yesod-mirror/k8s/configs/templates/dev/ops/docker-registry.libsonnet

local kube = import "k8s/configs/base.libsonnet";
local images = import "k8s/configs/images.libsonnet";
local linuxserver = import "k8s/configs/templates/core/linuxserver.libsonnet";

local dockerRegistryProbe(delaySeconds) = {
  initialDelaySeconds: delaySeconds,
  periodSeconds: 10,
  tcpSocket: {
    port: "docker",
  },
};

local DefaultPort = 5000;

local Params = kube.SimpleFieldStruct([
  "namespace",
  "name",
  "filePath",
  "storageClaimName",
  "secretName",
  "secretKeyName",
  "authTokenRealm",
  "authTokenService",
  "authTokenIssuer",
]) {
  labels: {},
  gatekeeperSidecar: null,
  envOthers: [],
  webPort: DefaultPort,
  lsParams: linuxserver.AppParams {
    name: $.name,
    namespace: $.namespace,
    filePath: $.filePath,
    templatePath: std.thisFile,
    baseAppName: "docker-registry",
    imageName: "registry",
    labels+: $.labels,
    env: linuxserver.Env {
      others: [
        kube.NameVal("REGISTRY_AUTH", "token"),
        kube.NameVal("REGISTRY_AUTH_TOKEN_REALM", $.authTokenRealm),
        kube.NameVal("REGISTRY_AUTH_TOKEN_SERVICE", $.authTokenService),
        kube.NameVal("REGISTRY_AUTH_TOKEN_ISSUER", $.authTokenIssuer),
        kube.NameVal("REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE", "/opt/certs/" + $.secretKeyName),
      ],
    },
    gatekeeperSidecar: $.gatekeeperSidecar,
    ports: [ kube.DeployUtil.ContainerTCPPort("docker", DefaultPort), ],
    services: [
      linuxserver.Service {
        suffix: "http",
        spec: kube.SvcUtil.BasicHttpClusterIpSpec($.webPort),
      },
    ],
    pvcs: [
      linuxserver.Pvc{
        name: "storage",
        mountPath: "/var/lib/registry",
        bindName: $.storageClaimName,
      },
    ],
    secrets: [
      linuxserver.Secret{
        name: "certs",
        mountPath: "/opt/certs",
        secretName: $.secretName,
      },
    ],
    resources: {
      requests: {
        cpu: "20m",
        memory: "64Mi",
      },
      limits: {
        cpu: "50m",
        memory: "128Mi",
      },
    },
    livenessProbe: dockerRegistryProbe(/*delaySeconds=*/20),
    readinessProbe: dockerRegistryProbe(/*delaySeconds=*/20),
  },
};

local App(params) = linuxserver.App(params.lsParams);

{
  Params: Params,
  DefaultPort: DefaultPort,
  App(params): App(params),
}
Project import generated by Copybara. GitOrigin-RevId: 6370f6ea785709295b6abcf9c60717cacf3ac432 2026-01-20 13:24:59 -08:00			`local kube = import "k8s/configs/base.libsonnet";`
			`local images = import "k8s/configs/images.libsonnet";`
			`local linuxserver = import "k8s/configs/templates/core/linuxserver.libsonnet";`

			`local dockerRegistryProbe(delaySeconds) = {`
			`initialDelaySeconds: delaySeconds,`
			`periodSeconds: 10,`
			`tcpSocket: {`
			`port: "docker",`
			`},`
			`};`

			`local DefaultPort = 5000;`

			`local Params = kube.SimpleFieldStruct([`
			`"namespace",`
			`"name",`
			`"filePath",`
			`"storageClaimName",`
			`"secretName",`
			`"secretKeyName",`
			`"authTokenRealm",`
			`"authTokenService",`
			`"authTokenIssuer",`
			`]) {`
			`labels: {},`
			`gatekeeperSidecar: null,`
			`envOthers: [],`
			`webPort: DefaultPort,`
			`lsParams: linuxserver.AppParams {`
			`name: $.name,`
			`namespace: $.namespace,`
			`filePath: $.filePath,`
			`templatePath: std.thisFile,`
			`baseAppName: "docker-registry",`
			`imageName: "registry",`
			`labels+: $.labels,`
			`env: linuxserver.Env {`
			`others: [`
			`kube.NameVal("REGISTRY_AUTH", "token"),`
			`kube.NameVal("REGISTRY_AUTH_TOKEN_REALM", $.authTokenRealm),`
			`kube.NameVal("REGISTRY_AUTH_TOKEN_SERVICE", $.authTokenService),`
			`kube.NameVal("REGISTRY_AUTH_TOKEN_ISSUER", $.authTokenIssuer),`
			`kube.NameVal("REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE", "/opt/certs/" + $.secretKeyName),`
			`],`
			`},`
			`gatekeeperSidecar: $.gatekeeperSidecar,`
			`ports: [ kube.DeployUtil.ContainerTCPPort("docker", DefaultPort), ],`
			`services: [`
			`linuxserver.Service {`
			`suffix: "http",`
			`spec: kube.SvcUtil.BasicHttpClusterIpSpec($.webPort),`
			`},`
			`],`
			`pvcs: [`
			`linuxserver.Pvc{`
			`name: "storage",`
			`mountPath: "/var/lib/registry",`
			`bindName: $.storageClaimName,`
			`},`
			`],`
			`secrets: [`
			`linuxserver.Secret{`
			`name: "certs",`
			`mountPath: "/opt/certs",`
			`secretName: $.secretName,`
			`},`
			`],`
			`resources: {`
			`requests: {`
			`cpu: "20m",`
			`memory: "64Mi",`
			`},`
			`limits: {`
			`cpu: "50m",`
			`memory: "128Mi",`
			`},`
			`},`
			`livenessProbe: dockerRegistryProbe(/delaySeconds=/20),`
			`readinessProbe: dockerRegistryProbe(/delaySeconds=/20),`
			`},`
			`};`

			`local App(params) = linuxserver.App(params.lsParams);`

			`{`
			`Params: Params,`
			`DefaultPort: DefaultPort,`
			`App(params): App(params),`
			`}`