Skip to content

Commit

Permalink
feat: add zot to tf nas
Browse files Browse the repository at this point in the history
Signed-off-by: Devin Buhl <[email protected]>
  • Loading branch information
onedr0p committed Nov 16, 2023
1 parent df94481 commit 04a730b
Show file tree
Hide file tree
Showing 6 changed files with 288 additions and 19 deletions.
19 changes: 19 additions & 0 deletions terraform/storage/apps/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 1 addition & 10 deletions terraform/storage/apps/app_kopia.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ resource "kubernetes_secret_v1" "kopia" {
}
data = {
"repository.config" = "${templatefile(
"${path.module}/templates/repository.config.tftpl", {
"${path.module}/templates/kopia.config.tftpl", {
b2_app_key = data.sops_file.secrets.data["kopia_b2_app_key"],
b2_app_key_id = data.sops_file.secrets.data["kopia_b2_app_key_id"]
}
Expand Down Expand Up @@ -134,15 +134,6 @@ resource "kubernetes_stateful_set_v1" "kopia" {
mount_path = "/tycho" # tech-debt
read_only = true
}
resources {
requests = {
cpu = "1"
memory = "2Gi"
}
limits = {
memory = "12Gi"
}
}
}
volume {
name = "kopia-logs"
Expand Down
9 changes: 0 additions & 9 deletions terraform/storage/apps/app_minio.tf
Original file line number Diff line number Diff line change
Expand Up @@ -105,15 +105,6 @@ resource "kubernetes_stateful_set_v1" "minio" {
name = "config"
mount_path = "/data"
}
resources {
requests = {
cpu = "1"
memory = "2Gi"
}
limits = {
memory = "4Gi"
}
}
}
security_context {
run_as_user = 568
Expand Down
168 changes: 168 additions & 0 deletions terraform/storage/apps/app_zot.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,168 @@
resource "kubernetes_config_map_v1" "zot" {
metadata {
name = "zot"
namespace = "default"
labels = {
"app.arpa.home/name" = "zot"
}
}
data = {
"config.json" = "${file("${path.module}/templates/zot.json.tftpl")}"
}
}

resource "kubernetes_stateful_set_v1" "zot" {
metadata {
name = "zot"
namespace = "default"
labels = {
"app.arpa.home/name" = "zot"
}
}
spec {
selector {
match_labels = {
"app.arpa.home/name" = "zot"
}
}
service_name = "zot"
replicas = 1
template {
metadata {
labels = {
"app.arpa.home/name" = "zot"
}
}
spec {
container {
name = "main"
image = "ghcr.io/project-zot/zot-linux-amd64:v1.4.3"
image_pull_policy = "IfNotPresent"
port {
name = "http"
container_port = 5000
host_port = 5000
}
liveness_probe {
http_get {
path = "/v2/"
port = 5000
}
initial_delay_seconds = 30
period_seconds = 30
failure_threshold = 6
timeout_seconds = 10
}
readiness_probe {
http_get {
path = "/v2/"
port = 5000
}
initial_delay_seconds = 30
period_seconds = 30
failure_threshold = 6
timeout_seconds = 10
}
volume_mount {
name = "config"
mount_path = "/var/lib/registry"
}
volume_mount {
name = "config-file"
mount_path = "/etc/zot/config.json"
read_only = true
sub_path = "config.json"
}
}
volume {
name = "config"
host_path {
path = "/eros/Apps/Zot"
type = "Directory"
}
}
volume {
name = "config-file"
projected {
default_mode = "0420"
sources {
config_map {
name = "zot"
}
}
}
}
security_context {
run_as_user = 568
run_as_group = 568
fs_group = 568
fs_group_change_policy = "OnRootMismatch"
supplemental_groups = [
100
]
}
toleration {
effect = "NoSchedule"
operator = "Exists"
}
}
}
update_strategy {
type = "RollingUpdate"
}
}
}

resource "kubernetes_service_v1" "zot" {
metadata {
name = "zot"
namespace = "default"
labels = {
"app.arpa.home/name" = "zot"
}
}
spec {
selector = {
"app.arpa.home/name" = "zot"
}
port {
name = "http"
port = 5000
target_port = 5000
protocol = "TCP"
}
}
}

resource "kubernetes_ingress_v1" "zot" {
metadata {
name = "zot"
namespace = "default"
annotations = {
"traefik.ingress.kubernetes.io/router.entrypoints" = "web"
}
labels = {
"app.arpa.home/name" = "zot"
}
}
spec {
ingress_class_name = "traefik"
rule {
host = "zot.turbo.ac"
http {
path {
path = "/"
path_type = "Prefix"
backend {
service {
name = "zot"
port {
number = 5000
}
}
}
}
}
}
}
}
100 changes: 100 additions & 0 deletions terraform/storage/apps/templates/zot.json.tftpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
{
"distSpecVersion": "1.0.1",
"storage": {
"rootDirectory": "/var/lib/registry",
"dedupe": true,
"gc": true,
"gcDelay": "1h",
"gcInterval": "24h"
},
"http": {
"address": "0.0.0.0",
"port": "5000"
},
"log": {
"level": "info"
},
"extensions": {
"search": {
"enable": true,
"cve": {
"updateInterval": "2h"
}
},
"scrub": {
"enable": true,
"interval": "24h"
},
"sync": {
"enable": true,
"registries": [
{
"urls": ["https://index.docker.io"],
"content": [
{
"prefix": "**",
"destination": "/docker.io"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": ["https://gcr.io"],
"content": [
{
"prefix": "**",
"destination": "/gcr.io"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": ["https://ghcr.io"],
"content": [
{
"prefix": "**",
"destination": "/ghcr.io"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": ["https://quay.io"],
"content": [
{
"prefix": "**",
"destination": "/quay.io"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": ["https://registry.k8s.io"],
"content": [
{
"prefix": "**",
"destination": "/registry.k8s.io"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": ["https://public.ecr.aws"],
"content": [
{
"prefix": "**",
"destination": "/public.ecr.aws"
}
],
"onDemand": true,
"tlsVerify": true
}
]
}
}
}

0 comments on commit 04a730b

Please sign in to comment.