feat(minio): add minio gateway support

Author: duanhongyi

charts/registry/templates/registry-deployment.yaml

@@ -62,7 +62,7 @@ spec:
             - name: registry-storage
               mountPath: /var/lib/registry
             - name: objectstorage-creds
-              mountPath: /var/run/secrets/drycc/registry/creds
+              mountPath: /var/run/secrets/drycc/objectstore/creds
       volumes:
         - name: registry-storage
           emptyDir: {}

main.go

@@ -18,147 +18,32 @@ const (
 
 func main() {
 	log.Println("INFO: Starting registry...")
-	storageType := getenv("REGISTRY_STORAGE", "filesystem")
-	if storageType == "gcs" {
-		log.Println("INFO: using google cloud storage as the backend")
-		if _, err := os.Stat("/var/run/secrets/drycc/registry/creds/key.json"); err != nil {
-			log.Fatal("Service account not given")
-		}
-		os.Setenv("REGISTRY_STORAGE_GCS_KEYFILE", "/var/run/secrets/drycc/registry/creds/key.json")
-		if bucket, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/registry-bucket"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_GCS_BUCKET", string(bucket))
-			os.Setenv("BUCKET_NAME", string(bucket))
-		}
-	} else if storageType == "s3" {
-		log.Println("INFO: using s3 as the backend")
-		if accesskey, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/accesskey"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_S3_ACCESSKEY", string(accesskey))
-			if len(accesskey) != 0 {
-				os.Setenv("AWS_ACCESS_KEY_ID", string(accesskey))
-			}
-		}
-
-		if secretkey, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/secretkey"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", string(secretkey))
-			if len(secretkey) != 0 {
-				os.Setenv("AWS_SECRET_ACCESS_KEY", string(secretkey))
-			}
-		}
-
-		if region, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/region"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_S3_REGION", string(region))
-			os.Setenv("AWS_REGION", string(region))
-		}
-
-		if bucket, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/registry-bucket"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_S3_BUCKET", string(bucket))
-			os.Setenv("BUCKET_NAME", string(bucket))
-		}
-	} else if storageType == "azure" {
-		log.Println("INFO: using azure as the backend")
-		if accountname, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/accountname"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_AZURE_ACCOUNTNAME", string(accountname))
-		}
-
-		if accountkey, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/accountkey"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_AZURE_ACCOUNTKEY", string(accountkey))
-		}
-
-		if container, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/registry-container"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_AZURE_CONTAINER", string(container))
-			os.Setenv("BUCKET_NAME", string(container))
-		}
-
-	} else if storageType == "minio" {
-		log.Println("INFO: using minio as the backend")
-		mHost := os.Getenv(minioHostEnvVar)
-		mPort := os.Getenv(minioPortEnvVar)
-		os.Setenv("REGISTRY_STORAGE", "s3")
-		os.Setenv("REGISTRY_STORAGE_S3_BACKEND", "minio")
-		os.Setenv("REGISTRY_STORAGE_S3_REGIONENDPOINT", fmt.Sprintf("http://%s:%s", mHost, mPort))
-		// NOTE(bacongobbler): custom envvars used in /bin/create-bucket
-		os.Setenv("S3_HOST", mHost)
-		os.Setenv("S3_PORT", mPort)
-		os.Setenv("S3_USE_SIGV4", "true")
-
-		if accesskey, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/accesskey"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_S3_ACCESSKEY", string(accesskey))
-			os.Setenv("AWS_ACCESS_KEY_ID", string(accesskey))
-		}
-
-		if secretkey, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/secretkey"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", string(secretkey))
-			os.Setenv("AWS_SECRET_ACCESS_KEY", string(secretkey))
-		}
-
-		os.Setenv("REGISTRY_STORAGE_S3_REGION", "us-east-1")
-		os.Setenv("AWS_REGION", "us-east-1")
-		os.Setenv("REGISTRY_STORAGE_S3_BUCKET", "registry")
-		os.Setenv("BUCKET_NAME", "registry")
-
-	} else if storageType == "swift" {
-		log.Println("INFO: using swift as the backend")
-		if authurl, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/authurl"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_SWIFT_AUTHURL", string(authurl))
-		}
-
-		if username, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/username"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_SWIFT_USERNAME", string(username))
-		}
-
-		if password, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/password"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_SWIFT_PASSWORD", string(password))
-		}
-
-		if container, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/registry-container"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_SWIFT_CONTAINER", string(container))
-			os.Setenv("BUCKET_NAME", string(container))
-		}
-
-		if authVersion, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/authversion"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_SWIFT_AUTHVERSION", string(authVersion))
-		}
-
-		if tenant, err := ioutil.ReadFile("/var/run/secrets/drycc/registry/creds/tenant"); err != nil {
-			log.Fatal(err)
-		} else {
-			os.Setenv("REGISTRY_STORAGE_SWIFT_TENANT", string(tenant))
-		}
+	mHost := os.Getenv(minioHostEnvVar)
+	mPort := os.Getenv(minioPortEnvVar)
+	os.Setenv("REGISTRY_STORAGE", "s3")
+	os.Setenv("REGISTRY_STORAGE_S3_BACKEND", "minio")
+	os.Setenv("REGISTRY_STORAGE_S3_REGIONENDPOINT", fmt.Sprintf("http://%s:%s", mHost, mPort))
+
+	if accesskey, err := ioutil.ReadFile("/var/run/secrets/drycc/objectstore/creds/accesskey"); err != nil {
+		log.Fatal(err)
+	} else {
+		os.Setenv("REGISTRY_STORAGE_S3_ACCESSKEY", string(accesskey))
+	}
 
+	if secretkey, err := ioutil.ReadFile("/var/run/secrets/drycc/objectstore/creds/secretkey"); err != nil {
+		log.Fatal(err)
+	} else {
+		os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", string(secretkey))
+	}
+	if bucket, err := ioutil.ReadFile("/var/run/secrets/drycc/objectstore/creds/registry-bucket"); err != nil {
+		log.Fatal(err)
+	} else {
+		os.Setenv("REGISTRY_STORAGE_S3_BUCKET", string(bucket))
 	}
+	os.Setenv("REGISTRY_STORAGE_S3_REGION", "us-east-1")
 
-	// run /bin/create-bucket
-	cmd := exec.Command("/bin/create-bucket")
+	// run /bin/create_bucket
+	cmd := exec.Command("/bin/create_bucket")
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	if err := cmd.Run(); err != nil {

rootfs/Dockerfile

@@ -1,25 +1,14 @@
-FROM registry:2.6.0
+FROM minio/mc:RELEASE.2018-11-06T01-12-20Z as mc
 
-RUN apk add --no-cache \
-        python3 && \
-    python3 -m ensurepip && \
-    ln -sf /usr/bin/python3 /usr/bin/python && \
-    ln -sf /usr/bin/pip3 /usr/bin/pip
-
-RUN buildDeps='gcc git linux-headers musl-dev python3-dev' && \
-    apk add --no-cache $buildDeps && \
-    # "upgrade" boto to 2.43.0 + the patch to fix minio connections
-    pip install --disable-pip-version-check --no-cache-dir --upgrade \
-        git+https://github.com/drycc/boto@abb38474ee5124bb571da0c42be67cd27c47094f \
-        azure==1.0.3 \
-        gcloud==0.18.3 \
-        python-swiftclient==3.1.0 \
-        python-keystoneclient==3.1.0 && \
-    # purge dev dependencies
-    apk del $buildDeps
+FROM registry:2.7
 
 COPY . /
 
+COPY --from=mc /usr/bin/mc /usr/bin/mc
+
+RUN apk add --no-cache jq bash \
+  && chmod +x /bin/create_bucket /bin/normalize_storage 
+
 VOLUME ["/var/lib/registry"]
 CMD ["/opt/registry/sbin/registry"]
 EXPOSE 5000

rootfs/bin/create-bucket

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC1091
+source /bin/normalize_storage
+has_bucket=$(mc ls minio -json|jq -r '.key'|grep -w "${MINIO_BUCKET}")
+if  [ ! -n "$has_bucket" ] ;then
+    mc mb minio/"${MINIO_BUCKET}"
+fi

rootfs/bin/create_bucket

@@ -0,0 +1,18 @@
+#!/usr/bin/env sh
+BUCKET_FILE="/var/run/secrets/drycc/objectstore/creds/registry-bucket"
+ACCESS_KEY_FILE="/var/run/secrets/drycc/objectstore/creds/accesskey"
+SECRET_KEY_FILE="/var/run/secrets/drycc/objectstore/creds/secretkey"
+
+if [ -f $BUCKET_FILE ]; then
+  export MINIO_BUCKET=$(cat "$BUCKET_FILE")
+fi
+if [ -f $ACCESS_KEY_FILE ]; then
+  export MINIO_ACCESS_KEY=$(cat "$ACCESS_KEY_FILE")
+fi
+if [ -f $SECRET_KEY_FILE ]; then
+  export MINIO_SECRET_KEY=$(cat "$SECRET_KEY_FILE")
+fi
+
+export MINIO_ENDPOINT=http://"${DRYCC_MINIO_SERVICE_HOST}:${DRYCC_MINIO_SERVICE_PORT}"
+
+mc config host add minio "${MINIO_ENDPOINT}" "${MINIO_ACCESS_KEY}" "${MINIO_SECRET_KEY}"