feat(charts): Add helm charts for registry

Author: kmala

charts/registry/Chart.yaml

@@ -0,0 +1,7 @@
+name: registry
+home: https://github.com/deis/registry
+version: <Will be populated by the ci before publishing the chart>
+description: Docker registry for Deis Workflow.
+maintainers:
+  - name: Deis Team
+    email: engineering@deis.com

charts/registry/templates/registry-deployment.yaml

@@ -0,0 +1,72 @@
+{{- if eq .Values.global.registry_location "on-cluster" }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: deis-registry
+  labels:
+    heritage: deis
+  annotations:
+    component.deis.io/version: {{ .Values.docker_tag }}
+spec:
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: deis-registry
+  template:
+    metadata:
+      labels:
+        app: deis-registry
+    spec:
+      serviceAccount: deis-registry
+      containers:
+        - name: deis-registry
+          image: quay.io/{{.Values.org}}/registry:{{.Values.docker_tag}}
+          imagePullPolicy: {{.Values.pull_policy}}
+{{- if or (.Values.limits_cpu) (.Values.limits_memory)}}
+          resources:
+            limits:
+{{- if (.Values.limits_cpu) }}
+              cpu: {{.Values.limits_cpu}}
+{{- end}}
+{{- if (.Values.limits_memory) }}
+              memory: {{.Values.limits_memory}}
+{{- end}}
+{{- end}}
+          livenessProbe:
+            httpGet:
+              path: /v2/
+              port: 5000
+            initialDelaySeconds: 1
+            timeoutSeconds: 1
+          readinessProbe:
+            httpGet:
+              path: /v2/
+              port: 5000
+            initialDelaySeconds: 1
+            timeoutSeconds: 1
+          env:
+            - name: REGISTRY_STORAGE_DELETE_ENABLED
+              value: "true"
+            - name: REGISTRY_LOG_LEVEL
+              value: info
+            - name: REGISTRY_STORAGE
+              value: "{{ .Values.global.storage }}"
+          ports:
+            - containerPort: 5000
+          volumeMounts:
+            - name: registry-storage
+              mountPath: /var/lib/registry
+            - name: registry-creds
+              mountPath: /var/run/secrets/deis/registry/creds
+      volumes:
+        - name: registry-storage
+          emptyDir: {}
+        - name: registry-creds
+          secret:
+            secretName: registry-storage-keyfile
+{{- end }}

charts/registry/templates/registry-service-account.yaml

@@ -0,0 +1,8 @@
+{{- if eq .Values.global.registry_location "on-cluster" }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: deis-registry
+  labels:
+    heritage: deis
+{{- end }}

charts/registry/templates/registry-service.yaml

@@ -0,0 +1,15 @@
+{{- if eq .Values.global.registry_location "on-cluster" }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: deis-registry
+  labels:
+    heritage: deis
+spec:
+  ports:
+    - name: http
+      port: 80
+      targetPort: 5000
+  selector:
+    app: deis-registry
+{{- end }}

charts/registry/templates/registry-storage-secret.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry-storage-keyfile
+  labels:
+    heritage: deis
+  annotations:
+    deis.io/objectstorage: "{{ .Values.global.storage }}"
+type: Opaque
+data: {{ if eq .Values.global.storage "gcs"}}
+  key.json: {{.Values.gcs.key_json | b64enc}}
+  registry-bucket: {{.Values.gcs.registry_bucket | b64enc}}{{ else if eq .Values.global.storage "azure"}}
+  accountname: {{.Values.azure.accountname | b64enc }}
+  accountkey: {{ .Values.azure.accountkey | b64enc }}
+  registry-container: {{ .Values.azure.registry_container | b64enc }}{{ else if eq .Values.global.storage "s3"}}
+  accesskey: {{ .Values.s3.accesskey | b64enc }}
+  secretkey: {{ .Values.s3.secretkey | b64enc }}
+  region: {{ .Values.s3.region | b64enc }}
+  registry-bucket: {{ .Values.s3.registry_bucket | b64enc }}{{ else if eq .Values.global.storage "swift"}}
+  username: {{ .swift.username | b64enc }}
+  password: {{ .swift.password | b64enc }}
+  authurl: {{ .swift.authurl | b64enc }}
+  tenant: {{ .swift.tenant | b64enc }}
+  authversion: {{ .swift.authversion | b64enc }}
+  registry-container: {{ .swift.registry_container | b64enc }}{{else if eq .Values.global.storage "minio"}}
+  accesskey: OFRaUlkySlJXTVBUNlVNWFI2STU=
+  secretkey: Z2JzdHJPdm90TU1jZzJzTWZHVWhBNWE2RXQvRUk1QUx0SUhzb2JZaw=={{ end }}

charts/registry/values.yaml

@@ -0,0 +1,55 @@
+org: "deisci"
+pull_policy: "Always"
+docker_tag: canary
+# limits_cpu: "100m"
+# limits_memory: "50Mi"
+
+global:
+  # Set the storage backend
+  #
+  # Valid values are:
+  # - s3: Store persistent data in AWS S3 (configure in S3 section)
+  # - azure: Store persistent data in Azure's object storage
+  # - gcs: Store persistent data in Google Cloud Storage
+  # - minio: Store persistent data on in-cluster Minio server
+  storage: ""
+
+  # Set the location of Workflow's Registry
+  #
+  # Valid values are:
+  # - on-cluster: Run registry within the Kubernetes cluster
+  # - off-cluster: Use registry outside the Kubernetes cluster (example: dockerhub,quay.io,self-hosted)
+  # - ecr: Use Amazon's ECR
+  # - gcr: Use Google's GCR
+  registry_location: "on-cluster"
+
+
+s3:
+  # Your AWS access key. Leave it empty if you want to use IAM credentials.
+  accesskey: ""
+  # Your AWS secret key. Leave it empty if you want to use IAM credentials.
+  secretkey: ""
+  # Any S3 region
+  region: "us-west-1"
+  # Your buckets.
+  registry_bucket: "your-registry-bucket-name"
+
+azure:
+  accountname: "YOUR ACCOUNT NAME"
+  accountkey: "YOUR ACCOUNT KEY"
+  registry_container: "your-registry-container-name"
+
+gcs:
+  # key_json is expanded into a JSON file on the remote server. It must be
+  # well-formatted JSON data.
+  key_json: ''
+  registry_bucket: "your-registry-bucket-name"
+
+swift:
+  username: "Your OpenStack Swift Username"
+  password: "Your OpenStack Swift Password"
+  authurl: "Swift auth URL for obtaining an auth token"
+  # Your OpenStack tenant name if you are using auth version 2 or 3.
+  tenant: ""
+  authversion: "Your OpenStack swift auth version"
+  registry_container: "your-registry-container-name"