From 0205a58d2ec1ec6706415ddd6437b6857a43a340 Mon Sep 17 00:00:00 2001 From: Morten Olsen Date: Fri, 2 Jan 2026 13:54:49 +0100 Subject: [PATCH] migrate zot --- apps/charts/blinko/Chart.yaml | 7 -- apps/charts/blinko/templates/client.yaml | 10 --- apps/charts/blinko/templates/database.yaml | 2 - apps/charts/blinko/templates/deployment.yaml | 1 - apps/charts/blinko/templates/oidc.yaml | 1 - apps/charts/blinko/templates/pvc.yaml | 1 - apps/charts/blinko/templates/service.yaml | 1 - .../blinko/templates/virtual-service.yaml | 1 - apps/charts/blinko/values.yaml | 81 ------------------- apps/charts/zot/Chart.yaml | 4 + apps/charts/zot/templates/client.yaml | 11 +-- apps/charts/zot/templates/deployment.yaml | 8 +- apps/charts/zot/templates/pvc.yaml | 12 +-- .../templates/secret-external-secrets.yaml | 0 .../templates/secret-password-generators.yaml | 0 apps/charts/zot/templates/secret.yaml | 9 --- apps/charts/zot/templates/service.yaml | 16 +--- .../charts/zot/templates/virtual-service.yaml | 40 +-------- apps/charts/zot/values.yaml | 72 ++++++++++++++++- 19 files changed, 83 insertions(+), 194 deletions(-) delete mode 100644 apps/charts/blinko/Chart.yaml delete mode 100644 apps/charts/blinko/templates/client.yaml delete mode 100644 apps/charts/blinko/templates/database.yaml delete mode 100644 apps/charts/blinko/templates/deployment.yaml delete mode 100644 apps/charts/blinko/templates/oidc.yaml delete mode 100644 apps/charts/blinko/templates/pvc.yaml delete mode 100644 apps/charts/blinko/templates/service.yaml delete mode 100644 apps/charts/blinko/templates/virtual-service.yaml delete mode 100644 apps/charts/blinko/values.yaml rename apps/charts/{blinko => zot}/templates/secret-external-secrets.yaml (100%) rename apps/charts/{blinko => zot}/templates/secret-password-generators.yaml (100%) delete mode 100644 apps/charts/zot/templates/secret.yaml diff --git a/apps/charts/blinko/Chart.yaml b/apps/charts/blinko/Chart.yaml deleted file mode 100644 index 151b1ae..0000000 --- a/apps/charts/blinko/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -version: 1.0.0 -name: blinko -dependencies: - - name: common - version: 1.0.0 - repository: file://../../common diff --git a/apps/charts/blinko/templates/client.yaml b/apps/charts/blinko/templates/client.yaml deleted file mode 100644 index 30a99b3..0000000 --- a/apps/charts/blinko/templates/client.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: OidcClient -metadata: - name: "{{ .Release.Name }}" -spec: - environment: "{{ .Values.globals.environment }}" - redirectUris: - - path: api/auth/callback/authentik - subdomain: "{{ .Values.subdomain }}" - matchingMode: strict diff --git a/apps/charts/blinko/templates/database.yaml b/apps/charts/blinko/templates/database.yaml deleted file mode 100644 index c9ed805..0000000 --- a/apps/charts/blinko/templates/database.yaml +++ /dev/null @@ -1,2 +0,0 @@ -{{ include "common.database" . }} - diff --git a/apps/charts/blinko/templates/deployment.yaml b/apps/charts/blinko/templates/deployment.yaml deleted file mode 100644 index 4508e33..0000000 --- a/apps/charts/blinko/templates/deployment.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.deployment" . }} diff --git a/apps/charts/blinko/templates/oidc.yaml b/apps/charts/blinko/templates/oidc.yaml deleted file mode 100644 index c13745f..0000000 --- a/apps/charts/blinko/templates/oidc.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.oidc" . }} diff --git a/apps/charts/blinko/templates/pvc.yaml b/apps/charts/blinko/templates/pvc.yaml deleted file mode 100644 index 379bad9..0000000 --- a/apps/charts/blinko/templates/pvc.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.pvc" . }} diff --git a/apps/charts/blinko/templates/service.yaml b/apps/charts/blinko/templates/service.yaml deleted file mode 100644 index f024c64..0000000 --- a/apps/charts/blinko/templates/service.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.service" . }} diff --git a/apps/charts/blinko/templates/virtual-service.yaml b/apps/charts/blinko/templates/virtual-service.yaml deleted file mode 100644 index 766f6b9..0000000 --- a/apps/charts/blinko/templates/virtual-service.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.virtualService" . }} diff --git a/apps/charts/blinko/values.yaml b/apps/charts/blinko/values.yaml deleted file mode 100644 index b5142e3..0000000 --- a/apps/charts/blinko/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -image: - repository: blinkospace/blinko - tag: latest@sha256:6db31658e58a0af9d2e15312de995fb3bb3d04db30b2fe500ed4ff0360c57518 - pullPolicy: IfNotPresent - -subdomain: blinko - -# Deployment configuration -deployment: - strategy: RollingUpdate - replicas: 1 - -# Container configuration -container: - port: 1111 - healthProbe: - type: tcpSocket - port: http # Use named port - -# Service configuration -service: - port: 80 - type: ClusterIP - -# Volume configuration -volumes: - - name: data - mountPath: /data - persistentVolumeClaim: data - -# Persistent volume claims -persistentVolumeClaims: - - name: data - size: 1Gi - -# OIDC client -oidc: - enabled: true - redirectUris: - - "/api/auth/callback/authentik" - -# Database configuration -database: - enabled: true - -# External Secrets configuration -externalSecrets: - - name: "{release}-secrets" - passwords: - - name: betterauth - length: 64 - allowRepeat: true # Required for longer passwords - noUpper: false - encoding: hex # hex encoding for the secret - secretKeys: - - betterauth # Use this key name in the secret instead of default "password" - -# VirtualService configuration -virtualService: - enabled: true - gateways: - public: true - private: true - -# Environment variables -env: - NODE_ENV: "production" - NEXTAUTH_URL: - value: "https://{subdomain}.{domain}" - NEXT_PUBLIC_BASE_URL: - value: "https://{subdomain}.{domain}" - NEXTAUTH_SECRET: - valueFrom: - secretKeyRef: - name: "{release}-secrets" - key: betterauth - DATABASE_URL: - valueFrom: - secretKeyRef: - name: "{release}-connection" - key: url diff --git a/apps/charts/zot/Chart.yaml b/apps/charts/zot/Chart.yaml index 125024a..f1f3cb6 100644 --- a/apps/charts/zot/Chart.yaml +++ b/apps/charts/zot/Chart.yaml @@ -1,3 +1,7 @@ apiVersion: v2 version: 1.0.0 name: zot +dependencies: + - name: common + version: 1.0.0 + repository: file://../../common diff --git a/apps/charts/zot/templates/client.yaml b/apps/charts/zot/templates/client.yaml index d579b13..c13745f 100644 --- a/apps/charts/zot/templates/client.yaml +++ b/apps/charts/zot/templates/client.yaml @@ -1,10 +1 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: OidcClient -metadata: - name: "{{ .Release.Name }}" -spec: - environment: "{{ .Values.globals.environment }}" - redirectUris: - - path: /zot/auth/callback/oidc - subdomain: "{{ .Values.subdomain }}" - matchingMode: strict +{{ include "common.oidc" . }} diff --git a/apps/charts/zot/templates/deployment.yaml b/apps/charts/zot/templates/deployment.yaml index 9fe6c51..f12808f 100644 --- a/apps/charts/zot/templates/deployment.yaml +++ b/apps/charts/zot/templates/deployment.yaml @@ -25,17 +25,17 @@ spec: - name: ISSUER valueFrom: secretKeyRef: - name: "{{ .Release.Name }}-client" - key: configurationIssuer + name: "{{ .Release.Name }}-oidc-credentials" + key: issuer - name: CLIENT_ID valueFrom: secretKeyRef: - name: "{{ .Release.Name }}-client" + name: "{{ .Release.Name }}-oidc-credentials" key: clientId - name: CLIENT_SECRET valueFrom: secretKeyRef: - name: "{{ .Release.Name }}-client" + name: "{{ .Release.Name }}-oidc-credentials" key: clientSecret - name: PASSWORD valueFrom: diff --git a/apps/charts/zot/templates/pvc.yaml b/apps/charts/zot/templates/pvc.yaml index bc1d0a6..379bad9 100644 --- a/apps/charts/zot/templates/pvc.yaml +++ b/apps/charts/zot/templates/pvc.yaml @@ -1,11 +1 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: '{{ .Release.Name }}-data' -spec: - accessModes: - - 'ReadWriteOnce' - resources: - requests: - storage: '1Gi' - storageClassName: '{{ .Values.globals.environment }}' +{{ include "common.pvc" . }} diff --git a/apps/charts/blinko/templates/secret-external-secrets.yaml b/apps/charts/zot/templates/secret-external-secrets.yaml similarity index 100% rename from apps/charts/blinko/templates/secret-external-secrets.yaml rename to apps/charts/zot/templates/secret-external-secrets.yaml diff --git a/apps/charts/blinko/templates/secret-password-generators.yaml b/apps/charts/zot/templates/secret-password-generators.yaml similarity index 100% rename from apps/charts/blinko/templates/secret-password-generators.yaml rename to apps/charts/zot/templates/secret-password-generators.yaml diff --git a/apps/charts/zot/templates/secret.yaml b/apps/charts/zot/templates/secret.yaml deleted file mode 100644 index 6431a4d..0000000 --- a/apps/charts/zot/templates/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: GenerateSecret -metadata: - name: "{{ .Release.Name }}-secret" -spec: - fields: - - name: password - encoding: hex - length: 64 diff --git a/apps/charts/zot/templates/service.yaml b/apps/charts/zot/templates/service.yaml index a634293..f024c64 100644 --- a/apps/charts/zot/templates/service.yaml +++ b/apps/charts/zot/templates/service.yaml @@ -1,15 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: "{{ .Release.Name }}" - labels: - app: "{{ .Release.Name }}" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 5000 - protocol: TCP - name: http - selector: - app: "{{ .Release.Name }}" +{{ include "common.service" . }} diff --git a/apps/charts/zot/templates/virtual-service.yaml b/apps/charts/zot/templates/virtual-service.yaml index 36e9d43..766f6b9 100644 --- a/apps/charts/zot/templates/virtual-service.yaml +++ b/apps/charts/zot/templates/virtual-service.yaml @@ -1,39 +1 @@ -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-public" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.public }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - ---- -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-private" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.private }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - +{{ include "common.virtualService" . }} diff --git a/apps/charts/zot/values.yaml b/apps/charts/zot/values.yaml index 2127276..b2ea38a 100644 --- a/apps/charts/zot/values.yaml +++ b/apps/charts/zot/values.yaml @@ -1,4 +1,74 @@ -subdomain: zot image: repository: ghcr.io/project-zot/zot tag: v2.1.13@sha256:d3cde44fa759bf7f3d25b479e2b33ed5d4d3f1d6fdad01b204d15a9c3af2db3c + pullPolicy: IfNotPresent + +subdomain: zot + +# Deployment configuration +deployment: + strategy: Recreate + replicas: 1 + revisionHistoryLimit: 0 + +# Container configuration +container: + ports: + - name: http + port: 5000 + protocol: TCP + # Health probes commented out in original - can be enabled later + # healthProbe: + # type: httpGet + # path: /v2/ + # port: http + +# Service configuration +service: + port: 80 + targetPort: 5000 + type: ClusterIP + +# Volume configuration +volumes: + - name: data + mountPath: /var/lib/registry + persistentVolumeClaim: data + - name: config + mountPath: /etc/zot + emptyDir: {} + +# Persistent volume claims +persistentVolumeClaims: + - name: data + size: 1Gi + +# VirtualService configuration +virtualService: + enabled: true + gateways: + public: true + private: true + +# OIDC client configuration +oidc: + enabled: true + redirectUris: + - "/zot/auth/callback/oidc" + subjectMode: user_username + +# External secrets configuration +externalSecrets: + - name: "{release}-secret" + passwords: + - name: password + length: 64 + encoding: hex + allowRepeat: true + +# Environment variables +env: + TZ: + value: "{timezone}" + BASE_URL: + value: "https://{subdomain}.{domain}"