vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add quay-kubernetes package / Add quay CD to k8s

Browse source
This commit is contained in:
Antoine Legrand 2017-07-17 01:24:31 +02:00
parent 2f750bfc87
commit 1d0313229e
45 changed files with 1129 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

53
deploy/quay-app/templates/conf/config.libsonnet Normal file
View file

@ -0,0 +1,53 @@
function(vars)
{
BUILDLOGS_REDIS: vars.redisconf,
USER_EVENTS_REDIS: vars.redisconf,
DB_URI: vars.db_uri,
SETUP_COMPLETE: true,
# Not deployed, features forced turn off
FEATURE_SECURITY_SCANNER: false,
FEATURE_BUILD_SUPPORT: false,
FEATURE_ACI_CONVERSION: false,
FEATURE_GITHUB_BUILD: false,
FEATURE_BITBUCKET_BUILD: false,
FEATURE_GITLAB_BUILD: false,
GITHUB_TRIGGER_CONFIG: null,
GITLAB_TRIGGER_KIND: {},
AUTHENTICATION_TYPE: "Database",
PREFERRED_URL_SCHEME: "https",
SERVER_HOSTNAME: vars.ingress.domains[0],
EXTERNAL_TLS_TERMINATION: true,
INSTANCE_SERVICE_KEY_KID_LOCATION: 'conf/quay.kid',
INSTANCE_SERVICE_KEY_LOCATION: 'conf/quay.pem',
}
# local s3_storage = { local_us: ["S3Storage",
# {storage_path: "",
# s3_access_key: vars.storage.s3.access_key,
# s3_secret_key: vars.storage.s3.secret_key,
# s3_bucket: vars.storage.s3.bucket},
# ]
# };
# extra: {
# REGISTRY_TITLE: "Quay (%s)" % vars.ingress.host,
# REGISTRY_TITLE_SHORT: "Quay (%s)" % vars.ingress.host,
# TESTING: true,
# DEBUGGING: true,
# USE_CDN: false,
# FEATURE_ANONYMOUS_ACCESS: true,
# FEATURE_MAILING: false,
# AUTHENTICATION_TYPE: "Database",
# ENTERPRISE_LOGO_URL: "/static/img/quay-logo.png",
# LOG_ARCHIVE_LOCATION: "default",
# TAG_EXPIRATION_OPTIONS: ["2d"],
# DISTRIBUTED_STORAGE_CONFIG: {
# default: [
# "LocalStorage",
# {storage_path: "/datastorage/registry"}]},
# DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: [],
# DISTRIBUTED_STORAGE_PREFERENCE: ["default"],
# USERFILES_LOCATION: "default",
# USERFILES_PATH: "userfiles/",
# }
# }

7
deploy/quay-app/templates/conf/syslog-ng-extra.conf Normal file
View file

@ -0,0 +1,7 @@
destination d_stdout {
pipe("/dev/stdout");
};
log {
source(s_src); destination(d_stdout);
};

37
deploy/quay-app/templates/quay-dev-initdb-job.yaml Normal file
View file

@ -0,0 +1,37 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: quay-dev-initdb
spec:
activeDeadlineSeconds: 100
template:
metadata:
name: quay-dev-initdb
spec:
containers:
- name: quay
image: quay.io/quay/quay-ci:master
env:
- name: TEST_DATABASE_URI
value: "postgres://"
- name: SKIP_DB_SCHEMA
value: "true"
command:
- venv/bin/python
- initdb.py
volumeMounts:
- name: configvolume
readOnly: false
mountPath: /conf/stack
resources:
limits:
cpu: 500m
memory: 500Mi
imagePullSecrets:
- name: coreos-pull-secret
volumes:
- name: configvolume
secret:
secretName: quay-enterprise-config-secret
restartPolicy: Never

55
deploy/quay-app/templates/quay-enterprise-app-dp.yaml Normal file
View file

@ -0,0 +1,55 @@
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
namespace: quay-enterprise
name: quay-enterprise-app
labels:
quay-enterprise-component: app
spec:
replicas: 1
template:
metadata:
labels:
quay-enterprise-component: app
spec:
serviceAccountName: "quay-enterprise"
containers:
- name: quay-enterprise-app
livenessProbe:
httpGet:
path: /status
port: 80
initialDelaySeconds: 300
periodSeconds: 30
failureThreshold: 3
successThreshold: 1
readinessProbe:
httpGet:
path: /status
port: 80
initialDelaySeconds: 45
failureThreshold: 6
periodSeconds: 20
env:
- name: QE_K8S_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: {{image}}
ports:
- containerPort: 80
volumeMounts:
- name: configvolume
readOnly: false
mountPath: /conf/stack
resources:
limits:
cpu: 1
memory: 2Gi
imagePullSecrets:
- name: coreos-pull-secret
volumes:
- name: configvolume
secret:
secretName: quay-enterprise-config-secret

31
deploy/quay-app/templates/quay-enterprise-ingress.libsonnet Normal file
View file

@ -0,0 +1,31 @@
function(ingress={ class: 'none', tls: "true", domains: ['quay.example.com'] })
{
apiVersion: "extensions/v1beta1",
kind: "Ingress",
metadata: {
annotations: {
"kubernetes.io/ingress.class": ingress.class,
[if std.type(ingress.tls) == "string" then ingress.tls]: "true"} +
if std.objectHas(ingress, "annotations") then ingress.annotations else {},
name: "quay-enterprise",
},
spec: {
rules: [{
host: domain,
http: {
paths: [{
backend: {
serviceName: "quay-enterprise",
servicePort: 80,},
path: "/"}]},
} for domain in ingress.domains],
} +
if std.type(ingress.tls) == "string" then
{tls: [{
hosts: ingress.domains,
secretName: "quay-enterprise-tls",
}]} else {},
}

14
deploy/quay-app/templates/quay-enterprise-pullsecret.libsonnet Normal file
View file

@ -0,0 +1,14 @@
local appr = import "appr.libsonnet";
function(variables={})
{
local docker_login = [variables.docker_user, variables.docker_pass],
data: {
".dockercfg": appr.b64encode('{"quay.io": {"username": "%s", "password": "%s","email":"toto@toto.com","auth": "%s"}}' % (docker_login + [appr.b64encode("%s:%s" % docker_login)])),
},
kind: "Secret",
metadata: {
name: "coreos-pull-secret",
},
type: "kubernetes.io/dockercfg"
}

13
deploy/quay-app/templates/quay-enterprise-redis-service.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
namespace: quay-redis
name: quay-redis
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 6379
targetPort: 6379
selector:
quay-enterprise-component: redis

24
deploy/quay-app/templates/quay-enterprise-redis.yaml Normal file
View file

@ -0,0 +1,24 @@
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
namespace: quay-enterprise
name: quay-enterprise-redis
labels:
quay-enterprise-component: redis
spec:
replicas: 1
template:
metadata:
labels:
quay-enterprise-component: redis
spec:
containers:
- name: redis-master
image: quay.io/quay/redis
ports:
- containerPort: 6379
resources:
limits:
cpu: 100m
memory: 500Mi

21
deploy/quay-app/templates/quay-enterprise-role.libsonnet Normal file
View file

@ -0,0 +1,21 @@
local appr = import "appr.libsonnet";
function(vars={})
{
kind: "Role",
apiVersion: 'rbac.authorization.k8s.io/v1beta1',
metadata: {
name: "quay-enterprise",
},
rules: [
{
apiGroups: [""],
resources: ["secrets"],
verbs: ["get", "update", "patch"],
},
{
apiGroups: [""],
resources: ["namespaces"],
verbs: ["get"],
},
],
}

21
deploy/quay-app/templates/quay-enterprise-rolebinding.libsonnet Normal file
View file

@ -0,0 +1,21 @@
function(vars={})
{
apiVersion: "rbac.authorization.k8s.io/v1beta1",
kind: "RoleBinding",
metadata: {
name: "quay-enterprise-binding",
namespace: vars.namespace,
},
roleRef: {
apiGroup: "rbac.authorization.k8s.io",
kind: "Role",
name: "quay-enterprise",
},
subjects: [
{
kind: "ServiceAccount",
name: "quay-enterprise",
namespace: vars.namespace,
}
]
}

34
deploy/quay-app/templates/quay-enterprise-secret.libsonnet Normal file
View file

@ -0,0 +1,34 @@
local appr = import "appr.libsonnet";
local b64e = appr.b64decode;
function(vars={})
# Deserialize config.yaml if exists
local local_stack_config = (
local confpath = "config.yaml";
if std.objectHasAll(vars.stack_files, confpath)
then appr.loadObject(appr.b64decode(vars.stack_files[confpath]))
else {}
);
# Merge all config together
# Precedence: package-config (vars.config) < local stack/config.yaml < base-config (vars.base-config)
local config_yaml = {'config.yaml': appr.b64encode(appr.to_yaml(
vars.config +
local_stack_config +
vars.base_config))};
# Merge stack files
local stack_files = vars.stack_files + config_yaml;
{
apiVersion: "v1",
kind: "Secret",
metadata: {
namespace: "quay-enterprise",
name: "quay-enterprise-config-secret"},
# base64 encode all files
data: { [file]: stack_files[file]
for file in std.objectFields(stack_files) if stack_files[file] != null}
}

13
deploy/quay-app/templates/quay-enterprise-service.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
namespace: quay-enterprise
name: quay-enterprise
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
quay-enterprise-component: app