Setup registry and radicale
Anirudh Oppiliappan x@icyphox.sh
Tue, 15 Jun 2021 11:24:31 +0530
10 files changed,
185 insertions(+),
1 deletions(-)
A
apps/radicale/Dockerfile
@@ -0,0 +1,14 @@
+FROM alpine + +RUN apk add --no-cache \ + python3 \ + py3-pip + +RUN python3 -m pip install --upgrade radicale +RUN addgroup -S radicale && adduser -S radicale -G radicale + +USER radicale +WORKDIR /home/radicale +EXPOSE 5232 + +CMD ["python3", "-m", "radicale", "--storage-filesystem-folder=./collections"]
A
apps/radicale/pvc.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: radicale-collections +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi
A
apps/radicale/radicale.yaml
@@ -0,0 +1,44 @@
+apiVersion: apps/v1 +kind: Deployment +metadata: + name: radicale + labels: + app: radicale +spec: + selector: + matchLabels: + app: radicale + template: + metadata: + labels: + app: radicale + spec: + imagePullSecrets: + - name: registry-creds + nodeSelector: + arch: "amd64" + containers: + - name: radicale + image: reg.icyphox.sh/radicale + volumeMounts: + - name: collections + mountPath: "/home/radicale/collections" + ports: + - name: http + containerPort: 5000 + volumes: + - name: collections + persistentVolumeClaim: + claimName: radicale-collections +--- +apiVersion: v1 +kind: Service +metadata: + name: radicale +spec: + selector: + app: radicale + ports: + - name: http + port: 5232 + targetPort: 5232
A
apps/registry/auth.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1 +data: + htpasswd: aWN5OiQyeSQwNSRtT28ud2ZnbXhKUFpTek1kL1hYUDhPUm5FSTY2UGdyb05OVTJIUUdEcy43eE9lVXRCVlpXaQoK +kind: Secret +metadata: + creationTimestamp: null + name: registry-auth
A
apps/registry/pvc.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: registry-repo +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi
A
apps/registry/readme
@@ -0,0 +1,6 @@
+registry +-------- + +Container registry. + +ยท auth.yaml: secret for htpasswd auth
A
apps/registry/registry.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1 +kind: Deployment +metadata: + name: registry + labels: + app: registry +spec: + selector: + matchLabels: + app: registry + template: + metadata: + labels: + app: registry + spec: + nodeSelector: + arch: "amd64" + containers: + - name: registry + image: registry + volumeMounts: + - name: repo + mountPath: "/var/lib/registry" + - name: auth + mountPath: "/auth" + readOnly: true + # - name: certs + # mountPath: "/certs" + # readOnly: true + env: + - name: REGISTRY_AUTH + value: "htpasswd" + - name: REGISTRY_AUTH_HTPASSWD_REALM + value: "Registry Realm" + - name: REGISTRY_AUTH_HTPASSWD_PATH + value: "/auth/htpasswd" + # - name: REGISTRY_HTTP_TLS_CERTIFICATE + # value: "/certs/tls.crt" + # - name: REGISTRY_HTTP_TLS_KEY + # value: "/certs/tls.key" + ports: + - name: http + containerPort: 5000 + volumes: + - name: repo + persistentVolumeClaim: + claimName: registry-repo + # - name: certs + # secret: + # secretName: registry-certs + - name: auth + secret: + secretName: registry-auth +--- +apiVersion: v1 +kind: Service +metadata: + name: registry +spec: + # type: NodePort + selector: + app: registry + ports: + - name: http + port: 5000 + targetPort: 5000 + # nodePort: 30019
A
ingress/ing.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + kubernetes.io/tls-acme: 'true' + name: fern-ingress +spec: + tls: + - hosts: + - reg.icyphox.sh + secretName: registry-certs + rules: + - host: reg.icyphox.sh + http: + paths: + - backend: + service: + name: registry + port: + number: 5000 + path: / + pathType: Prefix
M
metallb/config.yaml
→
metallb/config.yaml
@@ -9,4 +9,4 @@ address-pools:
- name: default protocol: layer2 addresses: - - 10.244.0.150-10.244.0.250 + - 192.168.4.150-192.168.4.250