Add quay-kubernetes package / Add quay CD to k8s
This commit is contained in:
Antoine Legrand
parent
2f750bfc87
commit
1d0313229e
45 changed files with 1129 additions and 10 deletions
155
deploy/quay-app/manifest.jsonnet
Normal file
155
deploy/quay-app/manifest.jsonnet
Normal file
|
|
@ -0,0 +1,155 @@
|
|||
local appr = import 'appr.libsonnet';
|
||||
local quaylib = import 'lib/quay.libsonnet';
|
||||
|
||||
function(
|
||||
params={}
|
||||
)
|
||||
|
||||
|
||||
appr.package({
|
||||
package: import "Chart.jsonnet",
|
||||
|
||||
variables: {
|
||||
namespace: 'default',
|
||||
cluster_domain_name: 'cluster.local',
|
||||
|
||||
# Minimum configuration
|
||||
base_config: (import "templates/conf/config.libsonnet")($.variables),
|
||||
|
||||
# Additional values stack/config.yaml values
|
||||
config: {},
|
||||
|
||||
# path to the local stack configuration directory
|
||||
stack_path: "stack",
|
||||
|
||||
# load local `stack` directory if exists
|
||||
stack_files: {
|
||||
"syslog-ng-extra.conf": appr.b64encode(importstr "templates/conf/syslog-ng-extra.conf")} +
|
||||
if $.variables.license != null then {"license": appr.b64encode($.variables.license) } else {} +
|
||||
quaylib.load_stack_files($.variables.stack_path),
|
||||
|
||||
# load license
|
||||
license: null,
|
||||
|
||||
# Image tag and repo
|
||||
tag: $.package.version,
|
||||
image: 'quay.io/quay/quay:%s' % self.tag,
|
||||
|
||||
# Used in the pull secret
|
||||
docker_user: 'changeme',
|
||||
docker_pass: 'changeme',
|
||||
|
||||
# Redis configuration
|
||||
redis_host: 'quay-redis.%s.svc.%s:6379' % [$.variables.namespace, $.variables.cluster_domain_name],
|
||||
redisconf: {redis_parts:: std.split($.variables.redis_host, ":"),
|
||||
"host": self.redis_parts[0], port: self.redis_parts[1]},
|
||||
|
||||
# Configure the ingress with the ingress controller class and domain to use
|
||||
domain: 'quay.%s.example.com' % $.variables.namespace,
|
||||
ingress: {
|
||||
class: 'nginx',
|
||||
tls: "kubernetes.io/tls-acme",
|
||||
domains: std.split($.variables.domain, ','),
|
||||
annotations: {}
|
||||
},
|
||||
|
||||
# Force to reload the secret/configuration
|
||||
reconfigure: "false",
|
||||
|
||||
# Deploy a postgres (don't use it for prod)
|
||||
deploy_db: 'false',
|
||||
|
||||
# Postgres deployment configuratio
|
||||
db: {
|
||||
user: 'quay',
|
||||
password: 'quay',
|
||||
name: 'quay',
|
||||
},
|
||||
|
||||
# Quay DB_URI
|
||||
db_uri: 'postgresql://%s:%s@postgres.%s.svc.%s/%s' % [$.variables.db.user,
|
||||
$.variables.db.password,
|
||||
$.variables.namespace,
|
||||
$.variables.cluster_domain_name,
|
||||
$.variables.db.name],
|
||||
|
||||
},
|
||||
|
||||
|
||||
# ServiceAccount to attach Rbac rules
|
||||
resources: appr.compact([ # + appr.importResourceDir('templates/')
|
||||
{
|
||||
value: {apiVersion: 'v1', kind: 'ServiceAccount',
|
||||
metadata: {name: 'quay-enterprise'}}
|
||||
},
|
||||
|
||||
# Grant secret read/write permission inside the namespace
|
||||
{
|
||||
value: (import 'templates/quay-enterprise-role.libsonnet')($.variables),
|
||||
},
|
||||
|
||||
# Bind role to the Service account
|
||||
{
|
||||
value: (import 'templates/quay-enterprise-rolebinding.libsonnet')($.variables),
|
||||
},
|
||||
|
||||
# Quay.io robot / user account. Protected from default values
|
||||
{
|
||||
value: (import 'templates/quay-enterprise-pullsecret.libsonnet')($.variables),
|
||||
protected: if $.variables.docker_user == "changeme" || $.variables.docker_pass == "changeme"
|
||||
then true else false
|
||||
},
|
||||
|
||||
# Quay configuration files (quay/conf/stack), automatically read local the "./stack" directory to load values.
|
||||
# Values can also be loaded from $.variables.stack_files
|
||||
# Protected unless explicitly requested (reconfigure == "true").
|
||||
{
|
||||
value: (import 'templates/quay-enterprise-secret.libsonnet')($.variables),
|
||||
protected: if $.variables.reconfigure == "true" then false else true
|
||||
},
|
||||
|
||||
# Quay-registry deployment
|
||||
# Force a rollout when the secret is reconfigured by updating a label (see randLabel)
|
||||
{
|
||||
value: appr.loadObject(appr.jinja2(importstr 'templates/quay-enterprise-app-dp.yaml', $.variables)) +
|
||||
if $.variables.reconfigure == "true" then
|
||||
# trigger a rollout
|
||||
quaylib.rand_label()
|
||||
else {}
|
||||
}, # + {value+: if $.variables.reconfigure == "true" then randLabel() else {},},
|
||||
|
||||
{
|
||||
template: (importstr 'templates/quay-enterprise-service.yaml'),
|
||||
},
|
||||
|
||||
# Redis
|
||||
{
|
||||
template: (importstr 'templates/quay-enterprise-redis-service.yaml'),
|
||||
},
|
||||
|
||||
{
|
||||
template: (importstr 'templates/quay-enterprise-redis.yaml'),
|
||||
},
|
||||
|
||||
|
||||
# Ingress, assumes usage of kube-lego and an ingress controller.
|
||||
# see variables.ingress for configuration
|
||||
{
|
||||
value: (import 'templates/quay-enterprise-ingress.libsonnet')($.variables.ingress),
|
||||
},
|
||||
|
||||
|
||||
]),
|
||||
|
||||
|
||||
deploy: appr.compact([
|
||||
if $.variables.deploy_db == 'true' then
|
||||
{name: 'quay/postgres-app',
|
||||
variables: {
|
||||
user: $.variables.db.user,
|
||||
dbname: $.variables.db.name,
|
||||
password: $.variables.db.password
|
||||
}},
|
||||
{name: '$self'},
|
||||
]),
|
||||
}, params)
|
||||
Reference in a new issue