mirror of
https://github.com/morten-olsen/homelab-operator.git
synced 2026-02-08 01:36:28 +01:00
add registry rules
This commit is contained in:
Morten Olsen
@@ -36,6 +36,9 @@ data:
|
|||||||
},
|
},
|
||||||
"auth": {
|
"auth": {
|
||||||
"failDelay": 5,
|
"failDelay": 5,
|
||||||
|
"htpasswd": {
|
||||||
|
"path": "/etc/zot/htpasswd"
|
||||||
|
},
|
||||||
"openid": {
|
"openid": {
|
||||||
"providers": {
|
"providers": {
|
||||||
"oidc": {
|
"oidc": {
|
||||||
@@ -53,12 +56,22 @@ data:
|
|||||||
"actions": ["read", "create", "update", "delete"]
|
"actions": ["read", "create", "update", "delete"]
|
||||||
},
|
},
|
||||||
"repositories": {
|
"repositories": {
|
||||||
|
"public/**": {
|
||||||
|
"anonymousPolicy": ["read"],
|
||||||
|
"defaultPolicy": ["read"],
|
||||||
|
"policies": [
|
||||||
|
{
|
||||||
|
"users": ["*"],
|
||||||
|
"actions": ["create", "update", "delete"]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
"**": {
|
"**": {
|
||||||
"defaultPolicy": ["read"],
|
"defaultPolicy": ["read"],
|
||||||
"policies": [
|
"policies": [
|
||||||
{
|
{
|
||||||
"users": ["*"],
|
"users": ["*"],
|
||||||
"actions": ["push", "delete"]
|
"actions": ["create", "update", "delete"]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,6 +6,8 @@ metadata:
|
|||||||
app: "{{ .Release.Name }}"
|
app: "{{ .Release.Name }}"
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: "{{ .Release.Name }}"
|
app: "{{ .Release.Name }}"
|
||||||
@@ -14,8 +16,6 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: "{{ .Release.Name }}"
|
app: "{{ .Release.Name }}"
|
||||||
spec:
|
spec:
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: render-config
|
- name: render-config
|
||||||
image: alpine:3.20
|
image: alpine:3.20
|
||||||
@@ -36,9 +36,14 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: "{{ .Release.Name }}-client"
|
name: "{{ .Release.Name }}-client"
|
||||||
key: clientSecret
|
key: clientSecret
|
||||||
|
- name: PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: "{{ .Release.Name }}-cluster"
|
||||||
|
key: password
|
||||||
args:
|
args:
|
||||||
- |
|
- |
|
||||||
apk add --no-cache gettext >/dev/null
|
apk add --no-cache gettext apache2-utils >/dev/null
|
||||||
envsubst < /config-tpl/config.tpl.json > /config-out/config.json
|
envsubst < /config-tpl/config.tpl.json > /config-out/config.json
|
||||||
echo "Rendered /etc/zot/config.json"
|
echo "Rendered /etc/zot/config.json"
|
||||||
echo "---------------------------------------"
|
echo "---------------------------------------"
|
||||||
@@ -49,6 +54,7 @@ spec:
|
|||||||
echo "---------------------------------------"
|
echo "---------------------------------------"
|
||||||
cat /config-out/secrets.json
|
cat /config-out/secrets.json
|
||||||
echo "---------------------------------------"
|
echo "---------------------------------------"
|
||||||
|
htpasswd -nbB cluster "$PASSWORD" > /config-out/htpasswd
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config-tpl
|
- name: config-tpl
|
||||||
mountPath: /config-tpl
|
mountPath: /config-tpl
|
||||||
|
|||||||
9
charts/apps/zot/templates/secret.yaml
Normal file
9
charts/apps/zot/templates/secret.yaml
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: homelab.mortenolsen.pro/v1
|
||||||
|
kind: GenerateSecret
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-cluster"
|
||||||
|
spec:
|
||||||
|
fields:
|
||||||
|
- name: password
|
||||||
|
encoding: hex
|
||||||
|
length: 64
|
||||||
Reference in New Issue
Block a user