feat(charts): Add helm charts for registry token refresher

kmala · kmala · commit ec09ac2b4eef · 2016-10-07T13:39:35.000-06:00
diff --git a/charts/registry-token-refresher/Chart.yaml b/charts/registry-token-refresher/Chart.yaml
@@ -0,0 +1,10 @@
+name: registry-token-refresher
+home: https://github.com/deis/registry-token-refresher
+version: <Will be populated by the ci before publishing the chart>
+description: Token Refresher for Deis Workflow.
+keywords:
+- private registry
+- token refresher
+maintainers:
+  - name: Deis Team
+    email: engineering@deis.com
diff --git a/charts/registry-token-refresher/templates/registry-secret.yaml b/charts/registry-token-refresher/templates/registry-secret.yaml
@@ -0,0 +1,23 @@
+{{- if ne .Values.global.registry_location "on-cluster" }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry-secret
+  labels:
+    heritage: deis
+  annotations:
+    deis.io/registry-location: "{{ .Values.global.registry_location }}"
+type: Opaque
+data: {{ if eq .Values.global.registry_location "gcr" }}
+  key.json: {{ .Values.gcr.key_json | b64enc }}
+  hostname: {{ .Values.gcr.hostname | b64enc }}{{ else if eq .Values.global.registry_location "ecr" }}
+  accesskey: {{ .Values.ecr.accesskey | b64enc }}
+  secretkey: {{ .Values.ecr.secretkey | b64enc }}
+  region: {{ .Values.ecr.region | b64enc }}
+  registryid: {{ .Values.ecr.registryid | b64enc }}
+  hostname: {{ .Values.ecr.hostname | b64enc }}{{else if eq .Values.global.registry_location "off-cluster" }}
+  hostname: {{ .Values.off_cluster_registry.hostname | b64enc }}
+  organization: {{ .Values.off_cluster_registry.organization | b64enc }}
+  username: {{ .Values.off_cluster_registry.username | b64enc }}
+  password: {{ .Values.off_cluster_registry.password | b64enc }}{{ end }}
+{{- end }}
diff --git a/charts/registry-token-refresher/templates/registry-token-refresher-deployment.yaml b/charts/registry-token-refresher/templates/registry-token-refresher-deployment.yaml
@@ -0,0 +1,56 @@
+{{- if and (ne .Values.global.registry_location "on-cluster") (ne .Values.global.registry_location "off-cluster") }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: deis-registry-token-refresher
+  labels:
+    heritage: deis
+  annotations:
+    component.deis.io/version: {{ .Values.docker_tag }}
+spec:
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: deis-registry-token-refresher
+  template:
+    metadata:
+      labels:
+        app: deis-registry-token-refresher
+    spec:
+      containers:
+        - name: deis-registry-token-refresher
+          image: quay.io/{{.Values.org}}/registry-token-refresher:{{.Values.docker_tag}}
+          imagePullPolicy: {{.Values.pull_policy}}
+{{- if or (.Values.limits_cpu) (.Values.limits_memory)}}
+          resources:
+            limits:
+{{- if (.Values.limits_cpu) }}
+              cpu: {{.Values.limits_cpu}}
+{{- end}}
+{{- if (.Values.limits_memory) }}
+              memory: {{.Values.limits_memory}}
+{{- end}}
+{{- end}}
+          env:
+            - name: "DEIS_REGISTRY_LOCATION"
+              value: "{{ .Values.global.registry_location }}"
+            - name: "DEIS_REGISTRY_SECRET_PREFIX"
+              value: "{{ .Values.global.secret_prefix }}"
+            - name: DEIS_NAMESPACE_REFRESH_TIME
+              value: "5"
+            - name: "DEIS_TOKEN_REFRESH_TIME"
+              value: "{{ .Values.token_refresh_time }}"
+          volumeMounts:
+            - name: registry-secret
+              mountPath: /var/run/secrets/deis/registry/creds
+              readOnly: true
+      volumes:
+        - name: registry-secret
+          secret:
+            secretName: registry-secret
+{{- end }}
diff --git a/charts/registry-token-refresher/values.yaml b/charts/registry-token-refresher/values.yaml
@@ -0,0 +1,38 @@
+org: "deisci"
+pull_policy: "Always"
+docker_tag: canary
+# limits_cpu: "100m"
+# limits_memory: "50Mi"
+
+# Time in minutes after which the token should be refreshed.
+# Leave it empty to use the default provider time.
+token_refresh_time: ""
+off_cluster_registry:
+  hostname: ""
+  organization: ""
+  username: ""
+  password: ""
+ecr:
+  # Your AWS access key. Leave it empty if you want to use IAM credentials.
+  accesskey: ""
+  # Your AWS secret key. Leave it empty if you want to use IAM credentials.
+  secretkey: ""
+  # Any S3 region
+  region: "us-west-2"
+  registryid: ""
+  hostname: ""
+gcr:
+  key_json: 'Paste JSON data here.'
+  hostname: ""
+
+global:
+  # Set the location of Workflow's Registry
+  #
+  # Valid values are:
+  # - on-cluster: Run registry within the Kubernetes cluster
+  # - off-cluster: Use registry outside the Kubernetes cluster (example: dockerhub,quay.io,self-hosted)
+  # - ecr: Use Amazon's ECR
+  # - gcr: Use Google's GCR
+  registry_location: "on-cluster"
+  # Prefix for the imagepull secret created when using private registry
+  secret_prefix: "private-registry"
