local kube = import "k8s/configs/base.libsonnet"; local images = import "k8s/configs/images.libsonnet"; local linuxserver = import "k8s/configs/templates/core/linuxserver.libsonnet"; local dockerRegistryProbe(delaySeconds) = { initialDelaySeconds: delaySeconds, periodSeconds: 10, tcpSocket: { port: "docker", }, }; local DefaultPort = 5000; local Params = kube.SimpleFieldStruct([ "namespace", "name", "filePath", "storageClaimName", "secretName", "secretKeyName", "authTokenRealm", "authTokenService", "authTokenIssuer", ]) { labels: {}, gatekeeperSidecar: null, envOthers: [], webPort: DefaultPort, lsParams: linuxserver.AppParams { name: $.name, namespace: $.namespace, filePath: $.filePath, templatePath: std.thisFile, baseAppName: "docker-registry", imageName: "registry", labels+: $.labels, env: linuxserver.Env { others: [ kube.NameVal("REGISTRY_AUTH", "token"), kube.NameVal("REGISTRY_AUTH_TOKEN_REALM", $.authTokenRealm), kube.NameVal("REGISTRY_AUTH_TOKEN_SERVICE", $.authTokenService), kube.NameVal("REGISTRY_AUTH_TOKEN_ISSUER", $.authTokenIssuer), kube.NameVal("REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE", "/opt/certs/" + $.secretKeyName), ], }, gatekeeperSidecar: $.gatekeeperSidecar, ports: [ kube.DeployUtil.ContainerTCPPort("docker", DefaultPort), ], services: [ linuxserver.Service { suffix: "http", spec: kube.SvcUtil.BasicHttpClusterIpSpec($.webPort), }, ], pvcs: [ linuxserver.Pvc{ name: "storage", mountPath: "/var/lib/registry", bindName: $.storageClaimName, }, ], secrets: [ linuxserver.Secret{ name: "certs", mountPath: "/opt/certs", secretName: $.secretName, }, ], resources: { requests: { cpu: "20m", memory: "64Mi", }, limits: { cpu: "50m", memory: "128Mi", }, }, livenessProbe: dockerRegistryProbe(/*delaySeconds=*/20), readinessProbe: dockerRegistryProbe(/*delaySeconds=*/20), }, }; local App(params) = linuxserver.App(params.lsParams); { Params: Params, DefaultPort: DefaultPort, App(params): App(params), }