local appr = import 'appr.libsonnet'; local quaylib = import 'lib/quay.libsonnet'; function( params={} ) appr.package({ package: import "Chart.jsonnet", variables: { namespace: 'default', cluster_domain_name: 'cluster.local', # Minimum configuration base_config: (import "templates/conf/config.libsonnet")($.variables), # Additional values stack/config.yaml values config: {}, # path to the local stack configuration directory stack_path: "stack", # load local `stack` directory if exists stack_files: { "syslog-ng-extra.conf": appr.b64encode(importstr "templates/conf/syslog-ng-extra.conf")} + if $.variables.license != null then {"license": appr.b64encode($.variables.license) } else {} + quaylib.load_stack_files($.variables.stack_path), # load license license: null, # Image tag and repo tag: $.package.version, image: 'quay.io/quay/quay:%s' % self.tag, # Used in the pull secret docker_user: 'changeme', docker_pass: 'changeme', # Redis configuration redis_host: 'quay-redis.%s.svc.%s:6379' % [$.variables.namespace, $.variables.cluster_domain_name], redisconf: {redis_parts:: std.split($.variables.redis_host, ":"), "host": self.redis_parts[0], port: self.redis_parts[1]}, # Configure the ingress with the ingress controller class and domain to use domain: 'quay.%s.example.com' % $.variables.namespace, ingress: { class: 'nginx', tls: "kubernetes.io/tls-acme", domains: std.split($.variables.domain, ','), annotations: {} }, # Force to reload the secret/configuration reconfigure: "false", # Deploy a postgres (don't use it for prod) deploy_db: 'false', # Postgres deployment configuratio db: { user: 'quay', password: 'quay', name: 'quay', }, # Quay DB_URI db_uri: 'postgresql://%s:%s@postgres.%s.svc.%s/%s' % [$.variables.db.user, $.variables.db.password, $.variables.namespace, $.variables.cluster_domain_name, $.variables.db.name], }, # ServiceAccount to attach Rbac rules resources: appr.compact([ # + appr.importResourceDir('templates/') { value: {apiVersion: 'v1', kind: 'ServiceAccount', metadata: {name: 'quay-enterprise'}} }, # Grant secret read/write permission inside the namespace { value: (import 'templates/quay-enterprise-role.libsonnet')($.variables), }, # Bind role to the Service account { value: (import 'templates/quay-enterprise-rolebinding.libsonnet')($.variables), }, # Quay.io robot / user account. Protected from default values { value: (import 'templates/quay-enterprise-pullsecret.libsonnet')($.variables), protected: if $.variables.docker_user == "changeme" || $.variables.docker_pass == "changeme" then true else false }, # Quay configuration files (quay/conf/stack), automatically read local the "./stack" directory to load values. # Values can also be loaded from $.variables.stack_files # Protected unless explicitly requested (reconfigure == "true"). { value: (import 'templates/quay-enterprise-secret.libsonnet')($.variables), protected: if $.variables.reconfigure == "true" then false else true }, # Quay-registry deployment # Force a rollout when the secret is reconfigured by updating a label (see randLabel) { value: appr.loadObject(appr.jinja2(importstr 'templates/quay-enterprise-app-dp.yaml', $.variables)) + if $.variables.reconfigure == "true" then # trigger a rollout quaylib.rand_label() else {} }, # + {value+: if $.variables.reconfigure == "true" then randLabel() else {},}, { template: (importstr 'templates/quay-enterprise-service.yaml'), }, # Redis { template: (importstr 'templates/quay-enterprise-redis-service.yaml'), }, { template: (importstr 'templates/quay-enterprise-redis.yaml'), }, # Ingress, assumes usage of kube-lego and an ingress controller. # see variables.ingress for configuration { value: (import 'templates/quay-enterprise-ingress.libsonnet')($.variables.ingress), }, ]), deploy: appr.compact([ if $.variables.deploy_db == 'true' then {name: 'quay/postgres-app', variables: { user: $.variables.db.user, dbname: $.variables.db.name, password: $.variables.db.password }}, {name: '$self'}, ]), }, params)