Helm Package

.gitignore

@@ -1,3 +1,4 @@
 build
 scratchpad
-*.sublime*
+*.sublime*
+/k8s/dregsy/values.unredacted.yaml

k8s/dregsy/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v3
+name: helm-dregsy
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: acr2ecr

k8s/dregsy/conf/dockerauth.json

@@ -0,0 +1 @@
+{"auths":{"{{ .Values.registry.host }}":{"auth":"{{ printf "%s:%s" .Values.acr.pullonly.keyid .Values.acr.pullonly.keysecret | b64enc }}"}}}

k8s/dregsy/conf/dregsy.conf

@@ -0,0 +1,35 @@
+relay: skopeo
+
+skopeo:
+  binary: skopeo
+  certs-dir: /etc/skopeo/certs.d
+
+tasks: []
+
+webhooks:
+- name: acr2ecr
+  format: azure
+  verbose: true
+  bearer-token: {{ .Values.dregsy.bearer }}
+  endpoint: /acr2ecr/azure
+  source:
+    # Azure / registry-sync-read
+    registry: {{ .Values.dregsy.src.host }}
+    auth: {{ printf "{\"username\": \"%s\", \"password\": \"%s\"}" .Values.acr.pushonly.keyid .Values.acr.pushonly.keysecret | b64enc }}
+  target:
+    # ECR
+    registry: {{ .Values.dregsy.dst.host }}
+    auth-refresh: 10h
+- name: acr2ecr_dregsy
+  format: dregsy
+  verbose: true
+  bearer-token: {{ .Values.dregsy.bearer }}
+  endpoint: /acr2ecr/dregsy
+  source:
+    # Azure / registry-sync-read
+    registry: {{ .Values.dregsy.src.host }}
+    auth: {{ printf "{\"username\": \"%s\", \"password\": \"%s\"}" .Values.acr.pushonly.keyid .Values.acr.pushonly.keysecret | b64enc }}
+  target:
+    # ECR
+    registry: {{ .Values.dregsy.dst.host }}
+    auth-refresh: 10h

k8s/dregsy/templates/_helpers.tpl

@@ -0,0 +1,3 @@
+{{- define "dregsy.acrjson" -}}
+{{- printf "%s:%s" .Values.acr.pullonly.keyid .Values.acr.pullonly.keysecret | b64enc -}}
+{{- end -}}

k8s/dregsy/templates/deployment.yaml

@@ -0,0 +1,60 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ printf "%s-%s" .Values.app .Values.instance }}
+  labels:
+    app: {{ .Values.app }}
+    instance: {{ .Values.instance }}
+    version: {{ .Chart.AppVersion }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Values.app }}
+      instance: {{ .Values.instance }}
+      version: {{ .Chart.AppVersion }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.app }}
+        instance: {{ .Values.instance }}
+        version: {{ .Chart.AppVersion }}
+    spec:
+      containers:
+        - name: {{ .Values.app }}
+        {{- with .Values.registry }}
+          image: {{ printf "%s%s:%s" .host .image .tag }}
+          imagePullPolicy: {{ $.Values.pullPolicy }}
+        {{- end }}
+        {{- with .Values.pod }}
+          command:
+            - {{ .command.executable }}
+          {{- range .command.parameters }}
+            - {{ . | quote }}
+          {{- end }}
+          env:
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  key: aws_access_key_id
+                  name: {{ $.Values.app }}-ecrsecret-{{ $.Values.instance }}
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: aws_secret_access_key
+                  name: {{ $.Values.app }}-ecrsecret-{{ $.Values.instance }}
+          resources:
+            {{- toYaml .resources | nindent 12 }}
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: {{ $.Values.app }}-config
+              mountPath: /config
+              readOnly: true
+        {{- end }}
+      imagePullSecrets:
+        - name: {{ .Values.app }}-regsecret-{{ .Values.instance }}
+      volumes:
+        - name: {{ .Values.app }}-config
+          secret:
+            secretName: {{ .Values.app }}-config-{{ .Values.instance }}

k8s/dregsy/templates/ingress.yaml

@@ -0,0 +1,14 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    traefik.ingress.kubernetes.io/router.tls: "true"
+  name: {{ .Values.app }}-{{ .Values.instance }}
+spec:
+  rules:
+  - host: {{ .Values.inbound }}
+    http:
+      paths:
+      - backend:
+          serviceName: {{ .Values.app }}-{{ .Values.instance }}
+          servicePort: 8080

k8s/dregsy/templates/secret-config.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.app }}-config-{{ .Values.instance }}
+type: Opaque
+data:
+  config.yaml: {{ tpl (.Files.Get "conf/dregsy.conf") . | b64enc }}

k8s/dregsy/templates/secret-ecr.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.app }}-ecrsecret-{{ .Values.instance }}
+type: Opaque
+data:
+  aws_access_key_id: {{ .Values.ecr.keyid | b64enc }}
+  aws_secret_access_key: {{ .Values.ecr.secretkey | b64enc }}

k8s/dregsy/templates/secret-regauth.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.app }}-regsecret-{{ .Values.instance }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ tpl (.Files.Get "conf/dockerauth.json") . | b64enc }}

k8s/dregsy/templates/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.app }}-{{ .Values.instance }}
+  labels:
+    app: {{ .Values.app }}
+spec:
+  ports:
+  - port: 8080
+  selector:
+    app: {{ .Values.app }}
+    instance: {{ .Values.instance }}
+    version: {{ .Chart.AppVersion }}

k8s/dregsy/values.yaml

@@ -0,0 +1,48 @@
+# Default values for helm-dregsy.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 3
+
+app: dregsy
+instance: dev
+
+inbound: https://address.com/acr2ecr/azure
+
+ecr:
+  keyid: XXXXXX
+  secretkey: XXXXXXX
+
+acr:
+  pullonly:
+    keyid: XXXXXXXXX
+    keysecret: XXXXXXXXX
+  pushonly:
+    keyid: XXXXXXXXXXXXXXXXXXX
+    keysecret: XXXXXXXXXX
+
+registry:
+  host: registry.com
+  image: /somepath/dregsy
+  tag: imgtag
+
+dregsy:
+  bearer: XXXXXXXXXX
+  src:
+    host: registry1.com
+  dst:
+    host: registry2.com
+
+pullPolicy: Always
+
+pod:
+  command:
+    executable: dregsy
+    parameters:
+      - '-config=/config/config.yaml'
+      - '-logformat=json'
+      - '-loglevel=debug'
+  resources:
+    requests:
+      cpu: 10m
+      memory: 32Mi