local base = import "k8s/configs/base.libsonnet"; local dockerRegistry = import "k8s/configs/templates/dev/ops/docker-registry.libsonnet"; local nginxIngress = import "k8s/configs/templates/core/network/nginx-ingress.libsonnet"; local secrets = import "k8s/configs/environments/container/secrets.json"; local namespace = "container"; { namespace: { apiVersion: "v1", kind: "Namespace", metadata: { name: namespace }, }, apps: { dockerRegistry: { app: dockerRegistry.App(dockerRegistry.Params { namespace: namespace, name: "docker-registry", filePath: std.thisFile, storageClaimName: "docker-registry", secretKeyName: "root_cert_bundle.pem", secretName: "docker-registry", authTokenRealm: "https://authentication.cheapassbox.com/realms/docker-registry/protocol/docker-v2/auth", authTokenService: "docker", authTokenIssuer: "https://authentication.cheapassbox.com/realms/docker-registry", }), volumes: { dockerRegistryPvc: base.RecoverableSimpleManyPvc(namespace, "docker-registry", "nfs-client", "50Gi", { volumeName: "pvc-ca47c5e3-b373-11e9-bad8-b8aeed7dc356", nfsPath: "/volume3/fs/container-docker-registry-pvc-ca47c5e3-b373-11e9-bad8-b8aeed7dc356", nfsServer: "apollo1.dominion.lan", }), }, secrets: { keycloak: base.Secret("container", "docker-registry") { type: "Opaque", data: { "root_cert_bundle.pem": secrets.auth_token_root_cert, }, }, }, ingresses: { dockerRegistryIngress: nginxIngress.Ingress(nginxIngress.IngressParams { namespace: namespace, name: "docker-registry", hosts: [ "docker.cheapassbox.dev", "docker.csbx.dev", ], serviceName: "docker-registry-http", annotations: { "nginx.ingress.kubernetes.io/proxy-body-size": "5000m" }, }), }, }, }, }