diff --git a/registry-ui/config.yml b/registry-ui/config.yml new file mode 100644 index 0000000..6507b15 --- /dev/null +++ b/registry-ui/config.yml @@ -0,0 +1,24 @@ +version: 0.1 +log: + fields: + service: registry +storage: + cache: + blobdescriptor: inmemory + filesystem: + rootdirectory: /var/lib/registry +http: + addr: :5000 + headers: + X-Content-Type-Options: [nosniff] + Access-Control-Allow-Origin: ["http://registry-ui.wayl.one"] + Access-Control-Allow-Methods: ["HEAD", "GET", "OPTIONS", "DELETE"] + Access-Control-Expose-Headers: ["Docker-Content-Digest"] + Access-Control-Allow-Credentials: [true] + Access-Control-Allow-Headers: ["Accept", "Authorization", "Content-Type", "Access-Control-Allow-Headers", "X-Requested-With"] + Access-Control-Max-Age: [1728000] +health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 diff --git a/registry-ui/deployment.yaml b/registry-ui/deployment.yaml new file mode 100644 index 0000000..da2fa03 --- /dev/null +++ b/registry-ui/deployment.yaml @@ -0,0 +1,269 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n registry --replicas 4 + kompose.service.expose: registry.wayl.one + kompose.service.type: loadbalancer + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.service: registry-server-tcp + name: registry-server-tcp + namespace: registry +spec: + ports: + - name: "5000" + port: 5000 + targetPort: 5000 + selector: + io.kompose.service: registry-server + type: LoadBalancer +status: + loadBalancer: {} + +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n registry --replicas 4 + kompose.image-pull-secret: regcred + kompose.service.expose: registry-ui.wayl.one + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.service: registry-ui + name: registry-ui + namespace: registry +spec: + ports: + - name: "80" + port: 80 + targetPort: 80 + selector: + io.kompose.service: registry-ui +status: + loadBalancer: {} + +--- +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + name: registry + namespace: registry +spec: {} +status: {} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n registry --replicas 4 + kompose.service.expose: registry.wayl.one + kompose.service.type: loadbalancer + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.service: registry-server + name: registry-server + namespace: registry +spec: + replicas: 4 + selector: + matchLabels: + io.kompose.service: registry-server + strategy: + type: Recreate + template: + metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n registry --replicas 4 + kompose.service.expose: registry.wayl.one + kompose.service.type: loadbalancer + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.network/registry-ui-default: "true" + io.kompose.service: registry-server + spec: + containers: + - env: + - name: REGISTRY_AUTH + value: htpasswd + - name: REGISTRY_AUTH_HTPASSWD_PATH + value: /auth/registry.password + - name: REGISTRY_AUTH_HTPASSWD_REALM + value: Registry + - name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials + value: "[true]" + - name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers + value: "['Accept', 'Authorization', 'Content-Type', 'Access-Control-Allow-Headers', 'X-Requested-With']" + - name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods + value: "[HEAD,GET,OPTIONS,DELETE]" + - name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin + value: "[https://registry-ui.wayl.one]" + - name: REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers + value: "[Docker-Content-Digest]" + - name: REGISTRY_HTTP_HEADERS_Access-Control-Max-Age + value: "[17280000]" + - name: REGISTRY_STORAGE_DELETE_ENABLED + value: "true" + - name: REGISTRY_TITLE + value: Waylon Walker's Docker Registry + - name: REGISTRY_URL + value: https://registry.wayl.one + image: registry:2.8.2 + name: registry-server + ports: + - containerPort: 5000 + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /var/lib/registry + name: registry + - mountPath: /auth + name: registry-auth + restartPolicy: Always + volumes: + - name: registry + persistentVolumeClaim: + claimName: registry + - name: registry-auth + persistentVolumeClaim: + claimName: registry-auth +status: {} + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + creationTimestamp: null + labels: + io.kompose.service: registry + name: registry + namespace: registry +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi +status: {} + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + creationTimestamp: null + labels: + io.kompose.service: registry-auth + name: registry-auth + namespace: registry +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi +status: {} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n registry --replicas 4 + kompose.image-pull-secret: regcred + kompose.service.expose: registry-ui.wayl.one + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.service: registry-ui + name: registry-ui + namespace: registry +spec: + replicas: 4 + selector: + matchLabels: + io.kompose.service: registry-ui + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n registry --replicas 4 + kompose.image-pull-secret: regcred + kompose.service.expose: registry-ui.wayl.one + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.network/registry-ui-default: "true" + io.kompose.service: registry-ui + spec: + containers: + - env: + - name: CATALOG_ELEMENTS_LIMIT + value: "1000" + - name: CATALOG_MAX_BRANCHES + value: "1" + - name: CATALOG_MIN_BRANCHES + value: "1" + - name: DELETE_IMAGES + value: "true" + - name: NGINX_PROXY_PASS_URL + value: https://registry.wayl.one + - name: REGISTRY_SECURED + value: "true" + - name: REGISTRY_TITLE + value: Waylon Walker's Docker Registry + - name: REGISTRY_URL + value: https://registry.wayl.one + - name: SHOW_CATALOG_NB_TAGS + value: "true" + - name: SHOW_CONTENT_DIGEST + value: "true" + - name: SINGLE_REGISTRY + value: "true" + - name: TAGLIST_PAGE_SIZE + value: "100" + image: joxit/docker-registry-ui:main + name: registry-ui + ports: + - containerPort: 80 + protocol: TCP + resources: {} + imagePullSecrets: + - name: regcred + restartPolicy: Always +status: {} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n registry --replicas 4 + kompose.image-pull-secret: regcred + kompose.service.expose: registry-ui.wayl.one + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.service: registry-ui + name: registry-ui + namespace: registry +spec: + rules: + - host: registry-ui.wayl.one + http: + paths: + - backend: + service: + name: registry-ui + port: + number: 80 + path: / + pathType: Prefix +status: + loadBalancer: {} diff --git a/registry-ui/docker-compose.yml b/registry-ui/docker-compose.yml new file mode 100644 index 0000000..5808fb1 --- /dev/null +++ b/registry-ui/docker-compose.yml @@ -0,0 +1,76 @@ +version: "3.8" + +services: + registry-ui: + image: joxit/docker-registry-ui:main + restart: always + ports: + - 80 + environment: + - SINGLE_REGISTRY=true + - REGISTRY_TITLE=Waylon Walker's Docker Registry + - DELETE_IMAGES=true + - SHOW_CONTENT_DIGEST=true + - NGINX_PROXY_PASS_URL=https://registry.wayl.one + - REGISTRY_URL=https://registry.wayl.one + - SHOW_CATALOG_NB_TAGS=true + - CATALOG_MIN_BRANCHES=1 + - CATALOG_MAX_BRANCHES=1 + - TAGLIST_PAGE_SIZE=100 + - REGISTRY_SECURED=true + - CATALOG_ELEMENTS_LIMIT=1000 + container_name: registry-ui + labels: + kompose.service.expose: registry-ui.wayl.one + kompose.image-pull-secret: regcred + # kompose.service.expose.ingress-class-name: "nginx" + # nginx.ingress.kubernetes.io/auth-type: basic + # nginx.ingress.kubernetes.io/auth-secret: basic-auth + # nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - registry-ui" + + registry-server: + image: registry:2.8.2 + restart: always + ports: + - 5000 + environment: + REGISTRY_TITLE: Waylon Walker's Docker Registry + REGISTRY_URL: https://registry.wayl.one + REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: "[https://registry-ui.wayl.one]" + REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: "[HEAD,GET,OPTIONS,DELETE]" + REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: "[true]" + REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: "['Accept', 'Authorization', 'Content-Type', 'Access-Control-Allow-Headers', 'X-Requested-With']" + REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: "[Docker-Content-Digest]" + REGISTRY_HTTP_HEADERS_Access-Control-Max-Age: "[17280000]" + REGISTRY_STORAGE_DELETE_ENABLED: "true" + + REGISTRY_AUTH: htpasswd + REGISTRY_AUTH_HTPASSWD_REALM: Registry + REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password + volumes: + - registry:/var/lib/registry + - registry-auth:/auth + # - registry-config:/etc/docker/registry + container_name: registry-server + labels: + kompose.service.expose: registry.wayl.one + kompose.service.type: loadbalancer + # kompose.image-pull-secret: regcred + # kompose.service.expose.ingress-class-name: "nginx" + # kompose.service.type: nodeport + + # kompose.service.nodeport.port: 30001 + # nginx.ingress.kubernetes.io/auth-type: basic + # nginx.ingress.kubernetes.io/auth-secret: basic-auth + # nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - registry-server" + # traefik.ingress.kubernetes.io/router.tls: "true" + # traefik.ingress.kubernetes.io/buffering: | + # maxrequestbodybytes: 20000000000 + # memrequestbodybytes: 20000000000 + # maxresponsebodybytes: 20000000000 + # memresponsebodybytes: 20000000000 + +volumes: + registry: + registry-config: + registry-auth: diff --git a/registry-ui/justfile b/registry-ui/justfile new file mode 100644 index 0000000..b1e59e3 --- /dev/null +++ b/registry-ui/justfile @@ -0,0 +1,35 @@ +default: cred convert deploy viz +update: convert patch + +inspect: + kubectl apply -f pvc-inspector.yaml + +create-ns: + kubectl create ns registry +cred: + kubectl get secret -n default regcred --output=yaml -o yaml | sed 's/namespace: default/namespace: registry/' | kubectl apply -n registry -f - && echo deployed secret || echo secret exists +convert: + kompose convert -o deployment.yaml -n registry --replicas 4 +deploy: + kubectl apply -f deployment.yaml +delete: + kubectl delete all --all -n registry --timeout=0s +viz: + k8sviz -n registry --kubeconfig $KUBECONFIG -t png -o registry-k8s.png +restart: + kubectl rollout restart -n registry deployment/registry-server + kubectl rollout restart -n registry deployment/registry-ui + +patch: + kubectl patch -f deployment.yaml +describe: + kubectl get deployment -n registry + kubectl get rs -n registry + kubectl get pod -n registry + kubectl get svc -n registry + kubectl get ing -n registry + +describe-pod: + kubectl describe pod -n registry +logs: + kubectl logs --all-containers -l io.kompose.service=registry-wayl-one -n registry -f diff --git a/registry-ui/pvc-inspector.yaml b/registry-ui/pvc-inspector.yaml new file mode 100644 index 0000000..93be5ea --- /dev/null +++ b/registry-ui/pvc-inspector.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pvc-inspector + namespace: registry +spec: + containers: + - image: registry.wayl.one/devtainer:slim + name: pvc-inspector + command: ["sleep", "300"] + volumeMounts: + - mountPath: /pvc-registry + name: pvc-registry + - mountPath: /pvc-registry-auth + name: pvc-registry-auth + - mountPath: /pvc-registry-config + name: pvc-registry-config + volumes: + - name: pvc-registry + persistentVolumeClaim: + claimName: registry + - name: pvc-registry-auth + persistentVolumeClaim: + claimName: registry-auth + - name: pvc-registry-config + persistentVolumeClaim: + claimName: registry-config diff --git a/registry-ui/registry-k8s.png b/registry-ui/registry-k8s.png new file mode 100644 index 0000000..6556d1e Binary files /dev/null and b/registry-ui/registry-k8s.png differ