName = "${_k8s_dply.name}-credentials" } hosts = ["${_k8s_dply.full_domain}"] }, ] prxyVirtualService = provisioning.K8sPrxyVirtualService{ hosts = ["${_k8s_dply.full_domain}"] gateways = ["${_k8s_dply.name}-${_k8s_dply.ns}-gwy"] matches = [ provisioning.K8sPrxyVirtualServiceMatch { typ = "tcp", location = [ provisioning.K8sPrxyVirtualServiceMatchURL { port: 443, } #sniHosts = ["${_k8s_dply.full_domain}"] ], route_destination = [ provisioning.K8sPrxyVirtualServiceRoute { port_number = 5000, host = "${_k8s_dply.name}.${_k8s_dply.ns}.${_k8s_dply.cluster_domain}" } ], } ] } tls_path = "ssl" bin_apply = True service = provisioning.K8sService{ name = "" typ = "NodePort" ports = [ provisioning.K8sPort{ name = "main" #proto = "" container = 5000 #target_port = 0 } ] } # backups = [ # provisioning.K8sBackup{ # name = "" # typ = "" # mount_path = "" # } # ] }