From 115bbbe0c6baae60da45e9c11845971388e4acd8 Mon Sep 17 00:00:00 2001 From: RaJiska Date: Wed, 7 Oct 2020 18:28:15 +0200 Subject: [PATCH] Helm Package --- .gitignore | 3 +- k8s/dregsy/Chart.yaml | 23 +++++++++ k8s/dregsy/conf/dockerauth.json | 1 + k8s/dregsy/conf/dregsy.conf | 35 ++++++++++++++ k8s/dregsy/templates/_helpers.tpl | 3 ++ k8s/dregsy/templates/deployment.yaml | 60 ++++++++++++++++++++++++ k8s/dregsy/templates/ingress.yaml | 14 ++++++ k8s/dregsy/templates/secret-config.yaml | 7 +++ k8s/dregsy/templates/secret-ecr.yaml | 8 ++++ k8s/dregsy/templates/secret-regauth.yaml | 7 +++ k8s/dregsy/templates/service.yaml | 13 +++++ k8s/dregsy/values.yaml | 48 +++++++++++++++++++ 12 files changed, 221 insertions(+), 1 deletion(-) create mode 100644 k8s/dregsy/Chart.yaml create mode 100644 k8s/dregsy/conf/dockerauth.json create mode 100644 k8s/dregsy/conf/dregsy.conf create mode 100644 k8s/dregsy/templates/_helpers.tpl create mode 100644 k8s/dregsy/templates/deployment.yaml create mode 100644 k8s/dregsy/templates/ingress.yaml create mode 100644 k8s/dregsy/templates/secret-config.yaml create mode 100644 k8s/dregsy/templates/secret-ecr.yaml create mode 100644 k8s/dregsy/templates/secret-regauth.yaml create mode 100644 k8s/dregsy/templates/service.yaml create mode 100644 k8s/dregsy/values.yaml diff --git a/.gitignore b/.gitignore index 110189c..13c9f37 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ build scratchpad -*.sublime* \ No newline at end of file +*.sublime* +/k8s/dregsy/values.unredacted.yaml diff --git a/k8s/dregsy/Chart.yaml b/k8s/dregsy/Chart.yaml new file mode 100644 index 0000000..f584b10 --- /dev/null +++ b/k8s/dregsy/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v3 +name: helm-dregsy +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: acr2ecr diff --git a/k8s/dregsy/conf/dockerauth.json b/k8s/dregsy/conf/dockerauth.json new file mode 100644 index 0000000..a7a27b5 --- /dev/null +++ b/k8s/dregsy/conf/dockerauth.json @@ -0,0 +1 @@ +{"auths":{"{{ .Values.registry.host }}":{"auth":"{{ printf "%s:%s" .Values.acr.pullonly.keyid .Values.acr.pullonly.keysecret | b64enc }}"}}} diff --git a/k8s/dregsy/conf/dregsy.conf b/k8s/dregsy/conf/dregsy.conf new file mode 100644 index 0000000..b568b00 --- /dev/null +++ b/k8s/dregsy/conf/dregsy.conf @@ -0,0 +1,35 @@ +relay: skopeo + +skopeo: + binary: skopeo + certs-dir: /etc/skopeo/certs.d + +tasks: [] + +webhooks: +- name: acr2ecr + format: azure + verbose: true + bearer-token: {{ .Values.dregsy.bearer }} + endpoint: /acr2ecr/azure + source: + # Azure / registry-sync-read + registry: {{ .Values.dregsy.src.host }} + auth: {{ printf "{\"username\": \"%s\", \"password\": \"%s\"}" .Values.acr.pushonly.keyid .Values.acr.pushonly.keysecret | b64enc }} + target: + # ECR + registry: {{ .Values.dregsy.dst.host }} + auth-refresh: 10h +- name: acr2ecr_dregsy + format: dregsy + verbose: true + bearer-token: {{ .Values.dregsy.bearer }} + endpoint: /acr2ecr/dregsy + source: + # Azure / registry-sync-read + registry: {{ .Values.dregsy.src.host }} + auth: {{ printf "{\"username\": \"%s\", \"password\": \"%s\"}" .Values.acr.pushonly.keyid .Values.acr.pushonly.keysecret | b64enc }} + target: + # ECR + registry: {{ .Values.dregsy.dst.host }} + auth-refresh: 10h \ No newline at end of file diff --git a/k8s/dregsy/templates/_helpers.tpl b/k8s/dregsy/templates/_helpers.tpl new file mode 100644 index 0000000..ed35798 --- /dev/null +++ b/k8s/dregsy/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "dregsy.acrjson" -}} +{{- printf "%s:%s" .Values.acr.pullonly.keyid .Values.acr.pullonly.keysecret | b64enc -}} +{{- end -}} \ No newline at end of file diff --git a/k8s/dregsy/templates/deployment.yaml b/k8s/dregsy/templates/deployment.yaml new file mode 100644 index 0000000..c50033d --- /dev/null +++ b/k8s/dregsy/templates/deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ printf "%s-%s" .Values.app .Values.instance }} + labels: + app: {{ .Values.app }} + instance: {{ .Values.instance }} + version: {{ .Chart.AppVersion }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ .Values.app }} + instance: {{ .Values.instance }} + version: {{ .Chart.AppVersion }} + template: + metadata: + labels: + app: {{ .Values.app }} + instance: {{ .Values.instance }} + version: {{ .Chart.AppVersion }} + spec: + containers: + - name: {{ .Values.app }} + {{- with .Values.registry }} + image: {{ printf "%s%s:%s" .host .image .tag }} + imagePullPolicy: {{ $.Values.pullPolicy }} + {{- end }} + {{- with .Values.pod }} + command: + - {{ .command.executable }} + {{- range .command.parameters }} + - {{ . | quote }} + {{- end }} + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: {{ $.Values.app }}-ecrsecret-{{ $.Values.instance }} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: {{ $.Values.app }}-ecrsecret-{{ $.Values.instance }} + resources: + {{- toYaml .resources | nindent 12 }} + ports: + - containerPort: 8080 + volumeMounts: + - name: {{ $.Values.app }}-config + mountPath: /config + readOnly: true + {{- end }} + imagePullSecrets: + - name: {{ .Values.app }}-regsecret-{{ .Values.instance }} + volumes: + - name: {{ .Values.app }}-config + secret: + secretName: {{ .Values.app }}-config-{{ .Values.instance }} \ No newline at end of file diff --git a/k8s/dregsy/templates/ingress.yaml b/k8s/dregsy/templates/ingress.yaml new file mode 100644 index 0000000..9e2b508 --- /dev/null +++ b/k8s/dregsy/templates/ingress.yaml @@ -0,0 +1,14 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + traefik.ingress.kubernetes.io/router.tls: "true" + name: {{ .Values.app }}-{{ .Values.instance }} +spec: + rules: + - host: {{ .Values.inbound }} + http: + paths: + - backend: + serviceName: {{ .Values.app }}-{{ .Values.instance }} + servicePort: 8080 \ No newline at end of file diff --git a/k8s/dregsy/templates/secret-config.yaml b/k8s/dregsy/templates/secret-config.yaml new file mode 100644 index 0000000..5eb8a19 --- /dev/null +++ b/k8s/dregsy/templates/secret-config.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.app }}-config-{{ .Values.instance }} +type: Opaque +data: + config.yaml: {{ tpl (.Files.Get "conf/dregsy.conf") . | b64enc }} \ No newline at end of file diff --git a/k8s/dregsy/templates/secret-ecr.yaml b/k8s/dregsy/templates/secret-ecr.yaml new file mode 100644 index 0000000..589e5eb --- /dev/null +++ b/k8s/dregsy/templates/secret-ecr.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.app }}-ecrsecret-{{ .Values.instance }} +type: Opaque +data: + aws_access_key_id: {{ .Values.ecr.keyid | b64enc }} + aws_secret_access_key: {{ .Values.ecr.secretkey | b64enc }} \ No newline at end of file diff --git a/k8s/dregsy/templates/secret-regauth.yaml b/k8s/dregsy/templates/secret-regauth.yaml new file mode 100644 index 0000000..a97e816 --- /dev/null +++ b/k8s/dregsy/templates/secret-regauth.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.app }}-regsecret-{{ .Values.instance }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ tpl (.Files.Get "conf/dockerauth.json") . | b64enc }} \ No newline at end of file diff --git a/k8s/dregsy/templates/service.yaml b/k8s/dregsy/templates/service.yaml new file mode 100644 index 0000000..76c3544 --- /dev/null +++ b/k8s/dregsy/templates/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.app }}-{{ .Values.instance }} + labels: + app: {{ .Values.app }} +spec: + ports: + - port: 8080 + selector: + app: {{ .Values.app }} + instance: {{ .Values.instance }} + version: {{ .Chart.AppVersion }} \ No newline at end of file diff --git a/k8s/dregsy/values.yaml b/k8s/dregsy/values.yaml new file mode 100644 index 0000000..4c393b9 --- /dev/null +++ b/k8s/dregsy/values.yaml @@ -0,0 +1,48 @@ +# Default values for helm-dregsy. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 3 + +app: dregsy +instance: dev + +inbound: https://address.com/acr2ecr/azure + +ecr: + keyid: XXXXXX + secretkey: XXXXXXX + +acr: + pullonly: + keyid: XXXXXXXXX + keysecret: XXXXXXXXX + pushonly: + keyid: XXXXXXXXXXXXXXXXXXX + keysecret: XXXXXXXXXX + +registry: + host: registry.com + image: /somepath/dregsy + tag: imgtag + +dregsy: + bearer: XXXXXXXXXX + src: + host: registry1.com + dst: + host: registry2.com + +pullPolicy: Always + +pod: + command: + executable: dregsy + parameters: + - '-config=/config/config.yaml' + - '-logformat=json' + - '-loglevel=debug' + resources: + requests: + cpu: 10m + memory: 32Mi