From 6fb861f50fdca2b00cfba380e760b4ea24589253 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 10 Jan 2022 01:16:58 +0800 Subject: [PATCH 01/69] chore(registry): use exec runner replace docker runner --- .drone/drone.yml | 59 +++++++++--------------------------------------- 1 file changed, 11 insertions(+), 48 deletions(-) diff --git a/.drone/drone.yml b/.drone/drone.yml index 58ef37c..4b8e7a1 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -1,5 +1,5 @@ kind: pipeline -type: docker +type: exec name: linux-amd64 platform: @@ -8,9 +8,6 @@ platform: steps: - name: test - image: docker.io/drycc/go-dev - pull: always - privileged: true commands: - make docker-build test environment: @@ -22,14 +19,8 @@ steps: - push - tag - pull_request - volumes: - - name: image_registries - path: /etc/containers/registries.conf - name: publish - image: docker.io/drycc/go-dev - pull: always - privileged: true commands: - echo $DOCKER_PASSWORD | docker login --username $DOCKER_USERNAME --password-stdin - make docker-build docker-immutable-push @@ -47,24 +38,10 @@ steps: event: - push - tag - volumes: - - name: image_registries - path: /etc/containers/registries.conf - -trigger: - event: - - push - - tag - - pull_request - -volumes: -- name: image_registries - host: - path: /etc/containers/registries.conf --- kind: pipeline -type: docker +type: exec name: linux-arm64 platform: @@ -73,9 +50,6 @@ platform: steps: - name: publish - image: docker.io/drycc/go-dev - pull: always - privileged: true commands: - echo $DOCKER_PASSWORD | docker login --username $DOCKER_USERNAME --password-stdin - make docker-build docker-immutable-push @@ -89,19 +63,10 @@ steps: from_secret: docker_username DOCKER_PASSWORD: from_secret: docker_password - volumes: - - name: image_registries - path: /etc/containers/registries.conf - -trigger: - event: - - push - - tag - -volumes: -- name: image_registries - host: - path: /etc/containers/registries.conf + when: + event: + - push + - tag --- kind: pipeline @@ -143,12 +108,11 @@ depends_on: --- kind: pipeline -type: docker +type: exec name: chart steps: - name: generate chart - image: docker.io/drycc/python-dev commands: - IMAGE_TAG=$([ ! -z $DRONE_TAG ] && echo ${DRONE_TAG:1} || echo \"canary\") - sed -i "s/image_tag:\ \"canary\"/image_tag:\ $IMAGE_TAG/g" charts/registry/values.yaml @@ -161,8 +125,7 @@ steps: from_secret: chartmuseum_password CHARTMUSEUM_API: from_secret: chartmuseum_api - -trigger: - event: - - push - - tag + when: + event: + - push + - tag From b1215e90ce63d161cc315b86c39e56767be213b4 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 14 Jan 2022 10:38:26 +0800 Subject: [PATCH 02/69] chore(registry): canonical charts naming --- .drone/drone.yml | 2 +- .../templates/registry-deployment.yaml | 20 +++++++++---------- .../templates/registry-service-account.yaml | 2 +- .../registry/templates/registry-service.yaml | 2 +- charts/registry/values.yaml | 12 +++++------ 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.drone/drone.yml b/.drone/drone.yml index 4b8e7a1..8caa09b 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -115,7 +115,7 @@ steps: - name: generate chart commands: - IMAGE_TAG=$([ ! -z $DRONE_TAG ] && echo ${DRONE_TAG:1} || echo \"canary\") - - sed -i "s/image_tag:\ \"canary\"/image_tag:\ $IMAGE_TAG/g" charts/registry/values.yaml + - sed -i "s/imageTag:\ \"canary\"/imageTag:\ $IMAGE_TAG/g" charts/registry/values.yaml - helm package charts/registry --version ${DRONE_TAG:-v1.0.0} - curl -u $CHARTMUSEUM_USERNAME:$CHARTMUSEUM_PASSWORD -F chart=@registry-${DRONE_TAG:-v1.0.0}.tgz "$CHARTMUSEUM_API/api/$([ -z $DRONE_TAG ] && echo testing || echo stable)/charts" environment: diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index facffc0..4f6bcaa 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.global.registry_location "on-cluster" }} +{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: apps/v1 kind: Deployment metadata: @@ -6,7 +6,7 @@ metadata: labels: heritage: drycc annotations: - component.drycc.cc/version: {{ .Values.image_tag }} + component.drycc.cc/version: {{ .Values.imageTag }} spec: replicas: 1 strategy: @@ -26,7 +26,7 @@ spec: initContainers: - name: drycc-registry-init image: docker.io/drycc/python-dev:latest - imagePullPolicy: {{.Values.image_pull_policy}} + imagePullPolicy: {{.Values.imagePullPolicy}} command: - netcat - -v @@ -34,16 +34,16 @@ spec: - $(DRYCC_MINIO_SERVICE_HOST):$(DRYCC_MINIO_SERVICE_PORT) containers: - name: drycc-registry - image: {{.Values.image_registry}}/{{.Values.image_org}}/registry:{{.Values.image_tag}} - imagePullPolicy: {{.Values.image_pull_policy}} -{{- if or (.Values.limits_cpu) (.Values.limits_memory)}} + image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} + imagePullPolicy: {{.Values.imagePullPolicy}} +{{- if or (.Values.limitsCpu) (.Values.limitsMemory)}} resources: limits: -{{- if (.Values.limits_cpu) }} - cpu: {{.Values.limits_cpu}} +{{- if (.Values.limitsCpu) }} + cpu: {{.Values.limitsCpu}} {{- end}} -{{- if (.Values.limits_memory) }} - memory: {{.Values.limits_memory}} +{{- if (.Values.limitsMemory) }} + memory: {{.Values.limitsMemory}} {{- end}} {{- end}} livenessProbe: diff --git a/charts/registry/templates/registry-service-account.yaml b/charts/registry/templates/registry-service-account.yaml index f117ae3..3766311 100644 --- a/charts/registry/templates/registry-service-account.yaml +++ b/charts/registry/templates/registry-service-account.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.global.registry_location "on-cluster" }} +{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index be960ac..c4fdf9f 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.global.registry_location "on-cluster" }} +{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: v1 kind: Service metadata: diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 14c748b..8663303 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ -image_org: "drycc" -image_pull_policy: "Always" -image_tag: "canary" -image_registry: "docker.io" -# limits_cpu: "100m" -# limits_memory: "50Mi" +imageOrg: "drycc" +imagePullPolicy: "Always" +imageTag: "canary" +imageRegistry: "docker.io" +# limitsCpu: "100m" +# limitsMemory: "50Mi" From 73f8787f69db15b667af001f67ca801f35e2aa98 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 25 Jan 2022 17:06:26 +0800 Subject: [PATCH 03/69] chore(registry): provide any additional service annotations --- charts/registry/templates/registry-service.yaml | 4 ++++ charts/registry/values.yaml | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index c4fdf9f..1b792c1 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: Service metadata: name: drycc-registry + annotations: + {{- with .Values.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: heritage: drycc spec: diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 8663303..51deaf8 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -4,3 +4,8 @@ imageTag: "canary" imageRegistry: "docker.io" # limitsCpu: "100m" # limitsMemory: "50Mi" + +# Service +service: + # Provide any additional service annotations + annotations: {} \ No newline at end of file From e99e6322d813dbdee71adcb0fb2ed37fdcb94fba Mon Sep 17 00:00:00 2001 From: lijianguo Date: Wed, 2 Mar 2022 14:35:21 +0800 Subject: [PATCH 04/69] chore(dockerfile): use drycc/base image --- Dockerfile | 43 +++++++++++++++++++++++++++++++-------- Makefile | 2 +- contrib/ci/test.sh | 2 +- main.go | 2 +- rootfs/config-example.yml | 18 ++++++++++++++++ 5 files changed, 55 insertions(+), 12 deletions(-) create mode 100644 rootfs/config-example.yml diff --git a/Dockerfile b/Dockerfile index 7d18242..fc01ebd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,49 @@ -FROM docker.io/minio/mc:latest as mc - - FROM docker.io/drycc/go-dev:latest AS build ARG LDFLAGS ADD . /app RUN export GO111MODULE=on \ && cd /app \ - && CGO_ENABLED=0 go build -ldflags "${LDFLAGS}" -o /usr/local/bin/registry main.go \ + && CGO_ENABLED=0 init-stack go build -ldflags "${LDFLAGS}" -o /usr/local/bin/registry main.go \ && upx -9 --brute /usr/local/bin/registry -FROM docker.io/library/registry:2.7 +FROM docker.io/drycc/base:bullseye + +RUN adduser --system \ + --shell /bin/bash \ + --disabled-password \ + --home /var/lib/registry \ + --group \ + drycc -COPY rootfs / -COPY --from=mc /usr/bin/mc /bin/mc +COPY rootfs/bin/ /bin/ +COPY rootfs/config-example.yml /etc/docker/registry/config.yml COPY --from=build /usr/local/bin/registry /opt/registry/sbin/registry +ENV JQ_VERSION="1.6" \ + MC_VERSION="2022.02.26.03.58.31" \ + REGISTRY_VERSION="2.8.0" -RUN apk add --no-cache jq bash \ - && chmod +x /bin/create_bucket /bin/normalize_storage +RUN install-stack jq $JQ_VERSION \ + && install-stack mc $MC_VERSION \ + && install-stack registry $REGISTRY_VERSION \ + && chmod +x /bin/create_bucket /bin/normalize_storage \ + && rm -rf \ + /usr/share/doc \ + /usr/share/man \ + /usr/share/info \ + /usr/share/locale \ + /var/lib/apt/lists/* \ + /var/log/* \ + /var/cache/debconf/* \ + /etc/systemd \ + /lib/lsb \ + /lib/udev \ + /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \ + /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \ + && mkdir -p /usr/share/man/man{1..8} \ + && chown -R drycc:drycc /var/lib/registry +USER drycc VOLUME ["/var/lib/registry"] CMD ["/opt/registry/sbin/registry"] EXPOSE 5000 diff --git a/Makefile b/Makefile index 1dc469b..d75fcb0 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ SHELL_SCRIPTS = $(wildcard rootfs/bin/* _scripts/*.sh contrib/ci/*.sh) # The following variables describe the containerized development environment # and other build options DEV_ENV_IMAGE := ${DEV_REGISTRY}/drycc/go-dev -DEV_ENV_WORK_DIR := /go/src/${REPO_PATH} +DEV_ENV_WORK_DIR := /opt/drycc/go/src/${REPO_PATH} DEV_ENV_PREFIX := docker run --rm -v ${CURDIR}:${DEV_ENV_WORK_DIR} -w ${DEV_ENV_WORK_DIR} DEV_ENV_CMD := ${DEV_ENV_PREFIX} ${DEV_ENV_IMAGE} LDFLAGS := "-s -w -X main.version=${VERSION}" diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index a0c143c..13cd969 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -12,7 +12,7 @@ echo "1234567890123456789012345678901234567890" > "${CURRENT_DIR}"/tmp/aws-user/ MINIO_JOB=$(docker run -d --name minio \ -v "${CURRENT_DIR}"/tmp/aws-user:/var/run/secrets/drycc/objectstore/creds \ - drycc/minio:canary server /home/minio/) + drycc/minio:canary server /data/minio/) sleep 5 docker logs "${MINIO_JOB}" diff --git a/main.go b/main.go index 407a145..d0b23f0 100644 --- a/main.go +++ b/main.go @@ -9,7 +9,7 @@ import ( ) const ( - registryBinary = "/bin/registry" + registryBinary = "/opt/drycc/registry/bin/registry" registryConfig = "/etc/docker/registry/config.yml" minioHostEnvVar = "DRYCC_MINIO_SERVICE_HOST" minioPortEnvVar = "DRYCC_MINIO_SERVICE_PORT" diff --git a/rootfs/config-example.yml b/rootfs/config-example.yml new file mode 100644 index 0000000..3277f9a --- /dev/null +++ b/rootfs/config-example.yml @@ -0,0 +1,18 @@ +version: 0.1 +log: + fields: + service: registry +storage: + cache: + blobdescriptor: inmemory + filesystem: + rootdirectory: /var/lib/registry +http: + addr: :5000 + headers: + X-Content-Type-Options: [nosniff] +health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 From d18b7b5dad02695696791f3f7f6490ea8c26fe6a Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 3 Mar 2022 10:50:02 +0800 Subject: [PATCH 05/69] chore(registry): change workdir to /workspace --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index fc01ebd..312d3b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ FROM docker.io/drycc/go-dev:latest AS build ARG LDFLAGS -ADD . /app +ADD . /workspace RUN export GO111MODULE=on \ - && cd /app \ + && cd /workspace \ && CGO_ENABLED=0 init-stack go build -ldflags "${LDFLAGS}" -o /usr/local/bin/registry main.go \ && upx -9 --brute /usr/local/bin/registry From 43929756f572716fee36d54a2528fbd04c537a9a Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 4 Mar 2022 14:29:04 +0800 Subject: [PATCH 06/69] fix(registry): set gid uid to 1001 --- Dockerfile | 20 +++++++++---------- .../templates/registry-deployment.yaml | 6 +++++- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 312d3b4..6cd17a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,16 +9,16 @@ RUN export GO111MODULE=on \ FROM docker.io/drycc/base:bullseye -RUN adduser --system \ - --shell /bin/bash \ - --disabled-password \ - --home /var/lib/registry \ - --group \ - drycc +ARG DRYCC_UID=1001 +ARG DRYCC_GID=1001 +ARG DRYCC_HOME_DIR=/var/lib/registry + +RUN groupadd drycc --gid ${DRYCC_GID} \ + && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} COPY rootfs/bin/ /bin/ COPY rootfs/config-example.yml /etc/docker/registry/config.yml -COPY --from=build /usr/local/bin/registry /opt/registry/sbin/registry +COPY --from=build /usr/local/bin/registry /opt/registry/bin/registry ENV JQ_VERSION="1.6" \ MC_VERSION="2022.02.26.03.58.31" \ REGISTRY_VERSION="2.8.0" @@ -41,9 +41,9 @@ RUN install-stack jq $JQ_VERSION \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \ && mkdir -p /usr/share/man/man{1..8} \ - && chown -R drycc:drycc /var/lib/registry + && chown -R drycc:drycc ${DRYCC_HOME_DIR} USER drycc -VOLUME ["/var/lib/registry"] -CMD ["/opt/registry/sbin/registry"] +VOLUME ["${DRYCC_HOME_DIR}"] +CMD ["/opt/registry/bin/registry"] EXPOSE 5000 diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 4f6bcaa..83cc366 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -27,7 +27,7 @@ spec: - name: drycc-registry-init image: docker.io/drycc/python-dev:latest imagePullPolicy: {{.Values.imagePullPolicy}} - command: + args: - netcat - -v - -a @@ -70,6 +70,10 @@ spec: mountPath: /var/lib/registry - name: objectstorage-creds mountPath: /var/run/secrets/drycc/objectstore/creds + securityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 volumes: - name: registry-storage emptyDir: {} From cd9c8473b799ca8095c6b84adf399bd6b92f00ec Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 7 Mar 2022 14:28:48 +0800 Subject: [PATCH 07/69] chore(registry): use DRYCC_UID DRYCC_GID env --- Dockerfile | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6cd17a1..53764f6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,21 +9,20 @@ RUN export GO111MODULE=on \ FROM docker.io/drycc/base:bullseye -ARG DRYCC_UID=1001 -ARG DRYCC_GID=1001 -ARG DRYCC_HOME_DIR=/var/lib/registry - -RUN groupadd drycc --gid ${DRYCC_GID} \ - && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} +ENV DRYCC_UID=1001 \ + DRYCC_GID=1001 \ + DRYCC_HOME_DIR=/var/lib/registry \ + JQ_VERSION="1.6" \ + MC_VERSION="2022.02.26.03.58.31" \ + REGISTRY_VERSION="2.8.0" COPY rootfs/bin/ /bin/ COPY rootfs/config-example.yml /etc/docker/registry/config.yml COPY --from=build /usr/local/bin/registry /opt/registry/bin/registry -ENV JQ_VERSION="1.6" \ - MC_VERSION="2022.02.26.03.58.31" \ - REGISTRY_VERSION="2.8.0" -RUN install-stack jq $JQ_VERSION \ +RUN groupadd drycc --gid ${DRYCC_GID} \ + && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \ + && install-stack jq $JQ_VERSION \ && install-stack mc $MC_VERSION \ && install-stack registry $REGISTRY_VERSION \ && chmod +x /bin/create_bucket /bin/normalize_storage \ @@ -41,9 +40,9 @@ RUN install-stack jq $JQ_VERSION \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \ && mkdir -p /usr/share/man/man{1..8} \ - && chown -R drycc:drycc ${DRYCC_HOME_DIR} + && chown -R ${DRYCC_GID}:${DRYCC_UID} ${DRYCC_HOME_DIR} -USER drycc +USER ${DRYCC_UID} VOLUME ["${DRYCC_HOME_DIR}"] CMD ["/opt/registry/bin/registry"] EXPOSE 5000 From 4b09cd3ade4defb8e84e0995da5ff5510b0d2b19 Mon Sep 17 00:00:00 2001 From: lijianguo Date: Wed, 16 Mar 2022 17:39:31 +0800 Subject: [PATCH 08/69] feat(registry): add affinity --- charts/registry/templates/registry-deployment.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 83cc366..79e589e 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -22,6 +22,9 @@ spec: labels: app: drycc-registry spec: + {{- if .Values.global.common }} + {{- include "common.affinity" (dict "key" "app" "values" (list "drycc-registry")) | indent 6 }} + {{- end }} serviceAccount: drycc-registry initContainers: - name: drycc-registry-init @@ -70,9 +73,9 @@ spec: mountPath: /var/lib/registry - name: objectstorage-creds mountPath: /var/run/secrets/drycc/objectstore/creds - securityContext: - fsGroup: 1001 - runAsGroup: 1001 + securityContext: + fsGroup: 1001 + runAsGroup: 1001 runAsUser: 1001 volumes: - name: registry-storage From e42bcf4c59a58194cce7510d5d5a1a650cc8937c Mon Sep 17 00:00:00 2001 From: lijianguo Date: Thu, 17 Mar 2022 10:42:13 +0800 Subject: [PATCH 09/69] chore(registry): use common affinity template --- .drone/drone.yml | 2 +- charts/registry/Chart.yaml | 7 ++++++- charts/registry/templates/registry-deployment.yaml | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.drone/drone.yml b/.drone/drone.yml index 8caa09b..f2ae72e 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -116,7 +116,7 @@ steps: commands: - IMAGE_TAG=$([ ! -z $DRONE_TAG ] && echo ${DRONE_TAG:1} || echo \"canary\") - sed -i "s/imageTag:\ \"canary\"/imageTag:\ $IMAGE_TAG/g" charts/registry/values.yaml - - helm package charts/registry --version ${DRONE_TAG:-v1.0.0} + - helm package -u charts/registry --version ${DRONE_TAG:-v1.0.0} - curl -u $CHARTMUSEUM_USERNAME:$CHARTMUSEUM_PASSWORD -F chart=@registry-${DRONE_TAG:-v1.0.0}.tgz "$CHARTMUSEUM_API/api/$([ -z $DRONE_TAG ] && echo testing || echo stable)/charts" environment: CHARTMUSEUM_USERNAME: diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index bbe1197..f745f81 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -1,7 +1,12 @@ name: registry home: https://github.com/drycc/registry -version: v1.0.0 +apiVersion: v2 +dependencies: + - name: common + repository: https://charts.drycc.cc/stable + version: 1.x.x description: Docker registry for Drycc Workflow. maintainers: - name: Drycc Team email: engineering@drycc.com +version: v1.0.0 diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 79e589e..c3372d3 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -22,9 +22,7 @@ spec: labels: app: drycc-registry spec: - {{- if .Values.global.common }} - {{- include "common.affinity" (dict "key" "app" "values" (list "drycc-registry")) | indent 6 }} - {{- end }} + {{- include "common.affinities.nodes.soft" (dict "key" "app" "values" (list "drycc-registry")) | indent 6 }} serviceAccount: drycc-registry initContainers: - name: drycc-registry-init From 52b619822dcc5c20d10017c148ef974077ab7f3b Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 17 Mar 2022 11:38:41 +0800 Subject: [PATCH 10/69] chore(registry): change nodes to pod affinity --- charts/registry/templates/registry-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index c3372d3..43e16cd 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -22,7 +22,7 @@ spec: labels: app: drycc-registry spec: - {{- include "common.affinities.nodes.soft" (dict "key" "app" "values" (list "drycc-registry")) | indent 6 }} + {{- include "common.affinities.pods.soft" (dict "key" "app" "values" (list "drycc-registry")) | indent 6 }} serviceAccount: drycc-registry initContainers: - name: drycc-registry-init From d0ad5cc4a7305db187781856634c18cd5e639cf5 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 6 Apr 2022 16:05:21 +0800 Subject: [PATCH 11/69] chore(database): bump mc 2022.04.01.23.44.48 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 53764f6..113a521 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.6" \ - MC_VERSION="2022.02.26.03.58.31" \ + MC_VERSION="2022.04.01.23.44.48" \ REGISTRY_VERSION="2.8.0" COPY rootfs/bin/ /bin/ From fe2210dfba4c1b7b45450aa36c467d0a061919cf Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 15 Apr 2022 00:16:33 +0800 Subject: [PATCH 12/69] chore(rregistry): use registry.drycc.cc replace docker.io --- .drone/drone.yml | 39 +++++++++++-------- .drone/manifest.tmpl | 6 +-- Dockerfile | 4 +- .../templates/registry-deployment.yaml | 2 +- charts/registry/values.yaml | 2 +- 5 files changed, 30 insertions(+), 23 deletions(-) diff --git a/.drone/drone.yml b/.drone/drone.yml index f2ae72e..c916554 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -9,11 +9,16 @@ platform: steps: - name: test commands: + - mkdir -p $HOMEPATH/.docker; echo $IMAGE_PULL_SECRETS > $HOMEPATH/.docker/config.json - make docker-build test environment: VERSION: ${DRONE_TAG:-latest}-linux-amd64 - DEV_REGISTRY: ${DEV_REGISTRY:-docker.io} - DRYCC_REGISTRY: ${DRYCC_REGISTRY:-docker.io} + DEV_REGISTRY: + from_secret: dev_registry + DRYCC_REGISTRY: + from_secret: drycc_registry + IMAGE_PULL_SECRETS: + from_secret: container_pull_secrets when: event: - push @@ -22,7 +27,7 @@ steps: - name: publish commands: - - echo $DOCKER_PASSWORD | docker login --username $DOCKER_USERNAME --password-stdin + - echo $CONTAINER_PASSWORD | docker login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - make docker-build docker-immutable-push environment: VERSION: ${DRONE_TAG:-latest}-linux-amd64 @@ -30,10 +35,10 @@ steps: from_secret: dev_registry DRYCC_REGISTRY: from_secret: drycc_registry - DOCKER_USERNAME: - from_secret: docker_username - DOCKER_PASSWORD: - from_secret: docker_password + CONTAINER_USERNAME: + from_secret: container_username + CONTAINER_PASSWORD: + from_secret: container_password when: event: - push @@ -51,7 +56,7 @@ platform: steps: - name: publish commands: - - echo $DOCKER_PASSWORD | docker login --username $DOCKER_USERNAME --password-stdin + - echo $CONTAINER_PASSWORD | docker login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - make docker-build docker-immutable-push environment: VERSION: ${DRONE_TAG:-latest}-linux-arm64 @@ -59,10 +64,10 @@ steps: from_secret: dev_registry DRYCC_REGISTRY: from_secret: drycc_registry - DOCKER_USERNAME: - from_secret: docker_username - DOCKER_PASSWORD: - from_secret: docker_password + CONTAINER_USERNAME: + from_secret: container_username + CONTAINER_PASSWORD: + from_secret: container_password when: event: - push @@ -72,13 +77,15 @@ steps: kind: pipeline type: docker name: manifest +image_pull_secrets: +- container_pull_secrets steps: - name: generate manifest - image: docker.io/library/alpine + image: registry.drycc.cc/drycc/python-dev pull: always commands: - - sed -i "s/docker.io/$${DRYCC_REGISTRY}/g" .drone/manifest.tmpl + - sed -i "s/registry.drycc.cc/$${DRYCC_REGISTRY}/g" .drone/manifest.tmpl environment: DRYCC_REGISTRY: from_secret: drycc_registry @@ -88,9 +95,9 @@ steps: settings: spec: .drone/manifest.tmpl username: - from_secret: docker_username + from_secret: container_username password: - from_secret: docker_password + from_secret: container_password environment: DEV_REGISTRY: from_secret: dev_registry diff --git a/.drone/manifest.tmpl b/.drone/manifest.tmpl index 6b5a36e..04806b3 100644 --- a/.drone/manifest.tmpl +++ b/.drone/manifest.tmpl @@ -1,4 +1,4 @@ -image: docker.io/drycc/registry:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}canary{{/if}} +image: registry.drycc.cc/drycc/registry:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}canary{{/if}} {{#if build.tags}} tags: {{#each build.tags}} @@ -7,12 +7,12 @@ tags: {{/if}} manifests: - - image: docker.io/drycc/registry:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-amd64 + image: registry.drycc.cc/drycc/registry:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-amd64 platform: architecture: amd64 os: linux - - image: docker.io/drycc/registry:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-arm64 + image: registry.drycc.cc/drycc/registry:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-arm64 platform: architecture: arm64 os: linux diff --git a/Dockerfile b/Dockerfile index 113a521..423975d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/drycc/go-dev:latest AS build +FROM registry.drycc.cc/drycc/go-dev:latest AS build ARG LDFLAGS ADD . /workspace RUN export GO111MODULE=on \ @@ -7,7 +7,7 @@ RUN export GO111MODULE=on \ && upx -9 --brute /usr/local/bin/registry -FROM docker.io/drycc/base:bullseye +FROM registry.drycc.cc/drycc/base:bullseye ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 43e16cd..81a6845 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -26,7 +26,7 @@ spec: serviceAccount: drycc-registry initContainers: - name: drycc-registry-init - image: docker.io/drycc/python-dev:latest + image: registry.drycc.cc/drycc/python-dev:latest imagePullPolicy: {{.Values.imagePullPolicy}} args: - netcat diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 51deaf8..22a3da8 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,7 +1,7 @@ imageOrg: "drycc" imagePullPolicy: "Always" imageTag: "canary" -imageRegistry: "docker.io" +imageRegistry: "registry.drycc.cc" # limitsCpu: "100m" # limitsMemory: "50Mi" From 1b324d409a88ae03e4d4a4e6df695405df4c5512 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 15 Apr 2022 21:12:52 +0800 Subject: [PATCH 13/69] chore(registry): move registry-secret.yaml from workflow to registry --- charts/registry/templates/registry-secret.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 charts/registry/templates/registry-secret.yaml diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml new file mode 100644 index 0000000..dd44136 --- /dev/null +++ b/charts/registry/templates/registry-secret.yaml @@ -0,0 +1,16 @@ +{{- if ne .Values.global.registryLocation "on-cluster" }} +apiVersion: v1 +kind: Secret +metadata: + name: registry-secret + labels: + heritage: drycc + annotations: + drycc.cc/registry-location: "{{ .Values.global.registryLocation }}" +type: Opaque +data: + hostname: {{ .Values.registry.hostname | b64enc }} + organization: {{ .Values.registry.organization | b64enc }} + username: {{ .Values.registry.username | b64enc }} + password: {{ .Values.registry.password | b64enc }} +{{- end }} From b1829059ddbfae38e193a90d293c0673487fd5a6 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sat, 16 Apr 2022 11:25:03 +0800 Subject: [PATCH 14/69] chore(registry): change python-dev registry --- charts/registry/templates/registry-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 81a6845..d9385cc 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -26,7 +26,7 @@ spec: serviceAccount: drycc-registry initContainers: - name: drycc-registry-init - image: registry.drycc.cc/drycc/python-dev:latest + image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest imagePullPolicy: {{.Values.imagePullPolicy}} args: - netcat From 395a74ea198fc6abc5dfa85ce63f093926446d0c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 19 Apr 2022 10:09:49 +0800 Subject: [PATCH 15/69] chore(registry): https://github.com/minio/minio/issues/14331 --- charts/registry/templates/_helper.tpl | 29 +++++++++++++++++ .../templates/registry-deployment.yaml | 23 +++++--------- contrib/ci/test.sh | 9 +++--- main.go | 31 +++++++++++-------- rootfs/bin/normalize_storage | 10 +++--- 5 files changed, 65 insertions(+), 37 deletions(-) create mode 100644 charts/registry/templates/_helper.tpl diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl new file mode 100644 index 0000000..3e96d74 --- /dev/null +++ b/charts/registry/templates/_helper.tpl @@ -0,0 +1,29 @@ +{{- define "registry.envs" -}} +{{- if eq .Values.global.minioLocation "on-cluster" }} +- name: "DRYCC_MINIO_ENDPOINT" + value: ${DRYCC_MINIO_SERVICE_HOST}:${DRYCC_MINIO_SERVICE_PORT} +{{- else }} +- name: "DRYCC_MINIO_ENDPOINT" + value: "{{ .Values.minio.endpoint }}" +{{- end }} +{{- end }} + +{{/* Generate registry deployment limits */}} +{{- define "registry.limits" -}} +{{- if or (.Values.limitsCpu) (.Values.limitsMemory)}} +resources: + limits: + {{- if (.Values.limitsCpu) }} + cpu: {{.Values.limitsCpu}} + {{- end }} + {{- if (.Values.limitsMemory) }} + memory: {{.Values.limitsMemory}} + {{- end }} + {{- if (.Values.limitsHugepages2Mi) }} + hugepages-2Mi: {{.Values.limitsHugepages2Mi}} + {{- end }} + {{- if (.Values.limitsHugepages1Gi) }} + hugepages-1Gi: {{.Values.limitsHugepages1Gi}} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index d9385cc..fbcb918 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -32,21 +32,14 @@ spec: - netcat - -v - -a - - $(DRYCC_MINIO_SERVICE_HOST):$(DRYCC_MINIO_SERVICE_PORT) + - $(DRYCC_MINIO_ENDPOINT) + {{- include "builder.envs" . | indent 8 }} containers: - name: drycc-registry image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} imagePullPolicy: {{.Values.imagePullPolicy}} -{{- if or (.Values.limitsCpu) (.Values.limitsMemory)}} - resources: - limits: -{{- if (.Values.limitsCpu) }} - cpu: {{.Values.limitsCpu}} -{{- end}} -{{- if (.Values.limitsMemory) }} - memory: {{.Values.limitsMemory}} -{{- end}} -{{- end}} + {{- include "builder.limits" . | indent 8 }} + {{- include "builder.envs" . | indent 8 }} livenessProbe: httpGet: path: /v2/ @@ -69,8 +62,8 @@ spec: volumeMounts: - name: registry-storage mountPath: /var/lib/registry - - name: objectstorage-creds - mountPath: /var/run/secrets/drycc/objectstore/creds + - name: minio-creds + mountPath: /var/run/secrets/drycc/minio/creds securityContext: fsGroup: 1001 runAsGroup: 1001 @@ -78,7 +71,7 @@ spec: volumes: - name: registry-storage emptyDir: {} - - name: objectstorage-creds + - name: minio-creds secret: - secretName: objectstorage-keyfile + secretName: minio-creds {{- end }} diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 13cd969..6b69592 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -11,8 +11,8 @@ echo "1234567890123456789012345678901234567890" > "${CURRENT_DIR}"/tmp/aws-user/ echo "1234567890123456789012345678901234567890" > "${CURRENT_DIR}"/tmp/aws-user/secretkey MINIO_JOB=$(docker run -d --name minio \ - -v "${CURRENT_DIR}"/tmp/aws-user:/var/run/secrets/drycc/objectstore/creds \ - drycc/minio:canary server /data/minio/) + -v "${CURRENT_DIR}"/tmp/aws-user:/var/run/secrets/drycc/minio/creds \ + "${DEV_REGISTRY}"/drycc/minio:canary server /data/minio/) sleep 5 docker logs "${MINIO_JOB}" @@ -21,9 +21,8 @@ MINIO_IP=$(docker inspect --format "{{ .NetworkSettings.IPAddress }}" "${MINIO_J JOB=$(docker run --add-host minio:"${MINIO_IP}" \ -d \ - -e DRYCC_MINIO_SERVICE_HOST=minio \ - -e DRYCC_MINIO_SERVICE_PORT=9000 \ - -v "${CURRENT_DIR}"/tmp/aws-user:/var/run/secrets/drycc/objectstore/creds \ + -e DRYCC_MINIO_ENDPOINT=minio:9000 \ + -v "${CURRENT_DIR}"/tmp/aws-user:/var/run/secrets/drycc/minio/creds \ "$1") # let the registry run for a few seconds diff --git a/main.go b/main.go index d0b23f0..3bf3880 100644 --- a/main.go +++ b/main.go @@ -9,37 +9,42 @@ import ( ) const ( - registryBinary = "/opt/drycc/registry/bin/registry" - registryConfig = "/etc/docker/registry/config.yml" - minioHostEnvVar = "DRYCC_MINIO_SERVICE_HOST" - minioPortEnvVar = "DRYCC_MINIO_SERVICE_PORT" - command = "serve" + registryBinary = "/opt/drycc/registry/bin/registry" + registryConfig = "/etc/docker/registry/config.yml" + minioEndpointEnvVar = "DRYCC_MINIO_ENDPOINT" + command = "serve" ) func main() { log.Println("INFO: Starting registry...") - mHost := os.Getenv(minioHostEnvVar) - mPort := os.Getenv(minioPortEnvVar) + mEndpoint := os.Getenv(minioEndpointEnvVar) os.Setenv("REGISTRY_STORAGE", "s3") os.Setenv("REGISTRY_STORAGE_S3_BACKEND", "minio") - os.Setenv("REGISTRY_STORAGE_S3_REGIONENDPOINT", fmt.Sprintf("http://%s:%s", mHost, mPort)) + os.Setenv("REGISTRY_STORAGE_S3_REGIONENDPOINT", fmt.Sprintf("http://%s", mEndpoint)) - if accesskey, err := ioutil.ReadFile("/var/run/secrets/drycc/objectstore/creds/accesskey"); err != nil { + if accesskey, err := ioutil.ReadFile("/var/run/secrets/drycc/minio/creds/accesskey"); err != nil { log.Fatal(err) } else { os.Setenv("REGISTRY_STORAGE_S3_ACCESSKEY", string(accesskey)) } - if secretkey, err := ioutil.ReadFile("/var/run/secrets/drycc/objectstore/creds/secretkey"); err != nil { + if secretkey, err := ioutil.ReadFile("/var/run/secrets/drycc/minio/creds/secretkey"); err != nil { log.Fatal(err) } else { os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", string(secretkey)) } - if bucket, err := ioutil.ReadFile("/var/run/secrets/drycc/objectstore/creds/registry-bucket"); err != nil { - log.Fatal(err) + + bucketNameFile := "/var/run/secrets/drycc/minio/creds/registry-bucket" + if _, err := os.Stat(bucketNameFile); os.IsNotExist(err) { + if bucket, err := ioutil.ReadFile(bucketNameFile); err != nil { + log.Fatal(err) + } else { + os.Setenv("REGISTRY_STORAGE_S3_BUCKET", string(bucket)) + } } else { - os.Setenv("REGISTRY_STORAGE_S3_BUCKET", string(bucket)) + os.Setenv("REGISTRY_STORAGE_S3_BUCKET", "registry") // default bucket } + os.Setenv("REGISTRY_STORAGE_S3_REGION", "us-east-1") // run /bin/create_bucket diff --git a/rootfs/bin/normalize_storage b/rootfs/bin/normalize_storage index fef58d8..fc3febd 100755 --- a/rootfs/bin/normalize_storage +++ b/rootfs/bin/normalize_storage @@ -1,11 +1,13 @@ #!/usr/bin/env sh -BUCKET_FILE="/var/run/secrets/drycc/objectstore/creds/registry-bucket" -ACCESS_KEY_FILE="/var/run/secrets/drycc/objectstore/creds/accesskey" -SECRET_KEY_FILE="/var/run/secrets/drycc/objectstore/creds/secretkey" +BUCKET_FILE="/var/run/secrets/drycc/minio/creds/registry-bucket" +ACCESS_KEY_FILE="/var/run/secrets/drycc/minio/creds/accesskey" +SECRET_KEY_FILE="/var/run/secrets/drycc/minio/creds/secretkey" if [ -f $BUCKET_FILE ]; then MINIO_BUCKET=$(cat "$BUCKET_FILE") export MINIO_BUCKET +else + export MINIO_BUCKET="registry" # default bucket fi if [ -f $ACCESS_KEY_FILE ]; then MINIO_ACCESS_KEY=$(cat "$ACCESS_KEY_FILE") @@ -16,6 +18,6 @@ if [ -f $SECRET_KEY_FILE ]; then export MINIO_SECRET_KEY fi -export MINIO_ENDPOINT=http://"${DRYCC_MINIO_SERVICE_HOST}:${DRYCC_MINIO_SERVICE_PORT}" +export MINIO_ENDPOINT=http://"${DRYCC_MINIO_ENDPOINT}" mc config host add minio "${MINIO_ENDPOINT}" "${MINIO_ACCESS_KEY}" "${MINIO_SECRET_KEY}" From cbdc008151775224d9df698719f0f5aba09530af Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 19 Apr 2022 15:44:48 +0800 Subject: [PATCH 16/69] chore(registry): https://github.com/minio/minio/issues/13799 --- charts/registry/templates/_helper.tpl | 2 +- .../templates/registry-deployment.yaml | 2 +- charts/registry/templates/registry-secret.yaml | 2 +- contrib/ci/test.sh | 4 ++-- main.go | 18 ++++++++++++------ rootfs/bin/normalize_storage | 4 ++-- 6 files changed, 19 insertions(+), 13 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 3e96d74..b296de9 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -1,7 +1,7 @@ {{- define "registry.envs" -}} {{- if eq .Values.global.minioLocation "on-cluster" }} - name: "DRYCC_MINIO_ENDPOINT" - value: ${DRYCC_MINIO_SERVICE_HOST}:${DRYCC_MINIO_SERVICE_PORT} + value: http://${DRYCC_MINIO_SERVICE_HOST}:${DRYCC_MINIO_SERVICE_PORT} {{- else }} - name: "DRYCC_MINIO_ENDPOINT" value: "{{ .Values.minio.endpoint }}" diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index fbcb918..98c3d2d 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -31,7 +31,7 @@ spec: args: - netcat - -v - - -a + - -u - $(DRYCC_MINIO_ENDPOINT) {{- include "builder.envs" . | indent 8 }} containers: diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index dd44136..dba9202 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -1,4 +1,4 @@ -{{- if ne .Values.global.registryLocation "on-cluster" }} +{{- if ne .Values.global.registryLocation "off-cluster" }} apiVersion: v1 kind: Secret metadata: diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 6b69592..93245e8 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -12,7 +12,7 @@ echo "1234567890123456789012345678901234567890" > "${CURRENT_DIR}"/tmp/aws-user/ MINIO_JOB=$(docker run -d --name minio \ -v "${CURRENT_DIR}"/tmp/aws-user:/var/run/secrets/drycc/minio/creds \ - "${DEV_REGISTRY}"/drycc/minio:canary server /data/minio/) + "${DEV_REGISTRY}"/drycc/minio:canary server /data/minio/ --console-address :9001) sleep 5 docker logs "${MINIO_JOB}" @@ -21,7 +21,7 @@ MINIO_IP=$(docker inspect --format "{{ .NetworkSettings.IPAddress }}" "${MINIO_J JOB=$(docker run --add-host minio:"${MINIO_IP}" \ -d \ - -e DRYCC_MINIO_ENDPOINT=minio:9000 \ + -e DRYCC_MINIO_ENDPOINT=http://minio:9000 \ -v "${CURRENT_DIR}"/tmp/aws-user:/var/run/secrets/drycc/minio/creds \ "$1") diff --git a/main.go b/main.go index 3bf3880..df34cbb 100644 --- a/main.go +++ b/main.go @@ -1,11 +1,13 @@ package main import ( - "fmt" "io/ioutil" "log" + "net" + "net/url" "os" "os/exec" + "strings" ) const ( @@ -17,10 +19,16 @@ const ( func main() { log.Println("INFO: Starting registry...") - mEndpoint := os.Getenv(minioEndpointEnvVar) os.Setenv("REGISTRY_STORAGE", "s3") - os.Setenv("REGISTRY_STORAGE_S3_BACKEND", "minio") - os.Setenv("REGISTRY_STORAGE_S3_REGIONENDPOINT", fmt.Sprintf("http://%s", mEndpoint)) + mEndpoint := os.Getenv(minioEndpointEnvVar) + os.Setenv("REGISTRY_STORAGE_S3_REGIONENDPOINT", mEndpoint) + region := "us-east-1" //region is required in distribution + if endpointURL, err := url.Parse(mEndpoint); err == nil { + if endpointURL.Hostname() != "" && net.ParseIP(endpointURL.Hostname()) == nil { + region = strings.Split(endpointURL.Hostname(), ".")[0] + } + } + os.Setenv("REGISTRY_STORAGE_S3_REGION", region) if accesskey, err := ioutil.ReadFile("/var/run/secrets/drycc/minio/creds/accesskey"); err != nil { log.Fatal(err) @@ -45,8 +53,6 @@ func main() { os.Setenv("REGISTRY_STORAGE_S3_BUCKET", "registry") // default bucket } - os.Setenv("REGISTRY_STORAGE_S3_REGION", "us-east-1") - // run /bin/create_bucket cmd := exec.Command("/bin/create_bucket") cmd.Stdout = os.Stdout diff --git a/rootfs/bin/normalize_storage b/rootfs/bin/normalize_storage index fc3febd..0468781 100755 --- a/rootfs/bin/normalize_storage +++ b/rootfs/bin/normalize_storage @@ -18,6 +18,6 @@ if [ -f $SECRET_KEY_FILE ]; then export MINIO_SECRET_KEY fi -export MINIO_ENDPOINT=http://"${DRYCC_MINIO_ENDPOINT}" +export MINIO_ENDPOINT="${DRYCC_MINIO_ENDPOINT}" -mc config host add minio "${MINIO_ENDPOINT}" "${MINIO_ACCESS_KEY}" "${MINIO_SECRET_KEY}" +mc config host add minio "${MINIO_ENDPOINT}" "${MINIO_ACCESS_KEY}" "${MINIO_SECRET_KEY}" --api s3v4 From 79534d90311624501510cf9af15b23d6447dd3b2 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 21 Apr 2022 14:43:15 +0800 Subject: [PATCH 17/69] chore(registry): use env replace creds volume --- Dockerfile | 6 +- charts/registry/templates/_helper.tpl | 54 ++++++++++++++++-- .../templates/registry-deployment.yaml | 10 ---- .../registry/templates/registry-secret.yaml | 17 ++++-- contrib/ci/test.sh | 22 ++++--- main.go | 57 ++++++++----------- rootfs/bin/create_bucket | 19 ------- rootfs/bin/init_registry | 26 +++++++++ rootfs/bin/normalize_storage | 23 -------- rootfs/etc/docker/registry/config.yml | 18 ------ 10 files changed, 127 insertions(+), 125 deletions(-) delete mode 100755 rootfs/bin/create_bucket create mode 100755 rootfs/bin/init_registry delete mode 100755 rootfs/bin/normalize_storage delete mode 100644 rootfs/etc/docker/registry/config.yml diff --git a/Dockerfile b/Dockerfile index 423975d..db4ace5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,15 +17,15 @@ ENV DRYCC_UID=1001 \ REGISTRY_VERSION="2.8.0" COPY rootfs/bin/ /bin/ -COPY rootfs/config-example.yml /etc/docker/registry/config.yml COPY --from=build /usr/local/bin/registry /opt/registry/bin/registry RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \ + && install-packages apache2-utils \ && install-stack jq $JQ_VERSION \ && install-stack mc $MC_VERSION \ && install-stack registry $REGISTRY_VERSION \ - && chmod +x /bin/create_bucket /bin/normalize_storage \ + && chmod +x /bin/init_registry \ && rm -rf \ /usr/share/doc \ /usr/share/man \ @@ -42,6 +42,8 @@ RUN groupadd drycc --gid ${DRYCC_GID} \ && mkdir -p /usr/share/man/man{1..8} \ && chown -R ${DRYCC_GID}:${DRYCC_UID} ${DRYCC_HOME_DIR} +COPY --chown=${DRYCC_GID}:${DRYCC_UID} rootfs/config-example.yml /opt/drycc/registry/etc/config.yml + USER ${DRYCC_UID} VOLUME ["${DRYCC_HOME_DIR}"] CMD ["/opt/registry/bin/registry"] diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index b296de9..5bca1f1 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -1,11 +1,53 @@ {{- define "registry.envs" -}} -{{- if eq .Values.global.minioLocation "on-cluster" }} +- name: REGISTRY_STORAGE_DELETE_ENABLED + value: "true" +- name: REGISTRY_LOG_LEVEL + value: info +- name: "REGISTRY_HTTP_SECRET" + valueFrom: + secretKeyRef: + name: registry-secret + key: secret +- name: "DRYCC_REGISTRY_REDIRECT" + valueFrom: + secretKeyRef: + name: registry-secret + key: redirect +- name: "DRYCC_REGISTRY_USERNAME" + valueFrom: + secretKeyRef: + name: registry-secret + key: username +- name: "DRYCC_REGISTRY_PASSWORD" + valueFrom: + secretKeyRef: + name: registry-secret + key: password +- name: "DRYCC_MINIO_LOOKUP" + valueFrom: + secretKeyRef: + name: minio-creds + key: lookup +- name: "DRYCC_MINIO_BUCKET" + valueFrom: + secretKeyRef: + name: minio-creds + key: registry-bucket - name: "DRYCC_MINIO_ENDPOINT" - value: http://${DRYCC_MINIO_SERVICE_HOST}:${DRYCC_MINIO_SERVICE_PORT} -{{- else }} -- name: "DRYCC_MINIO_ENDPOINT" - value: "{{ .Values.minio.endpoint }}" -{{- end }} + valueFrom: + secretKeyRef: + name: minio-creds + key: endpoint +- name: "DRYCC_MINIO_ACCESSKEY" + valueFrom: + secretKeyRef: + name: minio-creds + key: accesskey +- name: "DRYCC_MINIO_SECRETKEY" + valueFrom: + secretKeyRef: + name: minio-creds + key: secretkey {{- end }} {{/* Generate registry deployment limits */}} diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 98c3d2d..b9ce7cc 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -52,18 +52,11 @@ spec: port: 5000 initialDelaySeconds: 1 timeoutSeconds: 1 - env: - - name: REGISTRY_STORAGE_DELETE_ENABLED - value: "true" - - name: REGISTRY_LOG_LEVEL - value: info ports: - containerPort: 5000 volumeMounts: - name: registry-storage mountPath: /var/lib/registry - - name: minio-creds - mountPath: /var/run/secrets/drycc/minio/creds securityContext: fsGroup: 1001 runAsGroup: 1001 @@ -71,7 +64,4 @@ spec: volumes: - name: registry-storage emptyDir: {} - - name: minio-creds - secret: - secretName: minio-creds {{- end }} diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index dba9202..cfeb1f7 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -1,4 +1,4 @@ -{{- if ne .Values.global.registryLocation "off-cluster" }} + apiVersion: v1 kind: Secret metadata: @@ -9,8 +9,13 @@ metadata: drycc.cc/registry-location: "{{ .Values.global.registryLocation }}" type: Opaque data: - hostname: {{ .Values.registry.hostname | b64enc }} - organization: {{ .Values.registry.organization | b64enc }} - username: {{ .Values.registry.username | b64enc }} - password: {{ .Values.registry.password | b64enc }} -{{- end }} + {{- if ne .Values.global.registryLocation "on-cluster" }} + host: {{ print "drycc-registry" .Release.Namespace ".svc." .Values.global.clusterDomain | b64enc }} + secret: {{ randAlphaNum 32 | b64enc }} + {{- else }} + host: {{ .Values.host | b64enc }} + organization: {{ .Values.organization | b64enc }} + {{- end }} + username: {{ if .Values.username | default "" | ne "" }}{{ .Values.username | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} + password: {{ if .Values.password | default "" | ne "" }}{{ .Values.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} + redirect: {{ .Values.redirect | b64enc }} diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 93245e8..dd3ebd4 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -2,16 +2,12 @@ set -eoxf pipefail -CURRENT_DIR=$(cd "$(dirname "$0")"; pwd) - -mkdir -p "${CURRENT_DIR}"/tmp/aws-user -echo "us-east-1" > "${CURRENT_DIR}"/tmp/aws-user/region -echo "registry-bucket" > "${CURRENT_DIR}"/tmp/aws-user/registry-bucket -echo "1234567890123456789012345678901234567890" > "${CURRENT_DIR}"/tmp/aws-user/accesskey -echo "1234567890123456789012345678901234567890" > "${CURRENT_DIR}"/tmp/aws-user/secretkey +s3Accesskey=drycc +s3Secretkey=123456789 MINIO_JOB=$(docker run -d --name minio \ - -v "${CURRENT_DIR}"/tmp/aws-user:/var/run/secrets/drycc/minio/creds \ + -e DRYCC_MINIO_ACCESSKEY=$s3Accesskey \ + -e DRYCC_MINIO_SECRETKEY=$s3Secretkey \ "${DEV_REGISTRY}"/drycc/minio:canary server /data/minio/ --console-address :9001) sleep 5 @@ -21,8 +17,16 @@ MINIO_IP=$(docker inspect --format "{{ .NetworkSettings.IPAddress }}" "${MINIO_J JOB=$(docker run --add-host minio:"${MINIO_IP}" \ -d \ + -p 5000:5000 \ + -e REGISTRY_HTTP_SECRET=drycc \ + -e DRYCC_REGISTRY_REDIRECT=false \ + -e DRYCC_REGISTRY_USERNAME=admin \ + -e DRYCC_REGISTRY_PASSWORD=admin \ + -e DRYCC_MINIO_LOOKUP=path \ + -e DRYCC_MINIO_BUCKET=registry \ -e DRYCC_MINIO_ENDPOINT=http://minio:9000 \ - -v "${CURRENT_DIR}"/tmp/aws-user:/var/run/secrets/drycc/minio/creds \ + -e DRYCC_MINIO_ACCESSKEY=$s3Accesskey \ + -e DRYCC_MINIO_SECRETKEY=$s3Secretkey \ "$1") # let the registry run for a few seconds diff --git a/main.go b/main.go index df34cbb..0a5f621 100644 --- a/main.go +++ b/main.go @@ -1,7 +1,6 @@ package main import ( - "io/ioutil" "log" "net" "net/url" @@ -11,10 +10,16 @@ import ( ) const ( - registryBinary = "/opt/drycc/registry/bin/registry" - registryConfig = "/etc/docker/registry/config.yml" - minioEndpointEnvVar = "DRYCC_MINIO_ENDPOINT" - command = "serve" + registryBinary = "/opt/drycc/registry/bin/registry" + registryConfig = "/opt/drycc/registry/etc/config.yml" + registryHtpasswd = "/opt/drycc/registry/etc/htpasswd" + registryRedirectEnvVar = "DRYCC_REGISTRY_REDIRECT" + minioLookupEnvVar = "DRYCC_MINIO_LOOKUP" + minioBucketEnvVar = "DRYCC_MINIO_BUCKET" + minioEndpointEnvVar = "DRYCC_MINIO_ENDPOINT" + minioAccesskeyEnvVar = "DRYCC_MINIO_ACCESSKEY" + minioSecretkeyEnvVar = "DRYCC_MINIO_SECRETKEY" + command = "serve" ) func main() { @@ -22,6 +27,7 @@ func main() { os.Setenv("REGISTRY_STORAGE", "s3") mEndpoint := os.Getenv(minioEndpointEnvVar) os.Setenv("REGISTRY_STORAGE_S3_REGIONENDPOINT", mEndpoint) + region := "us-east-1" //region is required in distribution if endpointURL, err := url.Parse(mEndpoint); err == nil { if endpointURL.Hostname() != "" && net.ParseIP(endpointURL.Hostname()) == nil { @@ -30,31 +36,26 @@ func main() { } os.Setenv("REGISTRY_STORAGE_S3_REGION", region) - if accesskey, err := ioutil.ReadFile("/var/run/secrets/drycc/minio/creds/accesskey"); err != nil { - log.Fatal(err) - } else { - os.Setenv("REGISTRY_STORAGE_S3_ACCESSKEY", string(accesskey)) - } + os.Setenv("REGISTRY_STORAGE_S3_ACCESSKEY", os.Getenv(minioAccesskeyEnvVar)) + os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", os.Getenv(minioSecretkeyEnvVar)) + os.Setenv("REGISTRY_STORAGE_S3_BUCKET", os.Getenv(minioBucketEnvVar)) + os.Setenv("REGISTRY_STORAGE_S3_ROOTDIRECTORY", "/registry") - if secretkey, err := ioutil.ReadFile("/var/run/secrets/drycc/minio/creds/secretkey"); err != nil { - log.Fatal(err) - } else { - os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", string(secretkey)) + if os.Getenv(minioLookupEnvVar) == "path" { + os.Setenv("REGISTRY_STORAGE_S3_FORCEPATHSTYLE", "true") } - bucketNameFile := "/var/run/secrets/drycc/minio/creds/registry-bucket" - if _, err := os.Stat(bucketNameFile); os.IsNotExist(err) { - if bucket, err := ioutil.ReadFile(bucketNameFile); err != nil { - log.Fatal(err) - } else { - os.Setenv("REGISTRY_STORAGE_S3_BUCKET", string(bucket)) - } + if os.Getenv(registryRedirectEnvVar) == "true" { + os.Setenv("REGISTRY_STORAGE_REDIRECT_DISABLE", "false") } else { - os.Setenv("REGISTRY_STORAGE_S3_BUCKET", "registry") // default bucket + os.Setenv("REGISTRY_STORAGE_REDIRECT_DISABLE", "true") } - // run /bin/create_bucket - cmd := exec.Command("/bin/create_bucket") + // run /bin/init_registry + os.Setenv("REGISTRY_AUTH", "htpasswd") + os.Setenv("REGISTRY_AUTH_HTPASSWD_REALM", "basic-realm") + os.Setenv("REGISTRY_AUTH_HTPASSWD_PATH", registryHtpasswd) + cmd := exec.Command("/bin/init_registry") cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr if err := cmd.Run(); err != nil { @@ -69,11 +70,3 @@ func main() { } log.Println("INFO: registry started.") } - -func getenv(name, dfault string) string { - value := os.Getenv(name) - if value == "" { - value = dfault - } - return value -} diff --git a/rootfs/bin/create_bucket b/rootfs/bin/create_bucket deleted file mode 100755 index 196a744..0000000 --- a/rootfs/bin/create_bucket +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# shellcheck disable=SC1091 -source /bin/normalize_storage - -has_bucket(){ - mc ls minio -json|jq -r '.key'|grep -w "${MINIO_BUCKET}" -} - -if [ -z "$(has_bucket)" ] ;then - mc mb minio/"${MINIO_BUCKET}" - if [ -z "$(has_bucket)" ] ;then - echo "create bucket ${MINIO_BUCKET} error" - exit 1 - fi -fi -echo "create bucket ${MINIO_BUCKET} success" diff --git a/rootfs/bin/init_registry b/rootfs/bin/init_registry new file mode 100755 index 0000000..a3dc245 --- /dev/null +++ b/rootfs/bin/init_registry @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +set -e + +mc config host add minio \ + "${DRYCC_MINIO_ENDPOINT}" \ + "${DRYCC_MINIO_ACCESSKEY}" \ + "${DRYCC_MINIO_SECRETKEY}" \ + --lookup "${DRYCC_MINIO_LOOKUP}" \ + --api s3v4 + +has_bucket(){ + mc ls minio -json|jq -r '.key'|grep -w "${DRYCC_MINIO_BUCKET}" +} + +if [ -z "$(has_bucket)" ] ;then + mc mb minio/"${DRYCC_MINIO_BUCKET}" + if [ -z "$(has_bucket)" ] ;then + echo "create bucket ${DRYCC_MINIO_BUCKET} error" + exit 1 + fi +fi +echo "create bucket ${DRYCC_MINIO_BUCKET} success" + +htpasswd -Bbn "${DRYCC_REGISTRY_USERNAME}" "${DRYCC_REGISTRY_PASSWORD}" > "${REGISTRY_AUTH_HTPASSWD_PATH}" +echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" \ No newline at end of file diff --git a/rootfs/bin/normalize_storage b/rootfs/bin/normalize_storage deleted file mode 100755 index 0468781..0000000 --- a/rootfs/bin/normalize_storage +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env sh -BUCKET_FILE="/var/run/secrets/drycc/minio/creds/registry-bucket" -ACCESS_KEY_FILE="/var/run/secrets/drycc/minio/creds/accesskey" -SECRET_KEY_FILE="/var/run/secrets/drycc/minio/creds/secretkey" - -if [ -f $BUCKET_FILE ]; then - MINIO_BUCKET=$(cat "$BUCKET_FILE") - export MINIO_BUCKET -else - export MINIO_BUCKET="registry" # default bucket -fi -if [ -f $ACCESS_KEY_FILE ]; then - MINIO_ACCESS_KEY=$(cat "$ACCESS_KEY_FILE") - export MINIO_ACCESS_KEY -fi -if [ -f $SECRET_KEY_FILE ]; then - MINIO_SECRET_KEY=$(cat "$SECRET_KEY_FILE") - export MINIO_SECRET_KEY -fi - -export MINIO_ENDPOINT="${DRYCC_MINIO_ENDPOINT}" - -mc config host add minio "${MINIO_ENDPOINT}" "${MINIO_ACCESS_KEY}" "${MINIO_SECRET_KEY}" --api s3v4 diff --git a/rootfs/etc/docker/registry/config.yml b/rootfs/etc/docker/registry/config.yml deleted file mode 100644 index b5700e1..0000000 --- a/rootfs/etc/docker/registry/config.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: 0.1 -log: - fields: - service: registry -storage: - cache: - blobdescriptor: inmemory - filesystem: - rootdirectory: /var/lib/registry -http: - addr: :5000 - headers: - X-Content-Type-Options: [nosniff] -health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 From a426676676058e2e5a4fe7f03a427b2cbf92c897 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sat, 23 Apr 2022 00:03:11 +0800 Subject: [PATCH 18/69] feat(registry): add garbage-collect cronjob --- Dockerfile | 1 + charts/registry/templates/_helper.tpl | 3 +- .../templates/registry-cronjob-daily.yaml | 44 +++++++++++++++++++ .../templates/registry-deployment.yaml | 10 ++--- .../registry/templates/registry-secret.yaml | 5 +-- charts/registry/values.yaml | 1 + main.go | 10 +++-- 7 files changed, 62 insertions(+), 12 deletions(-) create mode 100644 charts/registry/templates/registry-cronjob-daily.yaml diff --git a/Dockerfile b/Dockerfile index db4ace5..7c3be2d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,6 +43,7 @@ RUN groupadd drycc --gid ${DRYCC_GID} \ && chown -R ${DRYCC_GID}:${DRYCC_UID} ${DRYCC_HOME_DIR} COPY --chown=${DRYCC_GID}:${DRYCC_UID} rootfs/config-example.yml /opt/drycc/registry/etc/config.yml +ENV DRYCC_REGISTRY_CONFIG /opt/drycc/registry/etc/config.yml USER ${DRYCC_UID} VOLUME ["${DRYCC_HOME_DIR}"] diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 5bca1f1..a0dc773 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -1,4 +1,5 @@ -{{- define "registry.envs" -}} +{{- define "registry.envs" }} +env: - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_LOG_LEVEL diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml new file mode 100644 index 0000000..89de01d --- /dev/null +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -0,0 +1,44 @@ +{{- if eq .Values.global.registryLocation "on-cluster" }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: drycc-registry-cronjob-daily + labels: + heritage: drycc + annotations: + component.drycc.cc/version: {{ .Values.imageTag }} +spec: + schedule: "0 0 * * *" + concurrencyPolicy: {{ .Values.concurrencyPolicy }} + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + serviceAccount: drycc-controller + initContainers: + - name: drycc-registry-init + image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest + imagePullPolicy: {{.Values.imagePullPolicy}} + args: + - netcat + - -v + - -u + - $(DRYCC_MINIO_ENDPOINT) + {{- include "builder.envs" . | indent 12 }} + containers: + - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} + imagePullPolicy: {{.Values.imagePullPolicy}} + name: drycc-registry-garbage-collect + args: + - /bin/bash + - -c + - /opt/registry/bin/registry + - garbage-collect + - $(DRYCC_REGISTRY_CONFIG) + - --dry-run + - --delete-untagged + {{- include "builder.envs" . | indent 12 }} +{{- end }} diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index b9ce7cc..a3e07fa 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -33,22 +33,22 @@ spec: - -v - -u - $(DRYCC_MINIO_ENDPOINT) - {{- include "builder.envs" . | indent 8 }} + {{- include "registry.envs" . | indent 8 }} containers: - name: drycc-registry image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} imagePullPolicy: {{.Values.imagePullPolicy}} - {{- include "builder.limits" . | indent 8 }} - {{- include "builder.envs" . | indent 8 }} + {{- include "registry.limits" . | indent 8 }} + {{- include "registry.envs" . | indent 8 }} livenessProbe: httpGet: - path: /v2/ + path: / port: 5000 initialDelaySeconds: 1 timeoutSeconds: 1 readinessProbe: httpGet: - path: /v2/ + path: / port: 5000 initialDelaySeconds: 1 timeoutSeconds: 1 diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index cfeb1f7..ce46a36 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -1,4 +1,3 @@ - apiVersion: v1 kind: Secret metadata: @@ -9,8 +8,8 @@ metadata: drycc.cc/registry-location: "{{ .Values.global.registryLocation }}" type: Opaque data: - {{- if ne .Values.global.registryLocation "on-cluster" }} - host: {{ print "drycc-registry" .Release.Namespace ".svc." .Values.global.clusterDomain | b64enc }} + {{- if eq .Values.global.registryLocation "on-cluster" }} + host: {{ printf "drycc-registry.%s.svc.%s:80" .Release.Namespace .Values.global.clusterDomain | b64enc }} secret: {{ randAlphaNum 32 | b64enc }} {{- else }} host: {{ .Values.host | b64enc }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 22a3da8..297226b 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -4,6 +4,7 @@ imageTag: "canary" imageRegistry: "registry.drycc.cc" # limitsCpu: "100m" # limitsMemory: "50Mi" +concurrencyPolicy: "Replace" # Service service: diff --git a/main.go b/main.go index 0a5f621..a6ec645 100644 --- a/main.go +++ b/main.go @@ -11,15 +11,15 @@ import ( const ( registryBinary = "/opt/drycc/registry/bin/registry" - registryConfig = "/opt/drycc/registry/etc/config.yml" registryHtpasswd = "/opt/drycc/registry/etc/htpasswd" + registryConfigEnvVar = "DRYCC_REGISTRY_CONFIG" registryRedirectEnvVar = "DRYCC_REGISTRY_REDIRECT" minioLookupEnvVar = "DRYCC_MINIO_LOOKUP" minioBucketEnvVar = "DRYCC_MINIO_BUCKET" minioEndpointEnvVar = "DRYCC_MINIO_ENDPOINT" minioAccesskeyEnvVar = "DRYCC_MINIO_ACCESSKEY" minioSecretkeyEnvVar = "DRYCC_MINIO_SECRETKEY" - command = "serve" + defaultCommand = "serve" ) func main() { @@ -61,8 +61,12 @@ func main() { if err := cmd.Run(); err != nil { log.Fatal("Error creating the registry bucket: ", err) } + if len(os.Args) > 1 { + cmd = exec.Command(registryBinary, os.Args[1:]...) + } else { + cmd = exec.Command(registryBinary, defaultCommand, os.Getenv(registryConfigEnvVar)) + } - cmd = exec.Command(registryBinary, command, registryConfig) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr if err := cmd.Run(); err != nil { From 9bafd4d8a1e7ee558d063f1126825f6126310e8e Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 22 Jun 2022 17:14:15 +0800 Subject: [PATCH 19/69] chore(registry): fine management affinity --- charts/registry/Chart.yaml | 2 +- .../templates/registry-deployment.yaml | 5 ++++- charts/registry/values.yaml | 18 ++++++++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index f745f81..8fb5b39 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -9,4 +9,4 @@ description: Docker registry for Drycc Workflow. maintainers: - name: Drycc Team email: engineering@drycc.com -version: v1.0.0 +version: v1.1.0 diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index a3e07fa..4b5fbc6 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -22,7 +22,10 @@ spec: labels: app: drycc-registry spec: - {{- include "common.affinities.pods.soft" (dict "key" "app" "values" (list "drycc-registry")) | indent 6 }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset.type "key" .Values.podAffinityPreset.key "values" .Values.podAffinityPreset.values ) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset.type "key" .Values.podAntiAffinityPreset.key "values" .Values.podAntiAffinityPreset.values ) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values ) | nindent 10 }} serviceAccount: drycc-registry initContainers: - name: drycc-registry-init diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 297226b..0eaac3e 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -4,6 +4,24 @@ imageTag: "canary" imageRegistry: "registry.drycc.cc" # limitsCpu: "100m" # limitsMemory: "50Mi" +nodeAffinityPreset: + key: "drycc.cc/node" + type: "soft" + values: + - "true" + +podAffinityPreset: + key: "security" + type: "" + values: + - "drycc-security" + +podAntiAffinityPreset: + key: "app" + type: "soft" + values: + - "drycc-registry" + concurrencyPolicy: "Replace" # Service From 2e6024734d998a9e40d71c9b05fe16e5068cadbe Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 18 Jul 2022 13:32:09 +0800 Subject: [PATCH 20/69] chore(registry): change minio to storage --- .gitignore | 1 + charts/registry/templates/_helper.tpl | 20 +++++++------- .../templates/registry-cronjob-daily.yaml | 2 +- .../templates/registry-deployment.yaml | 2 +- contrib/ci/test.sh | 26 +++++++++---------- main.go | 20 +++++++------- rootfs/bin/init_registry | 18 ++++++------- 7 files changed, 45 insertions(+), 44 deletions(-) diff --git a/.gitignore b/.gitignore index 5ed5b3e..1b73338 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ rootfs/opt/ contrib/ci/tmp/ +.vscode/ diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index a0dc773..a4e066b 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -24,30 +24,30 @@ env: secretKeyRef: name: registry-secret key: password -- name: "DRYCC_MINIO_LOOKUP" +- name: "DRYCC_STORAGE_LOOKUP" valueFrom: secretKeyRef: - name: minio-creds + name: storage-creds key: lookup -- name: "DRYCC_MINIO_BUCKET" +- name: "DRYCC_STORAGE_BUCKET" valueFrom: secretKeyRef: - name: minio-creds + name: storage-creds key: registry-bucket -- name: "DRYCC_MINIO_ENDPOINT" +- name: "DRYCC_STORAGE_ENDPOINT" valueFrom: secretKeyRef: - name: minio-creds + name: storage-creds key: endpoint -- name: "DRYCC_MINIO_ACCESSKEY" +- name: "DRYCC_STORAGE_ACCESSKEY" valueFrom: secretKeyRef: - name: minio-creds + name: storage-creds key: accesskey -- name: "DRYCC_MINIO_SECRETKEY" +- name: "DRYCC_STORAGE_SECRETKEY" valueFrom: secretKeyRef: - name: minio-creds + name: storage-creds key: secretkey {{- end }} diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index 89de01d..30f9d3f 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -26,7 +26,7 @@ spec: - netcat - -v - -u - - $(DRYCC_MINIO_ENDPOINT) + - $(DRYCC_STORAGE_ENDPOINT) {{- include "builder.envs" . | indent 12 }} containers: - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 4b5fbc6..c40094b 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -35,7 +35,7 @@ spec: - netcat - -v - -u - - $(DRYCC_MINIO_ENDPOINT) + - $(DRYCC_STORAGE_ENDPOINT) {{- include "registry.envs" . | indent 8 }} containers: - name: drycc-registry diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index dd3ebd4..811649f 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -5,28 +5,28 @@ set -eoxf pipefail s3Accesskey=drycc s3Secretkey=123456789 -MINIO_JOB=$(docker run -d --name minio \ - -e DRYCC_MINIO_ACCESSKEY=$s3Accesskey \ - -e DRYCC_MINIO_SECRETKEY=$s3Secretkey \ - "${DEV_REGISTRY}"/drycc/minio:canary server /data/minio/ --console-address :9001) +STORAGE_JOB=$(docker run -d --name storage \ + -e DRYCC_STORAGE_ACCESSKEY=$s3Accesskey \ + -e DRYCC_STORAGE_SECRETKEY=$s3Secretkey \ + "${DEV_REGISTRY}"/drycc/storage:canary server /data/storage/ --console-address :9001) sleep 5 -docker logs "${MINIO_JOB}" +docker logs "${STORAGE_JOB}" -MINIO_IP=$(docker inspect --format "{{ .NetworkSettings.IPAddress }}" "${MINIO_JOB}") +STORAGE_IP=$(docker inspect --format "{{ .NetworkSettings.IPAddress }}" "${STORAGE_JOB}") -JOB=$(docker run --add-host minio:"${MINIO_IP}" \ +JOB=$(docker run --add-host storage:"${STORAGE_IP}" \ -d \ -p 5000:5000 \ -e REGISTRY_HTTP_SECRET=drycc \ -e DRYCC_REGISTRY_REDIRECT=false \ -e DRYCC_REGISTRY_USERNAME=admin \ -e DRYCC_REGISTRY_PASSWORD=admin \ - -e DRYCC_MINIO_LOOKUP=path \ - -e DRYCC_MINIO_BUCKET=registry \ - -e DRYCC_MINIO_ENDPOINT=http://minio:9000 \ - -e DRYCC_MINIO_ACCESSKEY=$s3Accesskey \ - -e DRYCC_MINIO_SECRETKEY=$s3Secretkey \ + -e DRYCC_STORAGE_LOOKUP=path \ + -e DRYCC_STORAGE_BUCKET=registry \ + -e DRYCC_STORAGE_ENDPOINT=http://storage:9000 \ + -e DRYCC_STORAGE_ACCESSKEY=$s3Accesskey \ + -e DRYCC_STORAGE_SECRETKEY=$s3Secretkey \ "$1") # let the registry run for a few seconds @@ -34,4 +34,4 @@ sleep 5 # check that the registry is still up docker logs "${JOB}" docker ps -q --no-trunc=true | grep "${JOB}" -docker rm -f "${JOB}" "${MINIO_JOB}" +docker rm -f "${JOB}" "${STORAGE_JOB}" diff --git a/main.go b/main.go index a6ec645..4488ee9 100644 --- a/main.go +++ b/main.go @@ -14,18 +14,18 @@ const ( registryHtpasswd = "/opt/drycc/registry/etc/htpasswd" registryConfigEnvVar = "DRYCC_REGISTRY_CONFIG" registryRedirectEnvVar = "DRYCC_REGISTRY_REDIRECT" - minioLookupEnvVar = "DRYCC_MINIO_LOOKUP" - minioBucketEnvVar = "DRYCC_MINIO_BUCKET" - minioEndpointEnvVar = "DRYCC_MINIO_ENDPOINT" - minioAccesskeyEnvVar = "DRYCC_MINIO_ACCESSKEY" - minioSecretkeyEnvVar = "DRYCC_MINIO_SECRETKEY" + storageLookupEnvVar = "DRYCC_STORAGE_LOOKUP" + storageBucketEnvVar = "DRYCC_STORAGE_BUCKET" + storageEndpointEnvVar = "DRYCC_STORAGE_ENDPOINT" + storageAccesskeyEnvVar = "DRYCC_STORAGE_ACCESSKEY" + storageSecretkeyEnvVar = "DRYCC_STORAGE_SECRETKEY" defaultCommand = "serve" ) func main() { log.Println("INFO: Starting registry...") os.Setenv("REGISTRY_STORAGE", "s3") - mEndpoint := os.Getenv(minioEndpointEnvVar) + mEndpoint := os.Getenv(storageEndpointEnvVar) os.Setenv("REGISTRY_STORAGE_S3_REGIONENDPOINT", mEndpoint) region := "us-east-1" //region is required in distribution @@ -36,12 +36,12 @@ func main() { } os.Setenv("REGISTRY_STORAGE_S3_REGION", region) - os.Setenv("REGISTRY_STORAGE_S3_ACCESSKEY", os.Getenv(minioAccesskeyEnvVar)) - os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", os.Getenv(minioSecretkeyEnvVar)) - os.Setenv("REGISTRY_STORAGE_S3_BUCKET", os.Getenv(minioBucketEnvVar)) + os.Setenv("REGISTRY_STORAGE_S3_ACCESSKEY", os.Getenv(storageAccesskeyEnvVar)) + os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", os.Getenv(storageSecretkeyEnvVar)) + os.Setenv("REGISTRY_STORAGE_S3_BUCKET", os.Getenv(storageBucketEnvVar)) os.Setenv("REGISTRY_STORAGE_S3_ROOTDIRECTORY", "/registry") - if os.Getenv(minioLookupEnvVar) == "path" { + if os.Getenv(storageLookupEnvVar) == "path" { os.Setenv("REGISTRY_STORAGE_S3_FORCEPATHSTYLE", "true") } diff --git a/rootfs/bin/init_registry b/rootfs/bin/init_registry index a3dc245..a3a6041 100755 --- a/rootfs/bin/init_registry +++ b/rootfs/bin/init_registry @@ -2,25 +2,25 @@ set -e -mc config host add minio \ - "${DRYCC_MINIO_ENDPOINT}" \ - "${DRYCC_MINIO_ACCESSKEY}" \ - "${DRYCC_MINIO_SECRETKEY}" \ - --lookup "${DRYCC_MINIO_LOOKUP}" \ +mc config host add storage \ + "${DRYCC_STORAGE_ENDPOINT}" \ + "${DRYCC_STORAGE_ACCESSKEY}" \ + "${DRYCC_STORAGE_SECRETKEY}" \ + --lookup "${DRYCC_STORAGE_LOOKUP}" \ --api s3v4 has_bucket(){ - mc ls minio -json|jq -r '.key'|grep -w "${DRYCC_MINIO_BUCKET}" + mc ls storage -json|jq -r '.key'|grep -w "${DRYCC_STORAGE_BUCKET}" } if [ -z "$(has_bucket)" ] ;then - mc mb minio/"${DRYCC_MINIO_BUCKET}" + mc mb storage/"${DRYCC_STORAGE_BUCKET}" if [ -z "$(has_bucket)" ] ;then - echo "create bucket ${DRYCC_MINIO_BUCKET} error" + echo "create bucket ${DRYCC_STORAGE_BUCKET} error" exit 1 fi fi -echo "create bucket ${DRYCC_MINIO_BUCKET} success" +echo "create bucket ${DRYCC_STORAGE_BUCKET} success" htpasswd -Bbn "${DRYCC_REGISTRY_USERNAME}" "${DRYCC_REGISTRY_PASSWORD}" > "${REGISTRY_AUTH_HTPASSWD_PATH}" echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" \ No newline at end of file From 1035789b916e68f5aa088890104da6498471d731 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 9 Aug 2022 10:43:26 +0800 Subject: [PATCH 21/69] chore(registry): add check storage health --- charts/registry/templates/_helper.tpl | 5 +++++ charts/registry/templates/registry-deployment.yaml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index a4e066b..df13657 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -29,6 +29,11 @@ env: secretKeyRef: name: storage-creds key: lookup +- name: "DRYCC_STORAGE_HEALTH" + valueFrom: + secretKeyRef: + name: storage-creds + key: health - name: "DRYCC_STORAGE_BUCKET" valueFrom: secretKeyRef: diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index c40094b..65f4770 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -35,7 +35,7 @@ spec: - netcat - -v - -u - - $(DRYCC_STORAGE_ENDPOINT) + - $(DRYCC_STORAGE_HEALTH) {{- include "registry.envs" . | indent 8 }} containers: - name: drycc-registry From 28fe7203751ad650dad048e1701b9eb17ad5eb91 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 9 Aug 2022 11:46:24 +0800 Subject: [PATCH 22/69] fix(registry): storage run error --- charts/registry/templates/registry-deployment.yaml | 2 +- contrib/ci/test.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 65f4770..f5fd446 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -34,7 +34,7 @@ spec: args: - netcat - -v - - -u + - -g - $(DRYCC_STORAGE_HEALTH) {{- include "registry.envs" . | indent 8 }} containers: diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 811649f..dc59be0 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -8,7 +8,7 @@ s3Secretkey=123456789 STORAGE_JOB=$(docker run -d --name storage \ -e DRYCC_STORAGE_ACCESSKEY=$s3Accesskey \ -e DRYCC_STORAGE_SECRETKEY=$s3Secretkey \ - "${DEV_REGISTRY}"/drycc/storage:canary server /data/storage/ --console-address :9001) + "${DEV_REGISTRY}"/drycc/storage:canary minio server /data/storage/ --console-address :9001) sleep 5 docker logs "${STORAGE_JOB}" From e69ea0bca278b500235725b6fbd9b0d02c89fae1 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 10 Aug 2022 23:31:59 +0800 Subject: [PATCH 23/69] chore(registry): change probe --- .../templates/registry-deployment.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index f5fd446..d81e6bf 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -43,18 +43,32 @@ spec: imagePullPolicy: {{.Values.imagePullPolicy}} {{- include "registry.limits" . | indent 8 }} {{- include "registry.envs" . | indent 8 }} + startupProbe: + tcpSocket: + port: 5000 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 livenessProbe: httpGet: path: / port: 5000 - initialDelaySeconds: 1 + initialDelaySeconds: 30 + periodSeconds: 5 timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 readinessProbe: httpGet: path: / port: 5000 - initialDelaySeconds: 1 + initialDelaySeconds: 30 + periodSeconds: 5 timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 ports: - containerPort: 5000 volumeMounts: From a854071f38b6e5b25c99201a049d05556374118f Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 11 Aug 2022 11:36:29 +0800 Subject: [PATCH 24/69] chore(registry): add replicas --- charts/registry/templates/registry-deployment.yaml | 2 +- charts/registry/values.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index d81e6bf..e1bdcae 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -8,7 +8,7 @@ metadata: annotations: component.drycc.cc/version: {{ .Values.imageTag }} spec: - replicas: 1 + replicas: {{ .Values.replicas }} strategy: rollingUpdate: maxSurge: 1 diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 0eaac3e..5997f66 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -22,6 +22,9 @@ podAntiAffinityPreset: values: - "drycc-registry" +# registry replicas +replicas: 1 + concurrencyPolicy: "Replace" # Service From d583398d71fd98faba1ea0d1d625ad6645e91629 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 30 Aug 2022 13:15:02 +0800 Subject: [PATCH 25/69] chore(registry): upgrade to mc 2022.08.28.20.08.11 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7c3be2d..72f8611 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.6" \ - MC_VERSION="2022.04.01.23.44.48" \ + MC_VERSION="2022.08.28.20.08.11" \ REGISTRY_VERSION="2.8.0" COPY rootfs/bin/ /bin/ From ee19d167bd3c2fb8d55c0a777e423d7ec06834a2 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 31 Aug 2022 16:07:59 +0800 Subject: [PATCH 26/69] fix(registry): chown uid gid order --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 72f8611..f7f96d2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,9 +40,9 @@ RUN groupadd drycc --gid ${DRYCC_GID} \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \ && mkdir -p /usr/share/man/man{1..8} \ - && chown -R ${DRYCC_GID}:${DRYCC_UID} ${DRYCC_HOME_DIR} + && chown -R ${DRYCC_UID}:${DRYCC_GID} ${DRYCC_HOME_DIR} -COPY --chown=${DRYCC_GID}:${DRYCC_UID} rootfs/config-example.yml /opt/drycc/registry/etc/config.yml +COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/config-example.yml /opt/drycc/registry/etc/config.yml ENV DRYCC_REGISTRY_CONFIG /opt/drycc/registry/etc/config.yml USER ${DRYCC_UID} From 9528f6f43167bc8e56234ed186dbae826bbbf47e Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 1 Sep 2022 17:04:12 +0800 Subject: [PATCH 27/69] feat(registry): switch charts to oci --- .drone/drone.yml | 17 +++++++++-------- charts/registry/Chart.yaml | 4 ++-- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/.drone/drone.yml b/.drone/drone.yml index c916554..b7a9989 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -123,15 +123,16 @@ steps: commands: - IMAGE_TAG=$([ ! -z $DRONE_TAG ] && echo ${DRONE_TAG:1} || echo \"canary\") - sed -i "s/imageTag:\ \"canary\"/imageTag:\ $IMAGE_TAG/g" charts/registry/values.yaml - - helm package -u charts/registry --version ${DRONE_TAG:-v1.0.0} - - curl -u $CHARTMUSEUM_USERNAME:$CHARTMUSEUM_PASSWORD -F chart=@registry-${DRONE_TAG:-v1.0.0}.tgz "$CHARTMUSEUM_API/api/$([ -z $DRONE_TAG ] && echo testing || echo stable)/charts" + - helm package -u charts/registry --version $([ -z $DRONE_TAG ] && echo 1.0.0 || echo ${DRONE_TAG#v}) + - echo $CONTAINER_PASSWORD | helm registry login $DRYCC_REGISTRY -u $CONTAINER_USERNAME --password-stdin + - helm push registry-$([ -z $DRONE_TAG ] && echo 1.0.0 || echo ${DRONE_TAG#v}).tgz oci://$DRYCC_REGISTRY/$([ -z $DRONE_TAG ] && echo charts-testing || echo charts) environment: - CHARTMUSEUM_USERNAME: - from_secret: chartmuseum_username - CHARTMUSEUM_PASSWORD: - from_secret: chartmuseum_password - CHARTMUSEUM_API: - from_secret: chartmuseum_api + DRYCC_REGISTRY: + from_secret: drycc_registry + CONTAINER_USERNAME: + from_secret: container_username + CONTAINER_PASSWORD: + from_secret: container_password when: event: - push diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index 8fb5b39..733f9f4 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -3,8 +3,8 @@ home: https://github.com/drycc/registry apiVersion: v2 dependencies: - name: common - repository: https://charts.drycc.cc/stable - version: 1.x.x + repository: oci://registry.drycc.cc/charts + version: ~1.1.1 description: Docker registry for Drycc Workflow. maintainers: - name: Drycc Team From ad589c0cdcae85c0a71583856aacbbb7a9f5181c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 13 Feb 2023 14:46:59 +0800 Subject: [PATCH 28/69] chore(registry): use woodpecker replace drone --- .drone/drone.yml | 139 ------------------------------------ .drone/manifest.tmpl | 18 ----- .woodpecker/build-linux.yml | 29 ++++++++ .woodpecker/chart.yaml | 28 ++++++++ .woodpecker/manifest.tmpl | 18 +++++ .woodpecker/manifest.yml | 38 ++++++++++ .woodpecker/test-linux.yml | 21 ++++++ Makefile | 2 +- 8 files changed, 135 insertions(+), 158 deletions(-) delete mode 100644 .drone/drone.yml delete mode 100644 .drone/manifest.tmpl create mode 100644 .woodpecker/build-linux.yml create mode 100644 .woodpecker/chart.yaml create mode 100644 .woodpecker/manifest.tmpl create mode 100644 .woodpecker/manifest.yml create mode 100644 .woodpecker/test-linux.yml diff --git a/.drone/drone.yml b/.drone/drone.yml deleted file mode 100644 index b7a9989..0000000 --- a/.drone/drone.yml +++ /dev/null @@ -1,139 +0,0 @@ -kind: pipeline -type: exec -name: linux-amd64 - -platform: - arch: amd64 - os: linux - -steps: -- name: test - commands: - - mkdir -p $HOMEPATH/.docker; echo $IMAGE_PULL_SECRETS > $HOMEPATH/.docker/config.json - - make docker-build test - environment: - VERSION: ${DRONE_TAG:-latest}-linux-amd64 - DEV_REGISTRY: - from_secret: dev_registry - DRYCC_REGISTRY: - from_secret: drycc_registry - IMAGE_PULL_SECRETS: - from_secret: container_pull_secrets - when: - event: - - push - - tag - - pull_request - -- name: publish - commands: - - echo $CONTAINER_PASSWORD | docker login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - - make docker-build docker-immutable-push - environment: - VERSION: ${DRONE_TAG:-latest}-linux-amd64 - DEV_REGISTRY: - from_secret: dev_registry - DRYCC_REGISTRY: - from_secret: drycc_registry - CONTAINER_USERNAME: - from_secret: container_username - CONTAINER_PASSWORD: - from_secret: container_password - when: - event: - - push - - tag - ---- -kind: pipeline -type: exec -name: linux-arm64 - -platform: - arch: arm64 - os: linux - -steps: -- name: publish - commands: - - echo $CONTAINER_PASSWORD | docker login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - - make docker-build docker-immutable-push - environment: - VERSION: ${DRONE_TAG:-latest}-linux-arm64 - DEV_REGISTRY: - from_secret: dev_registry - DRYCC_REGISTRY: - from_secret: drycc_registry - CONTAINER_USERNAME: - from_secret: container_username - CONTAINER_PASSWORD: - from_secret: container_password - when: - event: - - push - - tag - ---- -kind: pipeline -type: docker -name: manifest -image_pull_secrets: -- container_pull_secrets - -steps: -- name: generate manifest - image: registry.drycc.cc/drycc/python-dev - pull: always - commands: - - sed -i "s/registry.drycc.cc/$${DRYCC_REGISTRY}/g" .drone/manifest.tmpl - environment: - DRYCC_REGISTRY: - from_secret: drycc_registry - -- name: publish - image: plugins/manifest - settings: - spec: .drone/manifest.tmpl - username: - from_secret: container_username - password: - from_secret: container_password - environment: - DEV_REGISTRY: - from_secret: dev_registry - DRYCC_REGISTRY: - from_secret: drycc_registry - -trigger: - event: - - push - - tag - -depends_on: -- linux-amd64 -- linux-arm64 - ---- -kind: pipeline -type: exec -name: chart - -steps: -- name: generate chart - commands: - - IMAGE_TAG=$([ ! -z $DRONE_TAG ] && echo ${DRONE_TAG:1} || echo \"canary\") - - sed -i "s/imageTag:\ \"canary\"/imageTag:\ $IMAGE_TAG/g" charts/registry/values.yaml - - helm package -u charts/registry --version $([ -z $DRONE_TAG ] && echo 1.0.0 || echo ${DRONE_TAG#v}) - - echo $CONTAINER_PASSWORD | helm registry login $DRYCC_REGISTRY -u $CONTAINER_USERNAME --password-stdin - - helm push registry-$([ -z $DRONE_TAG ] && echo 1.0.0 || echo ${DRONE_TAG#v}).tgz oci://$DRYCC_REGISTRY/$([ -z $DRONE_TAG ] && echo charts-testing || echo charts) - environment: - DRYCC_REGISTRY: - from_secret: drycc_registry - CONTAINER_USERNAME: - from_secret: container_username - CONTAINER_PASSWORD: - from_secret: container_password - when: - event: - - push - - tag diff --git a/.drone/manifest.tmpl b/.drone/manifest.tmpl deleted file mode 100644 index 04806b3..0000000 --- a/.drone/manifest.tmpl +++ /dev/null @@ -1,18 +0,0 @@ -image: registry.drycc.cc/drycc/registry:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}canary{{/if}} -{{#if build.tags}} -tags: -{{#each build.tags}} - - {{this}} -{{/each}} -{{/if}} -manifests: - - - image: registry.drycc.cc/drycc/registry:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-amd64 - platform: - architecture: amd64 - os: linux - - - image: registry.drycc.cc/drycc/registry:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-arm64 - platform: - architecture: arm64 - os: linux diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml new file mode 100644 index 0000000..a345874 --- /dev/null +++ b/.woodpecker/build-linux.yml @@ -0,0 +1,29 @@ +matrix: + platform: + - linux/amd64 + - linux/arm64 + +platform: ${platform} + +labels: + type: exec + +pipeline: +- name: publish-linux + image: bash + commands: + - export VERSION=$([ -z $CI_COMMIT_TAG ] && echo latest || echo $CI_COMMIT_TAG)-$(sed 's#/#-#g' <<< $CI_SYSTEM_ARCH) + - echo $CONTAINER_PASSWORD | docker login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 + - make docker-build docker-immutable-push + secrets: + - dev_registry + - drycc_registry + - container_username + - container_password + when: + event: + - push + - tag + +depends_on: +- test-linux \ No newline at end of file diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml new file mode 100644 index 0000000..bfecf10 --- /dev/null +++ b/.woodpecker/chart.yaml @@ -0,0 +1,28 @@ +platform: linux/amd64 + +labels: + type: exec + +pipeline: +- name: generate-chart + type: local + image: bash + commands: + - export VERSION=$(sed 's#v##' <<< $CI_COMMIT_TAG) + - export IMAGE_TAG=$([ ! -z $CI_COMMIT_TAG ] && echo \"$VERSION\" || echo \"canary\") + - sed -i "s/imageTag:\ \"canary\"/imageTag:\ $IMAGE_TAG/g" charts/$${CI_REPO_NAME}/values.yaml + - helm package -u charts/$${CI_REPO_NAME} --version $([ -z $CI_COMMIT_TAG ] && echo 1.0.0 || echo $VERSION) + - echo $CONTAINER_PASSWORD | helm registry login $DRYCC_REGISTRY -u $CONTAINER_USERNAME --password-stdin + - helm push $${CI_REPO_NAME}-$([ -z $CI_COMMIT_TAG ] && echo 1.0.0 || echo $VERSION).tgz oci://$DRYCC_REGISTRY/$([ -z $CI_COMMIT_TAG ] && echo charts-testing || echo charts) + secrets: + - dev_registry + - drycc_registry + - container_username + - container_password + when: + event: + - push + - tag + +depends_on: +- manifest \ No newline at end of file diff --git a/.woodpecker/manifest.tmpl b/.woodpecker/manifest.tmpl new file mode 100644 index 0000000..8739535 --- /dev/null +++ b/.woodpecker/manifest.tmpl @@ -0,0 +1,18 @@ +image: registry.drycc.cc/drycc/{{project}}:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}canary{{/if}} +{{#if build.tags}} +tags: +{{#each build.tags}} + - {{this}} +{{/each}} +{{/if}} +manifests: + - + image: registry.drycc.cc/drycc/{{project}}:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-amd64 + platform: + architecture: amd64 + os: linux + - + image: registry.drycc.cc/drycc/{{project}}:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-arm64 + platform: + architecture: arm64 + os: linux diff --git a/.woodpecker/manifest.yml b/.woodpecker/manifest.yml new file mode 100644 index 0000000..f7023ff --- /dev/null +++ b/.woodpecker/manifest.yml @@ -0,0 +1,38 @@ +platform: linux/amd64 + +labels: + type: exec + +pipeline: +- name: generate-manifest + image: bash + commands: + - sed -i "s/{{project}}/$${CI_REPO_NAME}/g" .woodpecker/manifest.tmpl + - sed -i "s/registry.drycc.cc/$${DRYCC_REGISTRY}/g" .woodpecker/manifest.tmpl + secrets: + - drycc_registry + when: + event: + - tag + - push + +- name: publish-manifest + image: bash + commands: + - docker run --rm + -e PLUGIN_SPEC=.woodpecker/manifest.tmpl + -e PLUGIN_USERNAME=$CONTAINER_USERNAME + -e PLUGIN_PASSWORD=$CONTAINER_PASSWORD + -v $(pwd):$(pwd) + -w $(pwd) + plugins/manifest + secrets: + - container_username + - container_password + when: + event: + - tag + - push + +depends_on: +- build-linux diff --git a/.woodpecker/test-linux.yml b/.woodpecker/test-linux.yml new file mode 100644 index 0000000..d736541 --- /dev/null +++ b/.woodpecker/test-linux.yml @@ -0,0 +1,21 @@ +matrix: + platform: + - linux/amd64 + - linux/arm64 + +platform: ${platform} + +labels: + type: exec + +pipeline: +- name: test-linux + image: bash + commands: + - make test + secrets: + - dev_registry + when: + event: + - push + - tag diff --git a/Makefile b/Makefile index d75fcb0..95fe840 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,7 @@ build-binary: $(call check-static-binary,$(BINDIR)/${SHORT_NAME}) ${DEV_ENV_CMD} upx -9 --brute $(BINDIR)/${SHORT_NAME} -test: check-docker test-style +test: check-docker docker-build test-style contrib/ci/test.sh ${IMAGE} test-style: From eb18a5fe074face0202ed4b2c55acd647aab6317 Mon Sep 17 00:00:00 2001 From: jianxiaoguo <842666271@qq.com> Date: Mon, 20 Feb 2023 16:18:44 +0800 Subject: [PATCH 29/69] chore(woodpecker): use woodpecker ci build status --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d3c5a7a..af7b07d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Drycc Registry v2 -[![Build Status](https://drone.drycc.cc/api/badges/drycc/registry/status.svg)](https://drone.drycc.cc/drycc/registry) +[![Build Status](https://woodpecker.drycc.cc/api/badges/drycc/registry/status.svg)](https://woodpecker.drycc.cc/drycc/registry) [![Go Report Card](https://goreportcard.com/badge/github.com/drycc/registry)](https://goreportcard.com/report/github.com/drycc/registry) From 9848e94095be8130b7b54d9784f7fd7da1bf4689 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 24 Mar 2023 13:58:46 +0800 Subject: [PATCH 30/69] fix(registry): manifest error --- .woodpecker/manifest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.woodpecker/manifest.yml b/.woodpecker/manifest.yml index f7023ff..7f6ec36 100644 --- a/.woodpecker/manifest.yml +++ b/.woodpecker/manifest.yml @@ -23,6 +23,7 @@ pipeline: -e PLUGIN_SPEC=.woodpecker/manifest.tmpl -e PLUGIN_USERNAME=$CONTAINER_USERNAME -e PLUGIN_PASSWORD=$CONTAINER_PASSWORD + -e DRONE_TAG=$CI_COMMIT_TAG -v $(pwd):$(pwd) -w $(pwd) plugins/manifest From c36c053f6bee865e08a28bf523c9f4c1ecba6dd8 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 31 May 2023 12:52:34 +0800 Subject: [PATCH 31/69] chore(registry): add chart appVersion --- .woodpecker/chart.yaml | 6 ++++-- charts/registry/Chart.yaml | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml index bfecf10..3204cf5 100644 --- a/.woodpecker/chart.yaml +++ b/.woodpecker/chart.yaml @@ -10,10 +10,12 @@ pipeline: commands: - export VERSION=$(sed 's#v##' <<< $CI_COMMIT_TAG) - export IMAGE_TAG=$([ ! -z $CI_COMMIT_TAG ] && echo \"$VERSION\" || echo \"canary\") + - export APP_VERSION=$([ ! -z $CI_COMMIT_TAG ] && echo $VERSION || echo 1.0.0) + - export CHART_VERSION=$([ -z $CI_COMMIT_TAG ] && echo 1.0.0 || echo $VERSION) - sed -i "s/imageTag:\ \"canary\"/imageTag:\ $IMAGE_TAG/g" charts/$${CI_REPO_NAME}/values.yaml - - helm package -u charts/$${CI_REPO_NAME} --version $([ -z $CI_COMMIT_TAG ] && echo 1.0.0 || echo $VERSION) + - helm package -u charts/$${CI_REPO_NAME} --version $CHART_VERSION --app-version $APP_VERSION - echo $CONTAINER_PASSWORD | helm registry login $DRYCC_REGISTRY -u $CONTAINER_USERNAME --password-stdin - - helm push $${CI_REPO_NAME}-$([ -z $CI_COMMIT_TAG ] && echo 1.0.0 || echo $VERSION).tgz oci://$DRYCC_REGISTRY/$([ -z $CI_COMMIT_TAG ] && echo charts-testing || echo charts) + - helm push $${CI_REPO_NAME}-$CHART_VERSION.tgz oci://$DRYCC_REGISTRY/$([ -z $CI_COMMIT_TAG ] && echo charts-testing || echo charts) secrets: - dev_registry - drycc_registry diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index 733f9f4..c53209c 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -1,6 +1,7 @@ name: registry home: https://github.com/drycc/registry apiVersion: v2 +appVersion: 1.0.0 dependencies: - name: common repository: oci://registry.drycc.cc/charts From 8484ea687141fb9313ffd99a36755c1f2e1c8fdc Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 19 Jun 2023 12:55:26 +0800 Subject: [PATCH 32/69] chore(registry): upgrade codename to bookworm --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index f7f96d2..d9a33a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,14 +7,14 @@ RUN export GO111MODULE=on \ && upx -9 --brute /usr/local/bin/registry -FROM registry.drycc.cc/drycc/base:bullseye +FROM registry.drycc.cc/drycc/base:bookworm ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.6" \ - MC_VERSION="2022.08.28.20.08.11" \ - REGISTRY_VERSION="2.8.0" + MC_VERSION="2023.06.15.15.08.26" \ + REGISTRY_VERSION="2.8.2" COPY rootfs/bin/ /bin/ COPY --from=build /usr/local/bin/registry /opt/registry/bin/registry From a475b88c0a6bee4cd45ab56adaa5b02a0c3d39fb Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 20 Jun 2023 16:11:09 +0800 Subject: [PATCH 33/69] chore(registry): add codename build-arg --- .woodpecker/build-linux.yml | 1 + .woodpecker/test-linux.yml | 1 + Dockerfile | 4 +++- Makefile | 4 ++-- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index a345874..db9ad17 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -16,6 +16,7 @@ pipeline: - echo $CONTAINER_PASSWORD | docker login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - make docker-build docker-immutable-push secrets: + - codename - dev_registry - drycc_registry - container_username diff --git a/.woodpecker/test-linux.yml b/.woodpecker/test-linux.yml index d736541..313179e 100644 --- a/.woodpecker/test-linux.yml +++ b/.woodpecker/test-linux.yml @@ -14,6 +14,7 @@ pipeline: commands: - make test secrets: + - codename - dev_registry when: event: diff --git a/Dockerfile b/Dockerfile index d9a33a1..6fd8e81 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ +ARG CODENAME + FROM registry.drycc.cc/drycc/go-dev:latest AS build ARG LDFLAGS ADD . /workspace @@ -7,7 +9,7 @@ RUN export GO111MODULE=on \ && upx -9 --brute /usr/local/bin/registry -FROM registry.drycc.cc/drycc/base:bookworm +FROM registry.drycc.cc/drycc/base:${CODENAME} ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ diff --git a/Makefile b/Makefile index 95fe840..e920310 100644 --- a/Makefile +++ b/Makefile @@ -36,11 +36,11 @@ build: check-docker # For cases where we're building from local # We also alter the RC file to set the image name. docker-build: check-docker - docker build ${DOCKER_BUILD_FLAGS} -t ${IMAGE} --build-arg LDFLAGS=${LDFLAGS} . + docker build ${DOCKER_BUILD_FLAGS} --build-arg CODENAME=${CODENAME} -t ${IMAGE} --build-arg LDFLAGS=${LDFLAGS} . docker tag ${IMAGE} ${MUTABLE_IMAGE} docker-buildx: check-docker - docker buildx build --platform ${PLATFORM} -t ${IMAGE} --build-arg LDFLAGS=${LDFLAGS} . --push + docker buildx build --build-arg CODENAME=${CODENAME} --platform ${PLATFORM} -t ${IMAGE} --build-arg LDFLAGS=${LDFLAGS} . --push build-binary: ${DEV_ENV_CMD} go build -ldflags ${LDFLAGS} -o $(BINDIR)/${SHORT_NAME} main.go From 2aa209028f7d487ddfbda3da0d577aedd8f8c4ee Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 15 Aug 2023 11:20:21 +0800 Subject: [PATCH 34/69] chore(registry): bump common 1.1.2 --- charts/registry/Chart.yaml | 2 +- charts/registry/templates/registry-deployment.yaml | 6 +++--- charts/registry/values.yaml | 10 ++++------ 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index c53209c..f13e993 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -5,7 +5,7 @@ appVersion: 1.0.0 dependencies: - name: common repository: oci://registry.drycc.cc/charts - version: ~1.1.1 + version: ~1.1.2 description: Docker registry for Drycc Workflow. maintainers: - name: Drycc Team diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index e1bdcae..484a3f5 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -19,12 +19,12 @@ spec: app: drycc-registry template: metadata: - labels: + labels: {{- include "common.labels.standard" . | nindent 8 }} app: drycc-registry spec: affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset.type "key" .Values.podAffinityPreset.key "values" .Values.podAffinityPreset.values ) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset.type "key" .Values.podAntiAffinityPreset.key "values" .Values.podAntiAffinityPreset.values ) | nindent 10 }} + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset.type "component" "" "extraMatchLabels" .Values.podAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset.type "component" "" "extraMatchLabels" .Values.podAntiAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values ) | nindent 10 }} serviceAccount: drycc-registry initContainers: diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 5997f66..0177001 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -11,16 +11,14 @@ nodeAffinityPreset: - "true" podAffinityPreset: - key: "security" type: "" - values: - - "drycc-security" + extraMatchLabels: + security: "drycc-security" podAntiAffinityPreset: - key: "app" type: "soft" - values: - - "drycc-registry" + extraMatchLabels: + app: "drycc-registry" # registry replicas replicas: 1 From 0723d3389b964f5c035fd700507d3bb16544a5b1 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 28 Sep 2023 10:29:06 +0800 Subject: [PATCH 35/69] chore(registry): use podman replace docker --- .woodpecker/build-linux.yml | 4 ++-- .woodpecker/manifest.yml | 4 ++-- Makefile | 21 +++++++++------------ README.md | 8 ++++---- charts/registry/Chart.yaml | 2 +- contrib/ci/test.sh | 14 +++++++------- includes.mk | 6 +++--- versioning.mk | 16 ++++++++-------- 8 files changed, 36 insertions(+), 39 deletions(-) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index db9ad17..8cdd984 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -13,8 +13,8 @@ pipeline: image: bash commands: - export VERSION=$([ -z $CI_COMMIT_TAG ] && echo latest || echo $CI_COMMIT_TAG)-$(sed 's#/#-#g' <<< $CI_SYSTEM_ARCH) - - echo $CONTAINER_PASSWORD | docker login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - - make docker-build docker-immutable-push + - echo $CONTAINER_PASSWORD | podman login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 + - make podman-build podman-immutable-push secrets: - codename - dev_registry diff --git a/.woodpecker/manifest.yml b/.woodpecker/manifest.yml index 7f6ec36..2d5c4e5 100644 --- a/.woodpecker/manifest.yml +++ b/.woodpecker/manifest.yml @@ -19,14 +19,14 @@ pipeline: - name: publish-manifest image: bash commands: - - docker run --rm + - podman run --rm -e PLUGIN_SPEC=.woodpecker/manifest.tmpl -e PLUGIN_USERNAME=$CONTAINER_USERNAME -e PLUGIN_PASSWORD=$CONTAINER_PASSWORD -e DRONE_TAG=$CI_COMMIT_TAG -v $(pwd):$(pwd) -w $(pwd) - plugins/manifest + docker.io/plugins/manifest secrets: - container_username - container_password diff --git a/Makefile b/Makefile index e920310..7fce73e 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # Short name: Short name, following [a-zA-Z_], used all over the place. # Some uses for short name: -# - Docker image name +# - Container image name # - Kubernetes service, deployment, pod names SHORT_NAME := registry DRYCC_REGISTRY ?= ${DEV_REGISTRY} @@ -17,7 +17,7 @@ SHELL_SCRIPTS = $(wildcard rootfs/bin/* _scripts/*.sh contrib/ci/*.sh) # and other build options DEV_ENV_IMAGE := ${DEV_REGISTRY}/drycc/go-dev DEV_ENV_WORK_DIR := /opt/drycc/go/src/${REPO_PATH} -DEV_ENV_PREFIX := docker run --rm -v ${CURDIR}:${DEV_ENV_WORK_DIR} -w ${DEV_ENV_WORK_DIR} +DEV_ENV_PREFIX := podman run --rm -v ${CURDIR}:${DEV_ENV_WORK_DIR} -w ${DEV_ENV_WORK_DIR} DEV_ENV_CMD := ${DEV_ENV_PREFIX} ${DEV_ENV_IMAGE} LDFLAGS := "-s -w -X main.version=${VERSION}" BINDIR := ./rootfs/opt/registry/sbin @@ -29,31 +29,28 @@ endif all: @echo "Use a Makefile to control top-level building of the project." -build: check-docker +build: check-podman mkdir -p ${BINDIR} $(MAKE) build-binary # For cases where we're building from local # We also alter the RC file to set the image name. -docker-build: check-docker - docker build ${DOCKER_BUILD_FLAGS} --build-arg CODENAME=${CODENAME} -t ${IMAGE} --build-arg LDFLAGS=${LDFLAGS} . - docker tag ${IMAGE} ${MUTABLE_IMAGE} - -docker-buildx: check-docker - docker buildx build --build-arg CODENAME=${CODENAME} --platform ${PLATFORM} -t ${IMAGE} --build-arg LDFLAGS=${LDFLAGS} . --push +podman-build: check-podman + podman build --build-arg CODENAME=${CODENAME} -t ${IMAGE} --build-arg LDFLAGS=${LDFLAGS} . + podman tag ${IMAGE} ${MUTABLE_IMAGE} build-binary: ${DEV_ENV_CMD} go build -ldflags ${LDFLAGS} -o $(BINDIR)/${SHORT_NAME} main.go $(call check-static-binary,$(BINDIR)/${SHORT_NAME}) ${DEV_ENV_CMD} upx -9 --brute $(BINDIR)/${SHORT_NAME} -test: check-docker docker-build test-style +test: check-podman podman-build test-style contrib/ci/test.sh ${IMAGE} test-style: ${DEV_ENV_CMD} shellcheck $(SHELL_SCRIPTS) -deploy: check-kubectl docker-build docker-push +deploy: check-kubectl podman-build podman-push kubectl --namespace=drycc patch deployment drycc-$(SHORT_NAME) --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"$(IMAGE)"}]' -.PHONY: all build build-binary docker-build test test-style deploy +.PHONY: all build build-binary podman-build test test-style deploy diff --git a/README.md b/README.md index af7b07d..5e9ea3d 100644 --- a/README.md +++ b/README.md @@ -12,11 +12,11 @@ We welcome your input! If you have feedback, please submit an [issue][issues]. I # About -The registry is a [Docker registry](https://docs.docker.com/registry/) component for use in Kubernetes. While it's intended for use inside of the Drycc open source [PaaS](https://en.wikipedia.org/wiki/Platform_as_a_service), it's flexible enough to be used as a standalone pod on any Kubernetes cluster. +The registry is a [Container registry](https://github.com/distribution/distribution) component for use in Kubernetes. While it's intended for use inside of the Drycc open source [PaaS](https://en.wikipedia.org/wiki/Platform_as_a_service), it's flexible enough to be used as a standalone pod on any Kubernetes cluster. -If you decide to use this component standalone, you can host your own Docker registry in your own Kubernetes cluster. +If you decide to use this component standalone, you can host your own Container registry in your own Kubernetes cluster. -The Docker image that this repository builds is based on [the official Docker v2 registry image](https://github.com/docker/distribution). +The Container image that this repository builds is based on [the official Container v2 registry image](https://github.com/distribution/distribution). # Development @@ -49,7 +49,7 @@ $ export IMAGE_PREFIX=youruser/ # if using Quay or Dockerhub To build and push the image run: ```console -$ make docker-build docker-push +$ make podman-build podman-push ``` To deploy the image via patching the registry deployment run: diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index f13e993..cd8abff 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -6,7 +6,7 @@ dependencies: - name: common repository: oci://registry.drycc.cc/charts version: ~1.1.2 -description: Docker registry for Drycc Workflow. +description: Container registry for Drycc Workflow. maintainers: - name: Drycc Team email: engineering@drycc.com diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index dc59be0..6c5f393 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -5,17 +5,17 @@ set -eoxf pipefail s3Accesskey=drycc s3Secretkey=123456789 -STORAGE_JOB=$(docker run -d --name storage \ +STORAGE_JOB=$(podman run -d --name storage \ -e DRYCC_STORAGE_ACCESSKEY=$s3Accesskey \ -e DRYCC_STORAGE_SECRETKEY=$s3Secretkey \ "${DEV_REGISTRY}"/drycc/storage:canary minio server /data/storage/ --console-address :9001) sleep 5 -docker logs "${STORAGE_JOB}" +podman logs "${STORAGE_JOB}" -STORAGE_IP=$(docker inspect --format "{{ .NetworkSettings.IPAddress }}" "${STORAGE_JOB}") +STORAGE_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${STORAGE_JOB}") -JOB=$(docker run --add-host storage:"${STORAGE_IP}" \ +JOB=$(podman run --add-host storage:"${STORAGE_IP}" \ -d \ -p 5000:5000 \ -e REGISTRY_HTTP_SECRET=drycc \ @@ -32,6 +32,6 @@ JOB=$(docker run --add-host storage:"${STORAGE_IP}" \ # let the registry run for a few seconds sleep 5 # check that the registry is still up -docker logs "${JOB}" -docker ps -q --no-trunc=true | grep "${JOB}" -docker rm -f "${JOB}" "${STORAGE_JOB}" +podman logs "${JOB}" +podman ps -q --no-trunc=true | grep "${JOB}" +podman rm -f "${JOB}" "${STORAGE_JOB}" diff --git a/includes.mk b/includes.mk index 5bc8456..4634e38 100644 --- a/includes.mk +++ b/includes.mk @@ -1,6 +1,6 @@ -check-docker: - @if [ -z $$(which docker) ]; then \ - echo "Missing \`docker\` client which is required for development"; \ +check-podman: + @if [ -z $$(which podman) ]; then \ + echo "Missing \`podman\` client which is required for development"; \ exit 2; \ fi diff --git a/versioning.mk b/versioning.mk index 2bfd999..8b30958 100644 --- a/versioning.mk +++ b/versioning.mk @@ -11,13 +11,13 @@ info: @echo "Immutable tag: ${IMAGE}" @echo "Mutable tag: ${MUTABLE_IMAGE}" -.PHONY: docker-push -docker-push: docker-immutable-push docker-mutable-push +.PHONY: podman-push +podman-push: podman-immutable-push podman-mutable-push -.PHONY: docker-immutable-push -docker-immutable-push: - docker push ${IMAGE} +.PHONY: podman-immutable-push +podman-immutable-push: + podman push ${IMAGE} -.PHONY: docker-mutable-push -docker-mutable-push: - docker push ${MUTABLE_IMAGE} +.PHONY: podman-mutable-push +podman-mutable-push: + podman push ${MUTABLE_IMAGE} From 5ea05616f9379daabfce68332ad9030c1ee83604 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 12 Oct 2023 15:30:48 +0800 Subject: [PATCH 36/69] chore(registry): remove health url --- charts/registry/templates/_helper.tpl | 5 ----- charts/registry/templates/registry-deployment.yaml | 4 ++-- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index df13657..a4e066b 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -29,11 +29,6 @@ env: secretKeyRef: name: storage-creds key: lookup -- name: "DRYCC_STORAGE_HEALTH" - valueFrom: - secretKeyRef: - name: storage-creds - key: health - name: "DRYCC_STORAGE_BUCKET" valueFrom: secretKeyRef: diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 484a3f5..df3db76 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -34,8 +34,8 @@ spec: args: - netcat - -v - - -g - - $(DRYCC_STORAGE_HEALTH) + - -u + - $(DRYCC_STORAGE_ENDPOINT) {{- include "registry.envs" . | indent 8 }} containers: - name: drycc-registry From 9c356dece0299521c906ab855e77e70385f3860b Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 12 Oct 2023 17:44:23 +0800 Subject: [PATCH 37/69] chore(registry): add wait-for-port check --- Dockerfile | 4 ++-- contrib/ci/test.sh | 33 ++++++++++++++++++++++----------- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6fd8e81..11c41e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,8 +14,8 @@ FROM registry.drycc.cc/drycc/base:${CODENAME} ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ - JQ_VERSION="1.6" \ - MC_VERSION="2023.06.15.15.08.26" \ + JQ_VERSION="1.7" \ + MC_VERSION="2023.09.20.15.22.31" \ REGISTRY_VERSION="2.8.2" COPY rootfs/bin/ /bin/ diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 6c5f393..a9711f3 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -5,33 +5,44 @@ set -eoxf pipefail s3Accesskey=drycc s3Secretkey=123456789 -STORAGE_JOB=$(podman run -d --name storage \ +STORAGE_JOB=$(podman run -d --entrypoint init-stack -p 8333:8333 \ -e DRYCC_STORAGE_ACCESSKEY=$s3Accesskey \ -e DRYCC_STORAGE_SECRETKEY=$s3Secretkey \ - "${DEV_REGISTRY}"/drycc/storage:canary minio server /data/storage/ --console-address :9001) - -sleep 5 -podman logs "${STORAGE_JOB}" + "${DEV_REGISTRY}"/drycc/storage:canary weed server -dir=/data/hdd -s3) +# wait for port STORAGE_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${STORAGE_JOB}") +echo -e "\\033[32m---> Waitting for ${STORAGE_IP}:8333\\033[0m" +wait-for-port --host="${STORAGE_IP}" 8333 +echo -e "\\033[32m---> S3 service ${STORAGE_IP}:8333 ready...\\033[0m" +podman logs "${STORAGE_JOB}" -JOB=$(podman run --add-host storage:"${STORAGE_IP}" \ - -d \ - -p 5000:5000 \ +JOB=$(podman run -d -p 5000:5000 \ -e REGISTRY_HTTP_SECRET=drycc \ -e DRYCC_REGISTRY_REDIRECT=false \ -e DRYCC_REGISTRY_USERNAME=admin \ -e DRYCC_REGISTRY_PASSWORD=admin \ -e DRYCC_STORAGE_LOOKUP=path \ -e DRYCC_STORAGE_BUCKET=registry \ - -e DRYCC_STORAGE_ENDPOINT=http://storage:9000 \ + -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:8333" \ -e DRYCC_STORAGE_ACCESSKEY=$s3Accesskey \ -e DRYCC_STORAGE_SECRETKEY=$s3Secretkey \ "$1") +# shellcheck disable=SC2317 +function clean_before_exit { + # delay before exiting, so stdout/stderr flushes through the logging system + podman kill "${JOB}" + podman kill "${STORAGE_JOB}" + podman rm "${JOB}" "${STORAGE_JOB}" +} +trap clean_before_exit EXIT + # let the registry run for a few seconds -sleep 5 +REGISTRY_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${JOB}") +echo -e "\\033[32m---> Waitting for ${REGISTRY_IP}:5000\\033[0m" +wait-for-port --host="${REGISTRY_IP}" 5000 +echo -e "\\033[32m---> S3 service ${REGISTRY_IP}:5000 ready...\\033[0m" # check that the registry is still up podman logs "${JOB}" podman ps -q --no-trunc=true | grep "${JOB}" -podman rm -f "${JOB}" "${STORAGE_JOB}" From 34303e69ac9013cd91dabdc03b737662d913c9ca Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 24 Oct 2023 10:05:10 +0800 Subject: [PATCH 38/69] chore(registry): use headless --- charts/registry/templates/registry-service.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index 1b792c1..6b6d579 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -10,10 +10,7 @@ metadata: labels: heritage: drycc spec: - ports: - - name: http - port: 80 - targetPort: 5000 + clusterIP: None selector: app: drycc-registry sessionAffinity: ClientIP From 162bdf6d04f35c3545a9eea281c608585bf9a8ba Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 24 Oct 2023 10:15:21 +0800 Subject: [PATCH 39/69] chore(registry): change registry port to 5000 --- .../templates/registry-deployment.yaml | 6 +++--- .../registry/templates/registry-secret.yaml | 2 +- contrib/ci/test.sh | 21 +++++++++++-------- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index df3db76..57a4e00 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -70,10 +70,10 @@ spec: successThreshold: 1 failureThreshold: 5 ports: - - containerPort: 5000 + - containerPort: 5000 volumeMounts: - - name: registry-storage - mountPath: /var/lib/registry + - name: registry-storage + mountPath: /var/lib/registry securityContext: fsGroup: 1001 runAsGroup: 1001 diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index ce46a36..301ceae 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -9,7 +9,7 @@ metadata: type: Opaque data: {{- if eq .Values.global.registryLocation "on-cluster" }} - host: {{ printf "drycc-registry.%s.svc.%s:80" .Release.Namespace .Values.global.clusterDomain | b64enc }} + host: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain | b64enc }} secret: {{ randAlphaNum 32 | b64enc }} {{- else }} host: {{ .Values.host | b64enc }} diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index a9711f3..8c82f05 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -2,13 +2,16 @@ set -eoxf pipefail -s3Accesskey=drycc -s3Secretkey=123456789 +BASE_DIR=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")") +DRYCC_STORAGE_ACCESSKEY=f4c4281665bc11ee8e0400163e04a9cd +DRYCC_STORAGE_SECRETKEY=f4c4281665bc11ee8e0400163e04a9cd + STORAGE_JOB=$(podman run -d --entrypoint init-stack -p 8333:8333 \ - -e DRYCC_STORAGE_ACCESSKEY=$s3Accesskey \ - -e DRYCC_STORAGE_SECRETKEY=$s3Secretkey \ - "${DEV_REGISTRY}"/drycc/storage:canary weed server -dir=/data/hdd -s3) + -v "${BASE_DIR}":/tmp/weed \ + -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ + -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ + "${DEV_REGISTRY}"/drycc/storage:canary /tmp/weed/start-s3.sh) # wait for port STORAGE_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${STORAGE_JOB}") @@ -17,7 +20,7 @@ wait-for-port --host="${STORAGE_IP}" 8333 echo -e "\\033[32m---> S3 service ${STORAGE_IP}:8333 ready...\\033[0m" podman logs "${STORAGE_JOB}" -JOB=$(podman run -d -p 5000:5000 \ +JOB=$(podman run -d \ -e REGISTRY_HTTP_SECRET=drycc \ -e DRYCC_REGISTRY_REDIRECT=false \ -e DRYCC_REGISTRY_USERNAME=admin \ @@ -25,8 +28,8 @@ JOB=$(podman run -d -p 5000:5000 \ -e DRYCC_STORAGE_LOOKUP=path \ -e DRYCC_STORAGE_BUCKET=registry \ -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:8333" \ - -e DRYCC_STORAGE_ACCESSKEY=$s3Accesskey \ - -e DRYCC_STORAGE_SECRETKEY=$s3Secretkey \ + -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ + -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ "$1") # shellcheck disable=SC2317 @@ -34,7 +37,7 @@ function clean_before_exit { # delay before exiting, so stdout/stderr flushes through the logging system podman kill "${JOB}" podman kill "${STORAGE_JOB}" - podman rm "${JOB}" "${STORAGE_JOB}" + podman rm -f "${JOB}" "${STORAGE_JOB}" } trap clean_before_exit EXIT From 57e31f15fcb3e8fcd282f9edc8ef5883f975efed Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 24 Oct 2023 13:38:52 +0800 Subject: [PATCH 40/69] chore(registry): add registry push test --- charts/registry/templates/registry-deployment.yaml | 1 + charts/registry/templates/registry-service.yaml | 4 ++++ contrib/ci/s3.json | 10 ++++++++++ contrib/ci/start-s3.sh | 7 +++++++ contrib/ci/test.sh | 5 +++-- 5 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 contrib/ci/s3.json create mode 100755 contrib/ci/start-s3.sh diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 57a4e00..9f81532 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -71,6 +71,7 @@ spec: failureThreshold: 5 ports: - containerPort: 5000 + name: http volumeMounts: - name: registry-storage mountPath: /var/lib/registry diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index 6b6d579..53605e4 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -13,5 +13,9 @@ spec: clusterIP: None selector: app: drycc-registry + ports: + - name: http + port: 5000 + targetPort: 5000 sessionAffinity: ClientIP {{- end }} diff --git a/contrib/ci/s3.json b/contrib/ci/s3.json new file mode 100644 index 0000000..c34dd33 --- /dev/null +++ b/contrib/ci/s3.json @@ -0,0 +1,10 @@ +{ + "identities": [{ + "name": "drycc", + "credentials": [{ + "accessKey": "$DRYCC_STORAGE_ACCESSKEY", + "secretKey": "$DRYCC_STORAGE_SECRETKEY" + }], + "actions": ["Admin", "Read", "List", "Tagging", "Write"] + }] +} \ No newline at end of file diff --git a/contrib/ci/start-s3.sh b/contrib/ci/start-s3.sh new file mode 100755 index 0000000..55b5092 --- /dev/null +++ b/contrib/ci/start-s3.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +eval "cat </etc/seaweedfs/s3.json +$( cat /tmp/weed/s3.json ) +EOF +" 2> /dev/null + +weed server -dir=/data -s3 -s3.config=/etc/seaweedfs/s3.json diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 8c82f05..07718d1 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -47,5 +47,6 @@ echo -e "\\033[32m---> Waitting for ${REGISTRY_IP}:5000\\033[0m" wait-for-port --host="${REGISTRY_IP}" 5000 echo -e "\\033[32m---> S3 service ${REGISTRY_IP}:5000 ready...\\033[0m" # check that the registry is still up -podman logs "${JOB}" -podman ps -q --no-trunc=true | grep "${JOB}" +podman tag "$1" "${REGISTRY_IP}:5000/registry:canary" +echo admin | podman login "${REGISTRY_IP}:5000" --tls-verify=false --username admin --password-stdin > /dev/null 2>&1 +podman push "${REGISTRY_IP}:5000/registry:canary" --tls-verify=false \ No newline at end of file From cd8e400d0f0ab8b1e2f1ff6893fb89a0dedb7b78 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 24 Oct 2023 16:14:23 +0800 Subject: [PATCH 41/69] chore(registry): add default env --- charts/registry/values.yaml | 2 ++ main.go | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 0177001..99035c5 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -22,6 +22,8 @@ podAntiAffinityPreset: # registry replicas replicas: 1 +# registry storage redirect +redirect: false concurrencyPolicy: "Replace" diff --git a/main.go b/main.go index 4488ee9..07ff818 100644 --- a/main.go +++ b/main.go @@ -39,7 +39,6 @@ func main() { os.Setenv("REGISTRY_STORAGE_S3_ACCESSKEY", os.Getenv(storageAccesskeyEnvVar)) os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", os.Getenv(storageSecretkeyEnvVar)) os.Setenv("REGISTRY_STORAGE_S3_BUCKET", os.Getenv(storageBucketEnvVar)) - os.Setenv("REGISTRY_STORAGE_S3_ROOTDIRECTORY", "/registry") if os.Getenv(storageLookupEnvVar) == "path" { os.Setenv("REGISTRY_STORAGE_S3_FORCEPATHSTYLE", "true") @@ -50,6 +49,13 @@ func main() { } else { os.Setenv("REGISTRY_STORAGE_REDIRECT_DISABLE", "true") } + // set default env + os.Setenv("REGISTRY_STORAGE_S3_V4AUTH", "true") + os.Setenv("REGISTRY_STORAGE_S3_SECURE", "false") + os.Setenv("REGISTRY_STORAGE_S3_SKIPVERIFY", "true") + os.Setenv("REGISTRY_STORAGE_DELETE_ENABLED", "true") + os.Setenv("REGISTRY_VALIDATION_DISABLED", "true") + os.Setenv("REGISTRY_STORAGE_S3_ROOTDIRECTORY", "/registry") // run /bin/init_registry os.Setenv("REGISTRY_AUTH", "htpasswd") From 2a323e0a6b8b1ac82e115a478c45be738b2dbe04 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 24 Oct 2023 17:54:53 +0800 Subject: [PATCH 42/69] chore(registry): bump registry 2.8.3 --- Dockerfile | 10 +++++----- contrib/ci/test.sh | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 11c41e4..cc66961 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,8 @@ ARG LDFLAGS ADD . /workspace RUN export GO111MODULE=on \ && cd /workspace \ - && CGO_ENABLED=0 init-stack go build -ldflags "${LDFLAGS}" -o /usr/local/bin/registry main.go \ - && upx -9 --brute /usr/local/bin/registry + && CGO_ENABLED=0 init-stack go build -ldflags "${LDFLAGS}" -o /bin/boot main.go \ + && upx -9 --brute /bin/boot FROM registry.drycc.cc/drycc/base:${CODENAME} @@ -16,10 +16,10 @@ ENV DRYCC_UID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7" \ MC_VERSION="2023.09.20.15.22.31" \ - REGISTRY_VERSION="2.8.2" + REGISTRY_VERSION="2.8.3" COPY rootfs/bin/ /bin/ -COPY --from=build /usr/local/bin/registry /opt/registry/bin/registry +COPY --from=build /bin/boot /bin/boot RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \ @@ -49,5 +49,5 @@ ENV DRYCC_REGISTRY_CONFIG /opt/drycc/registry/etc/config.yml USER ${DRYCC_UID} VOLUME ["${DRYCC_HOME_DIR}"] -CMD ["/opt/registry/bin/registry"] +CMD ["/bin/boot"] EXPOSE 5000 diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 07718d1..d2fc18e 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -49,4 +49,4 @@ echo -e "\\033[32m---> S3 service ${REGISTRY_IP}:5000 ready...\\033[0m" # check that the registry is still up podman tag "$1" "${REGISTRY_IP}:5000/registry:canary" echo admin | podman login "${REGISTRY_IP}:5000" --tls-verify=false --username admin --password-stdin > /dev/null 2>&1 -podman push "${REGISTRY_IP}:5000/registry:canary" --tls-verify=false \ No newline at end of file +podman push "${REGISTRY_IP}:5000/registry:canary" --tls-verify=false From c4c3383645c21e5783c6380fa6f42b83831bb2bb Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 3 Nov 2023 00:09:56 +0800 Subject: [PATCH 43/69] fix(registry): garbage collect error --- .../registry/templates/registry-cronjob-daily.yaml | 12 +++++------- charts/registry/templates/registry-deployment.yaml | 12 ++++++------ 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index 30f9d3f..60f89b7 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -23,19 +23,17 @@ spec: image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest imagePullPolicy: {{.Values.imagePullPolicy}} args: - - netcat - - -v - - -u - - $(DRYCC_STORAGE_ENDPOINT) + - netcat + - -v + - -u + - $(DRYCC_STORAGE_ENDPOINT) {{- include "builder.envs" . | indent 12 }} containers: - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} imagePullPolicy: {{.Values.imagePullPolicy}} name: drycc-registry-garbage-collect args: - - /bin/bash - - -c - - /opt/registry/bin/registry + - /bin/boot - garbage-collect - $(DRYCC_REGISTRY_CONFIG) - --dry-run diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 9f81532..22b6561 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -32,10 +32,10 @@ spec: image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest imagePullPolicy: {{.Values.imagePullPolicy}} args: - - netcat - - -v - - -u - - $(DRYCC_STORAGE_ENDPOINT) + - netcat + - -v + - -u + - $(DRYCC_STORAGE_ENDPOINT) {{- include "registry.envs" . | indent 8 }} containers: - name: drycc-registry @@ -80,6 +80,6 @@ spec: runAsGroup: 1001 runAsUser: 1001 volumes: - - name: registry-storage - emptyDir: {} + - name: registry-storage + emptyDir: {} {{- end }} From 5d2787d9f459e0f1847597762ed5b855676959b6 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 6 Feb 2024 19:46:36 +0800 Subject: [PATCH 44/69] chore(registry): headless svc does not require ports --- charts/registry/templates/registry-service.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index 53605e4..6b6d579 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -13,9 +13,5 @@ spec: clusterIP: None selector: app: drycc-registry - ports: - - name: http - port: 5000 - targetPort: 5000 sessionAffinity: ClientIP {{- end }} From cff1e92377a6f5efe9c2470219d04db98e592cfc Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 4 Mar 2024 16:12:01 +0800 Subject: [PATCH 45/69] chore(charts): add diagnostic mode --- .../templates/registry-cronjob-daily.yaml | 5 +++++ .../registry/templates/registry-deployment.yaml | 6 ++++++ charts/registry/values.yaml | 16 ++++++++++++++++ 3 files changed, 27 insertions(+) diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index 60f89b7..c816338 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -32,11 +32,16 @@ spec: - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} imagePullPolicy: {{.Values.imagePullPolicy}} name: drycc-registry-garbage-collect + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 14 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 14 }} + {{- else }} args: - /bin/boot - garbage-collect - $(DRYCC_REGISTRY_CONFIG) - --dry-run - --delete-untagged + {{- end }} {{- include "builder.envs" . | indent 12 }} {{- end }} diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 22b6561..5ce2257 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -41,8 +41,13 @@ spec: - name: drycc-registry image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} imagePullPolicy: {{.Values.imagePullPolicy}} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }} + {{- end }} {{- include "registry.limits" . | indent 8 }} {{- include "registry.envs" . | indent 8 }} + {{- if not .Values.diagnosticMode.enabled }} startupProbe: tcpSocket: port: 5000 @@ -69,6 +74,7 @@ spec: timeoutSeconds: 1 successThreshold: 1 failureThreshold: 5 + {{- end }} ports: - containerPort: 5000 name: http diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 99035c5..9fddc8c 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -4,6 +4,22 @@ imageTag: "canary" imageRegistry: "registry.drycc.cc" # limitsCpu: "100m" # limitsMemory: "50Mi" + +## Enable diagnostic mode +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers + ## + args: + - infinity + nodeAffinityPreset: key: "drycc.cc/node" type: "soft" From e6352b8dac143729c55bb003a34ff190e0312683 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 6 Mar 2024 12:36:36 +0800 Subject: [PATCH 46/69] feat(charts): reuses the value from an existing secret and config --- charts/registry/templates/registry-cronjob-daily.yaml | 4 ++-- charts/registry/templates/registry-secret.yaml | 6 +++--- charts/registry/values.yaml | 7 +++++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index c816338..ff3578c 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -27,7 +27,7 @@ spec: - -v - -u - $(DRYCC_STORAGE_ENDPOINT) - {{- include "builder.envs" . | indent 12 }} + {{- include "registry.envs" . | indent 12 }} containers: - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} imagePullPolicy: {{.Values.imagePullPolicy}} @@ -43,5 +43,5 @@ spec: - --dry-run - --delete-untagged {{- end }} - {{- include "builder.envs" . | indent 12 }} + {{- include "registry.envs" . | indent 12 }} {{- end }} diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index 301ceae..743f047 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -10,11 +10,11 @@ type: Opaque data: {{- if eq .Values.global.registryLocation "on-cluster" }} host: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain | b64enc }} - secret: {{ randAlphaNum 32 | b64enc }} + secret: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "secret" "defaultValue" (randAlphaNum 32) "context" $) }} {{- else }} host: {{ .Values.host | b64enc }} organization: {{ .Values.organization | b64enc }} {{- end }} - username: {{ if .Values.username | default "" | ne "" }}{{ .Values.username | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} - password: {{ if .Values.password | default "" | ne "" }}{{ .Values.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} + username: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "username" "defaultValue" (.Values.username | default (randAlphaNum 32)) "context" $) }} + password: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "password" "defaultValue" (.Values.password | default (randAlphaNum 32)) "context" $) }} redirect: {{ .Values.redirect | b64enc }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 9fddc8c..af87d91 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -39,11 +39,14 @@ podAntiAffinityPreset: # registry replicas replicas: 1 # registry storage redirect -redirect: false +redirect: "false" concurrencyPolicy: "Replace" # Service service: # Provide any additional service annotations - annotations: {} \ No newline at end of file + annotations: {} + +global: + registryLocation: "on-cluster" From e4ebb4258eae752bd5a9a74e97387c2ee1692668 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 18 Mar 2024 16:41:09 +0800 Subject: [PATCH 47/69] chore(woodpecker): migrations woodpecker-ci to 2 --- .woodpecker/build-linux.yml | 5 ++--- .woodpecker/chart.yaml | 6 ++---- .woodpecker/manifest.yml | 5 ++--- .woodpecker/test-linux.yml | 5 ++--- 4 files changed, 8 insertions(+), 13 deletions(-) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index 8cdd984..f411033 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -3,12 +3,11 @@ matrix: - linux/amd64 - linux/arm64 -platform: ${platform} - labels: type: exec + platform: ${platform} -pipeline: +steps: - name: publish-linux image: bash commands: diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml index 3204cf5..20f9ea9 100644 --- a/.woodpecker/chart.yaml +++ b/.woodpecker/chart.yaml @@ -1,11 +1,9 @@ -platform: linux/amd64 - labels: type: exec + platform: linux/amd64 -pipeline: +steps: - name: generate-chart - type: local image: bash commands: - export VERSION=$(sed 's#v##' <<< $CI_COMMIT_TAG) diff --git a/.woodpecker/manifest.yml b/.woodpecker/manifest.yml index 2d5c4e5..b4735ee 100644 --- a/.woodpecker/manifest.yml +++ b/.woodpecker/manifest.yml @@ -1,9 +1,8 @@ -platform: linux/amd64 - labels: type: exec + platform: linux/amd64 -pipeline: +steps: - name: generate-manifest image: bash commands: diff --git a/.woodpecker/test-linux.yml b/.woodpecker/test-linux.yml index 313179e..d47ccc5 100644 --- a/.woodpecker/test-linux.yml +++ b/.woodpecker/test-linux.yml @@ -3,12 +3,11 @@ matrix: - linux/amd64 - linux/arm64 -platform: ${platform} - labels: type: exec + platform: ${platform} -pipeline: +steps: - name: test-linux image: bash commands: From b17c5f6b8b9ef32487a867aacfd1477f453fa97e Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 19 Mar 2024 23:13:56 +0800 Subject: [PATCH 48/69] fix(woodpecker): CI_SYSTEM_ARCH env removed --- .woodpecker/build-linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index f411033..782d2f5 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -11,7 +11,7 @@ steps: - name: publish-linux image: bash commands: - - export VERSION=$([ -z $CI_COMMIT_TAG ] && echo latest || echo $CI_COMMIT_TAG)-$(sed 's#/#-#g' <<< $CI_SYSTEM_ARCH) + - export VERSION=$([ -z $CI_COMMIT_TAG ] && echo latest || echo $CI_COMMIT_TAG)-$(sed 's#/#-#g' <<< $CI_SYSTEM_PLATFORM) - echo $CONTAINER_PASSWORD | podman login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - make podman-build podman-immutable-push secrets: From 0f96e2a21de4d484bba4a914edd76b37d858aae1 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 20 Mar 2024 14:22:50 +0800 Subject: [PATCH 49/69] chore(charts): change canary app version --- .woodpecker/chart.yaml | 4 ++-- charts/registry/templates/registry-cronjob-daily.yaml | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml index 20f9ea9..5aa7eb3 100644 --- a/.woodpecker/chart.yaml +++ b/.woodpecker/chart.yaml @@ -8,7 +8,7 @@ steps: commands: - export VERSION=$(sed 's#v##' <<< $CI_COMMIT_TAG) - export IMAGE_TAG=$([ ! -z $CI_COMMIT_TAG ] && echo \"$VERSION\" || echo \"canary\") - - export APP_VERSION=$([ ! -z $CI_COMMIT_TAG ] && echo $VERSION || echo 1.0.0) + - export APP_VERSION=$([ -z $CI_COMMIT_TAG ] && echo $CI_COMMIT_SHA || echo $VERSION) - export CHART_VERSION=$([ -z $CI_COMMIT_TAG ] && echo 1.0.0 || echo $VERSION) - sed -i "s/imageTag:\ \"canary\"/imageTag:\ $IMAGE_TAG/g" charts/$${CI_REPO_NAME}/values.yaml - helm package -u charts/$${CI_REPO_NAME} --version $CHART_VERSION --app-version $APP_VERSION @@ -25,4 +25,4 @@ steps: - tag depends_on: -- manifest \ No newline at end of file +- manifest diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index ff3578c..a854722 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -37,11 +37,12 @@ spec: args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 14 }} {{- else }} args: - - /bin/boot - - garbage-collect - - $(DRYCC_REGISTRY_CONFIG) - - --dry-run - - --delete-untagged + - /usr/bin/env + - bash + - -ec + - | + # run garbage collect + boot garbage-collect ${DRYCC_REGISTRY_CONFIG} --dry-run --delete-untagged {{- end }} {{- include "registry.envs" . | indent 12 }} {{- end }} From 9314abbce22acccd6b88acebf51a0166a03ea1ea Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 15 Nov 2024 11:37:25 +0800 Subject: [PATCH 50/69] chore(mc): bump version to 2024.11.05.11.29.45 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index cc66961..4c354ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,8 +14,8 @@ FROM registry.drycc.cc/drycc/base:${CODENAME} ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ - JQ_VERSION="1.7" \ - MC_VERSION="2023.09.20.15.22.31" \ + JQ_VERSION="1.7.1" \ + MC_VERSION="2024.11.05.11.29.45" \ REGISTRY_VERSION="2.8.3" COPY rootfs/bin/ /bin/ From ad8ef8024416d0567708532f4ae0b8f4c787bc17 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 23 Dec 2024 14:16:34 +0800 Subject: [PATCH 51/69] fix(wooddpecker): secsets are deprecated --- .woodpecker/build-linux.yml | 17 +++++++++++------ .woodpecker/chart.yaml | 14 +++++++++----- .woodpecker/manifest.yml | 13 ++++++++----- .woodpecker/test-linux.yml | 8 +++++--- 4 files changed, 33 insertions(+), 19 deletions(-) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index 782d2f5..3424a97 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -14,12 +14,17 @@ steps: - export VERSION=$([ -z $CI_COMMIT_TAG ] && echo latest || echo $CI_COMMIT_TAG)-$(sed 's#/#-#g' <<< $CI_SYSTEM_PLATFORM) - echo $CONTAINER_PASSWORD | podman login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - make podman-build podman-immutable-push - secrets: - - codename - - dev_registry - - drycc_registry - - container_username - - container_password + environment: + CODENAME: + from_secret: codename + DEV_REGISTRY: + from_secret: dev_registry + DRYCC_REGISTRY: + from_secret: drycc_registry + CONTAINER_USERNAME: + from_secret: container_username + CONTAINER_PASSWORD: + from_secret: container_password when: event: - push diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml index 5aa7eb3..40397e0 100644 --- a/.woodpecker/chart.yaml +++ b/.woodpecker/chart.yaml @@ -14,11 +14,15 @@ steps: - helm package -u charts/$${CI_REPO_NAME} --version $CHART_VERSION --app-version $APP_VERSION - echo $CONTAINER_PASSWORD | helm registry login $DRYCC_REGISTRY -u $CONTAINER_USERNAME --password-stdin - helm push $${CI_REPO_NAME}-$CHART_VERSION.tgz oci://$DRYCC_REGISTRY/$([ -z $CI_COMMIT_TAG ] && echo charts-testing || echo charts) - secrets: - - dev_registry - - drycc_registry - - container_username - - container_password + environment: + DEV_REGISTRY: + from_secret: dev_registry + DRYCC_REGISTRY: + from_secret: drycc_registry + CONTAINER_USERNAME: + from_secret: container_username + CONTAINER_PASSWORD: + from_secret: container_password when: event: - push diff --git a/.woodpecker/manifest.yml b/.woodpecker/manifest.yml index b4735ee..6a91aa3 100644 --- a/.woodpecker/manifest.yml +++ b/.woodpecker/manifest.yml @@ -8,8 +8,9 @@ steps: commands: - sed -i "s/{{project}}/$${CI_REPO_NAME}/g" .woodpecker/manifest.tmpl - sed -i "s/registry.drycc.cc/$${DRYCC_REGISTRY}/g" .woodpecker/manifest.tmpl - secrets: - - drycc_registry + environment: + DRYCC_REGISTRY: + from_secret: drycc_registry when: event: - tag @@ -26,9 +27,11 @@ steps: -v $(pwd):$(pwd) -w $(pwd) docker.io/plugins/manifest - secrets: - - container_username - - container_password + environment: + CONTAINER_USERNAME: + from_secret: container_username + CONTAINER_PASSWORD: + from_secret: container_password when: event: - tag diff --git a/.woodpecker/test-linux.yml b/.woodpecker/test-linux.yml index d47ccc5..0d5a93f 100644 --- a/.woodpecker/test-linux.yml +++ b/.woodpecker/test-linux.yml @@ -12,9 +12,11 @@ steps: image: bash commands: - make test - secrets: - - codename - - dev_registry + environment: + CODENAME: + from_secret: codename + DEV_REGISTRY: + from_secret: dev_registry when: event: - push From f4269c6a06f158cf30465a3b5c2ad3ed99122fd1 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 2 Apr 2025 11:52:03 +0800 Subject: [PATCH 52/69] chore(registry): add cron event --- .woodpecker/build-linux.yml | 1 + .woodpecker/chart.yaml | 1 + .woodpecker/manifest.yml | 2 ++ .woodpecker/test-linux.yml | 1 + 4 files changed, 5 insertions(+) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index 3424a97..ef4ecfd 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -29,6 +29,7 @@ steps: event: - push - tag + - cron depends_on: - test-linux \ No newline at end of file diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml index 40397e0..cfcd3ec 100644 --- a/.woodpecker/chart.yaml +++ b/.woodpecker/chart.yaml @@ -27,6 +27,7 @@ steps: event: - push - tag + - cron depends_on: - manifest diff --git a/.woodpecker/manifest.yml b/.woodpecker/manifest.yml index 6a91aa3..19fc70c 100644 --- a/.woodpecker/manifest.yml +++ b/.woodpecker/manifest.yml @@ -15,6 +15,7 @@ steps: event: - tag - push + - cron - name: publish-manifest image: bash @@ -36,6 +37,7 @@ steps: event: - tag - push + - cron depends_on: - build-linux diff --git a/.woodpecker/test-linux.yml b/.woodpecker/test-linux.yml index 0d5a93f..194832f 100644 --- a/.woodpecker/test-linux.yml +++ b/.woodpecker/test-linux.yml @@ -21,3 +21,4 @@ steps: event: - push - tag + - cron From 42ac284cd4cff4f202d5b1fdf4e35f4a8f0936eb Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 2 Apr 2025 12:40:12 +0800 Subject: [PATCH 53/69] fix(test): s3 api error --- Dockerfile | 2 +- contrib/ci/s3.json | 10 ---------- contrib/ci/start-s3.sh | 7 ------- contrib/ci/test.sh | 18 ++++++++---------- 4 files changed, 9 insertions(+), 28 deletions(-) delete mode 100644 contrib/ci/s3.json delete mode 100755 contrib/ci/start-s3.sh diff --git a/Dockerfile b/Dockerfile index 4c354ff..94400a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ - MC_VERSION="2024.11.05.11.29.45" \ + MC_VERSION="2025.03.12.17.29.24" \ REGISTRY_VERSION="2.8.3" COPY rootfs/bin/ /bin/ diff --git a/contrib/ci/s3.json b/contrib/ci/s3.json deleted file mode 100644 index c34dd33..0000000 --- a/contrib/ci/s3.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "identities": [{ - "name": "drycc", - "credentials": [{ - "accessKey": "$DRYCC_STORAGE_ACCESSKEY", - "secretKey": "$DRYCC_STORAGE_SECRETKEY" - }], - "actions": ["Admin", "Read", "List", "Tagging", "Write"] - }] -} \ No newline at end of file diff --git a/contrib/ci/start-s3.sh b/contrib/ci/start-s3.sh deleted file mode 100755 index 55b5092..0000000 --- a/contrib/ci/start-s3.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash -eval "cat </etc/seaweedfs/s3.json -$( cat /tmp/weed/s3.json ) -EOF -" 2> /dev/null - -weed server -dir=/data -s3 -s3.config=/etc/seaweedfs/s3.json diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index d2fc18e..f1d8c7f 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -2,22 +2,20 @@ set -eoxf pipefail -BASE_DIR=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")") DRYCC_STORAGE_ACCESSKEY=f4c4281665bc11ee8e0400163e04a9cd DRYCC_STORAGE_SECRETKEY=f4c4281665bc11ee8e0400163e04a9cd -STORAGE_JOB=$(podman run -d --entrypoint init-stack -p 8333:8333 \ - -v "${BASE_DIR}":/tmp/weed \ - -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ - -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ - "${DEV_REGISTRY}"/drycc/storage:canary /tmp/weed/start-s3.sh) +STORAGE_JOB=$(podman run -d --entrypoint init-stack \ + -e MINIO_ROOT_USER="${DRYCC_STORAGE_ACCESSKEY}" \ + -e MINIO_ROOT_PASSWORD="${DRYCC_STORAGE_SECRETKEY}" \ + "${DEV_REGISTRY}"/drycc/storage:canary minio server /data) # wait for port STORAGE_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${STORAGE_JOB}") -echo -e "\\033[32m---> Waitting for ${STORAGE_IP}:8333\\033[0m" -wait-for-port --host="${STORAGE_IP}" 8333 -echo -e "\\033[32m---> S3 service ${STORAGE_IP}:8333 ready...\\033[0m" +echo -e "\\033[32m---> Waitting for ${STORAGE_IP}:9000\\033[0m" +wait-for-port --host="${STORAGE_IP}" 9000 +echo -e "\\033[32m---> S3 service ${STORAGE_IP}:9000 ready...\\033[0m" podman logs "${STORAGE_JOB}" JOB=$(podman run -d \ @@ -27,7 +25,7 @@ JOB=$(podman run -d \ -e DRYCC_REGISTRY_PASSWORD=admin \ -e DRYCC_STORAGE_LOOKUP=path \ -e DRYCC_STORAGE_BUCKET=registry \ - -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:8333" \ + -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:9000" \ -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ "$1") From f61f709f22d1fe7ca2680c8057965e93ceb9f87c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 2 Apr 2025 16:17:42 +0800 Subject: [PATCH 54/69] chore(registry): bump registry to 3.0.0 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 94400a6..46bca6d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ ENV DRYCC_UID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ MC_VERSION="2025.03.12.17.29.24" \ - REGISTRY_VERSION="2.8.3" + REGISTRY_VERSION="3.0.0" COPY rootfs/bin/ /bin/ COPY --from=build /bin/boot /bin/boot From eeb812fbaa4cb249bef288e25fdf2f175779f4d5 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 2 Apr 2025 17:03:42 +0800 Subject: [PATCH 55/69] fix(registry): env REGISTRY_VERSION conflicts --- main.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/main.go b/main.go index 07ff818..956f6c1 100644 --- a/main.go +++ b/main.go @@ -67,6 +67,8 @@ func main() { if err := cmd.Run(); err != nil { log.Fatal("Error creating the registry bucket: ", err) } + // avoid conflicts with env variables + os.Unsetenv("REGISTRY_VERSION") if len(os.Args) > 1 { cmd = exec.Command(registryBinary, os.Args[1:]...) } else { From d159e8e97df8c5b65ee027979335d77f9207f6ea Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 8 Apr 2025 11:32:51 +0800 Subject: [PATCH 56/69] chore(mc): bump mc version to 2025.04.03.17.07.56 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 46bca6d..7dbc46b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ - MC_VERSION="2025.03.12.17.29.24" \ + MC_VERSION="2025.04.03.17.07.56" \ REGISTRY_VERSION="3.0.0" COPY rootfs/bin/ /bin/ From 7b889aa745b4647fd9e0ea5b09f0ac24038fa0ba Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 6 May 2025 17:41:57 +0800 Subject: [PATCH 57/69] chore(registry): add registry proxy --- .gitignore | 2 +- Dockerfile | 17 +-- README.md | 10 +- .../templates/registry-deployment.yaml | 3 + .../templates/registry-proxy-daemonset.yaml | 112 ++++++++++++++++++ charts/registry/values.yaml | 2 + contrib/ci/test.sh | 43 +++++-- main.go | 4 +- rootfs/bin/{init_registry => init-registry} | 0 rootfs/bin/start-proxy | 18 +++ rootfs/opt/drycc/nginx/conf/nginx.conf | 22 ++++ rootfs/opt/drycc/nginx/conf/registry.conf.tpl | 24 ++++ 12 files changed, 236 insertions(+), 21 deletions(-) create mode 100644 charts/registry/templates/registry-proxy-daemonset.yaml rename rootfs/bin/{init_registry => init-registry} (100%) create mode 100755 rootfs/bin/start-proxy create mode 100644 rootfs/opt/drycc/nginx/conf/nginx.conf create mode 100644 rootfs/opt/drycc/nginx/conf/registry.conf.tpl diff --git a/.gitignore b/.gitignore index 1b73338..e5361b7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -rootfs/opt/ contrib/ci/tmp/ .vscode/ +rootfs/opt/registry/sbin \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 7dbc46b..e14594f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,8 @@ ARG LDFLAGS ADD . /workspace RUN export GO111MODULE=on \ && cd /workspace \ - && CGO_ENABLED=0 init-stack go build -ldflags "${LDFLAGS}" -o /bin/boot main.go \ - && upx -9 --brute /bin/boot + && CGO_ENABLED=0 init-stack go build -ldflags "${LDFLAGS}" -o /bin/start-registry main.go \ + && upx -9 --brute /bin/start-registry FROM registry.drycc.cc/drycc/base:${CODENAME} @@ -16,18 +16,16 @@ ENV DRYCC_UID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ MC_VERSION="2025.04.03.17.07.56" \ + NGINX_VERSION="1.25.1" \ REGISTRY_VERSION="3.0.0" -COPY rootfs/bin/ /bin/ -COPY --from=build /bin/boot /bin/boot - RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \ && install-packages apache2-utils \ && install-stack jq $JQ_VERSION \ && install-stack mc $MC_VERSION \ + && install-stack nginx ${NGINX_VERSION} \ && install-stack registry $REGISTRY_VERSION \ - && chmod +x /bin/init_registry \ && rm -rf \ /usr/share/doc \ /usr/share/man \ @@ -42,12 +40,15 @@ RUN groupadd drycc --gid ${DRYCC_GID} \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \ && mkdir -p /usr/share/man/man{1..8} \ - && chown -R ${DRYCC_UID}:${DRYCC_GID} ${DRYCC_HOME_DIR} + && chown -R ${DRYCC_UID}:${DRYCC_GID} /opt/drycc +COPY --from=build /bin/start-registry /bin/start-registry +COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/bin/ /bin/ +COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/opt/drycc/nginx /opt/drycc/nginx COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/config-example.yml /opt/drycc/registry/etc/config.yml + ENV DRYCC_REGISTRY_CONFIG /opt/drycc/registry/etc/config.yml USER ${DRYCC_UID} VOLUME ["${DRYCC_HOME_DIR}"] -CMD ["/bin/boot"] EXPOSE 5000 diff --git a/README.md b/README.md index 5e9ea3d..ae7eea3 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,15 @@ We welcome your input! If you have feedback, please submit an [issue][issues]. I # About -The registry is a [Container registry](https://github.com/distribution/distribution) component for use in Kubernetes. While it's intended for use inside of the Drycc open source [PaaS](https://en.wikipedia.org/wiki/Platform_as_a_service), it's flexible enough to be used as a standalone pod on any Kubernetes cluster. +Registry consists of two components, namely the proxy component and the registry component. + +## Proxy + +The proxy component is a proxy deployed on every Kubernetes worker node, proxying all requests to the Drycc Workflow [registry][registry]. This allows the worker nodes daemons to communicate to the registry over localhost, bypassing the need for adding the `--insecure-registry` flag to the daemons. + +## Registry + +The registry component is a [Container registry](https://github.com/distribution/distribution) component for use in Kubernetes. While it's intended for use inside of the Drycc open source [PaaS](https://en.wikipedia.org/wiki/Platform_as_a_service), it's flexible enough to be used as a standalone pod on any Kubernetes cluster. If you decide to use this component standalone, you can host your own Container registry in your own Kubernetes cluster. diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 5ce2257..e1c619c 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -44,6 +44,9 @@ spec: {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }} args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }} + {{- else }} + args: + - start-registry {{- end }} {{- include "registry.limits" . | indent 8 }} {{- include "registry.envs" . | indent 8 }} diff --git a/charts/registry/templates/registry-proxy-daemonset.yaml b/charts/registry/templates/registry-proxy-daemonset.yaml new file mode 100644 index 0000000..971231b --- /dev/null +++ b/charts/registry/templates/registry-proxy-daemonset.yaml @@ -0,0 +1,112 @@ +{{- if eq .Values.global.registryLocation "on-cluster" }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: drycc-registry-proxy + labels: + heritage: drycc + annotations: + component.drycc.cc/version: {{ .Values.imageTag }} +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: drycc-registry-proxy + heritage: drycc + template: + metadata: + name: drycc-registry-proxy + labels: + heritage: drycc + app: drycc-registry-proxy + spec: + securityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 + initContainers: + - name: drycc-registry-init + image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest + imagePullPolicy: {{.Values.imagePullPolicy}} + args: + - netcat + - -v + - -a + - $(DRYCC_REGISTRY_HOST) + env: + - name: "DRYCC_REGISTRY_HOST" + valueFrom: + secretKeyRef: + name: registry-secret + key: host + containers: + - name: drycc-registry-proxy + image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} + imagePullPolicy: {{.Values.imagePullPolicy}} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }} + {{- else }} + args: + - start-proxy + {{- end }} + {{- if or (.Values.limitsCpu) (.Values.limitsMemory)}} + resources: + limits: + {{- if (.Values.limitsCpu) }} + cpu: {{.Values.limitsCpu}} + {{- end}} + {{- if (.Values.limitsMemory) }} + memory: {{.Values.limitsMemory}} + {{- end}} + {{- end}} + {{- if not .Values.diagnosticMode.enabled }} + startupProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + livenessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + {{- end }} + env: + - name: "DRYCC_REGISTRY_HOST" + valueFrom: + secretKeyRef: + name: registry-secret + key: host + - name: "DRYCC_REGISTRY_USERNAME" + valueFrom: + secretKeyRef: + name: registry-secret + key: username + - name: "DRYCC_REGISTRY_PASSWORD" + valueFrom: + secretKeyRef: + name: registry-secret + key: password + ports: + - containerPort: 8080 + hostPort: {{.Values.proxyPort}} +{{- end }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index af87d91..f57b5eb 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -40,6 +40,8 @@ podAntiAffinityPreset: replicas: 1 # registry storage redirect redirect: "false" +# host port for the registry proxy in the daemonset +proxyPort: 5555 concurrencyPolicy: "Replace" diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index f1d8c7f..c7241af 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -6,7 +6,7 @@ DRYCC_STORAGE_ACCESSKEY=f4c4281665bc11ee8e0400163e04a9cd DRYCC_STORAGE_SECRETKEY=f4c4281665bc11ee8e0400163e04a9cd -STORAGE_JOB=$(podman run -d --entrypoint init-stack \ +STORAGE_JOB=$(podman run -d --rm --entrypoint init-stack \ -e MINIO_ROOT_USER="${DRYCC_STORAGE_ACCESSKEY}" \ -e MINIO_ROOT_PASSWORD="${DRYCC_STORAGE_SECRETKEY}" \ "${DEV_REGISTRY}"/drycc/storage:canary minio server /data) @@ -18,7 +18,7 @@ wait-for-port --host="${STORAGE_IP}" 9000 echo -e "\\033[32m---> S3 service ${STORAGE_IP}:9000 ready...\\033[0m" podman logs "${STORAGE_JOB}" -JOB=$(podman run -d \ +REGISTRY_JOB=$(podman run -d --rm \ -e REGISTRY_HTTP_SECRET=drycc \ -e DRYCC_REGISTRY_REDIRECT=false \ -e DRYCC_REGISTRY_USERNAME=admin \ @@ -28,23 +28,48 @@ JOB=$(podman run -d \ -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:9000" \ -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ - "$1") + "$1" start-registry) # shellcheck disable=SC2317 function clean_before_exit { # delay before exiting, so stdout/stderr flushes through the logging system - podman kill "${JOB}" + podman kill "${REGISTRY_JOB}" podman kill "${STORAGE_JOB}" - podman rm -f "${JOB}" "${STORAGE_JOB}" + podman kill "${PROXY_JOB}" } trap clean_before_exit EXIT # let the registry run for a few seconds -REGISTRY_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${JOB}") +REGISTRY_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${REGISTRY_JOB}") echo -e "\\033[32m---> Waitting for ${REGISTRY_IP}:5000\\033[0m" wait-for-port --host="${REGISTRY_IP}" 5000 echo -e "\\033[32m---> S3 service ${REGISTRY_IP}:5000 ready...\\033[0m" + +# proxy job +PROXY_JOB=$(podman run -d \ + -p 15555:8080 \ + -e DRYCC_REGISTRY_HOST="${REGISTRY_IP}:5000" \ + -e DRYCC_REGISTRY_USERNAME=admin \ + -e DRYCC_REGISTRY_PASSWORD=admin \ + "$1" start-proxy) + +# let the registry proxy run for a few seconds +REGISTRY_PROXY_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${PROXY_JOB}") +echo -e "\\033[32m---> Waitting for ${REGISTRY_PROXY_IP}:8080\\033[0m" +wait-for-port --host="${REGISTRY_PROXY_IP}" 8080 +echo -e "\\033[32m---> S3 service ${REGISTRY_PROXY_IP}:8080 ready...\\033[0m" + # check that the registry is still up -podman tag "$1" "${REGISTRY_IP}:5000/registry:canary" -echo admin | podman login "${REGISTRY_IP}:5000" --tls-verify=false --username admin --password-stdin > /dev/null 2>&1 -podman push "${REGISTRY_IP}:5000/registry:canary" --tls-verify=false +http_status_code=$(curl -X GET -s -o /dev/null -w "%{http_code}" "http://${REGISTRY_PROXY_IP}:8080/v2/") +if [ "$http_status_code" != "200" ]; then + echo "Expected http status code: 200, actual: ${http_status_code}" + exit 1 +fi + +http_status_code=$(curl -X POST -s -o /dev/null -w "%{http_code}" "http://${REGISTRY_PROXY_IP}:8080/v2/") +if [ "$http_status_code" != "403" ]; then + echo "Expected http status code: 403, actual: ${http_status_code}" + exit 1 +fi + +echo -e "\\033[32m---> All test success...\\033[0m" \ No newline at end of file diff --git a/main.go b/main.go index 956f6c1..13718e0 100644 --- a/main.go +++ b/main.go @@ -57,11 +57,11 @@ func main() { os.Setenv("REGISTRY_VALIDATION_DISABLED", "true") os.Setenv("REGISTRY_STORAGE_S3_ROOTDIRECTORY", "/registry") - // run /bin/init_registry + // run /bin/init-registry os.Setenv("REGISTRY_AUTH", "htpasswd") os.Setenv("REGISTRY_AUTH_HTPASSWD_REALM", "basic-realm") os.Setenv("REGISTRY_AUTH_HTPASSWD_PATH", registryHtpasswd) - cmd := exec.Command("/bin/init_registry") + cmd := exec.Command("/bin/init-registry") cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr if err := cmd.Run(); err != nil { diff --git a/rootfs/bin/init_registry b/rootfs/bin/init-registry similarity index 100% rename from rootfs/bin/init_registry rename to rootfs/bin/init-registry diff --git a/rootfs/bin/start-proxy b/rootfs/bin/start-proxy new file mode 100755 index 0000000..5354551 --- /dev/null +++ b/rootfs/bin/start-proxy @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +REGISTRY_HOST=${DRYCC_REGISTRY_HOST:?no host} +AUTHORIZATION=$(echo -ne "${DRYCC_REGISTRY_USERNAME:? no username}":"${DRYCC_REGISTRY_PASSWORD:? no password}" | base64 -w 0) + +cat /opt/drycc/nginx/conf/registry.conf.tpl > /opt/drycc/nginx/conf/registry.conf +sed -i "s#%REGISTRY_HOST%#${REGISTRY_HOST}#g" /opt/drycc/nginx/conf/registry.conf +sed -i "s#%AUTHORIZATION%#${AUTHORIZATION}#g" /opt/drycc/nginx/conf/registry.conf + +# wait for registry to come online +while ! curl -sS "$REGISTRY_HOST" &>/dev/null; do + echo "waiting for the registry (%s) to come online..." + echo "$REGISTRY_HOST" + sleep 1 +done + +echo "starting registry-proxy..." +exec nginx -g "daemon off;" diff --git a/rootfs/opt/drycc/nginx/conf/nginx.conf b/rootfs/opt/drycc/nginx/conf/nginx.conf new file mode 100644 index 0000000..bd3f31d --- /dev/null +++ b/rootfs/opt/drycc/nginx/conf/nginx.conf @@ -0,0 +1,22 @@ +worker_processes 1; + +error_log /dev/stderr warn; +pid /opt/drycc/nginx/logs/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /opt/drycc/nginx/conf/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout main; + sendfile on; + keepalive_timeout 65; + include /opt/drycc/nginx/conf/registry.conf; +} diff --git a/rootfs/opt/drycc/nginx/conf/registry.conf.tpl b/rootfs/opt/drycc/nginx/conf/registry.conf.tpl new file mode 100644 index 0000000..627f2f2 --- /dev/null +++ b/rootfs/opt/drycc/nginx/conf/registry.conf.tpl @@ -0,0 +1,24 @@ +upstream container-registry { + server %REGISTRY_HOST%; +} + +server { + listen 8080; + server_name localhost; + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) + chunked_transfer_encoding on; + location / { + proxy_pass http://container-registry; + proxy_set_header Host $http_host; # required for container client's sake + proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 900; + proxy_set_header Authorization "Basic %AUTHORIZATION%"; + limit_except GET HEAD OPTIONS { + deny all; + } + } +} \ No newline at end of file From 63d60da785721ef3246fa50a359b486b966af99c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 7 May 2025 18:05:16 +0800 Subject: [PATCH 58/69] chore(charts): use condition --- charts/registry/templates/_helper.tpl | 36 +++++++++++++------ .../templates/registry-cronjob-daily.yaml | 2 -- .../templates/registry-deployment.yaml | 2 -- .../templates/registry-proxy-daemonset.yaml | 12 ++----- .../registry/templates/registry-secret.yaml | 16 ++++----- .../templates/registry-service-account.yaml | 2 -- .../registry/templates/registry-service.yaml | 2 -- charts/registry/values.yaml | 13 +++++-- contrib/ci/test.sh | 1 - 9 files changed, 44 insertions(+), 42 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index a4e066b..2b013c9 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -4,11 +4,6 @@ env: value: "true" - name: REGISTRY_LOG_LEVEL value: info -- name: "REGISTRY_HTTP_SECRET" - valueFrom: - secretKeyRef: - name: registry-secret - key: secret - name: "DRYCC_REGISTRY_REDIRECT" valueFrom: secretKeyRef: @@ -24,21 +19,39 @@ env: secretKeyRef: name: registry-secret key: password +{{- if (.Values.storageEndpoint) }} - name: "DRYCC_STORAGE_LOOKUP" valueFrom: secretKeyRef: - name: storage-creds - key: lookup + name: registry-secret + key: storage-lookup - name: "DRYCC_STORAGE_BUCKET" valueFrom: secretKeyRef: - name: storage-creds - key: registry-bucket + name: registry-secret + key: storage-bucket - name: "DRYCC_STORAGE_ENDPOINT" valueFrom: secretKeyRef: - name: storage-creds - key: endpoint + name: registry-secret + key: storage-endpoint +- name: "DRYCC_STORAGE_ACCESSKEY" + valueFrom: + secretKeyRef: + name: registry-secret + key: storage-accesskey +- name: "DRYCC_STORAGE_SECRETKEY" + valueFrom: + secretKeyRef: + name: registry-secret + key: storage-secretkey +{{- else if .Values.storage.enabled }} +- name: "DRYCC_STORAGE_LOOKUP" + value: "path" +- name: "DRYCC_STORAGE_BUCKET" + value: "registry" +- name: "DRYCC_STORAGE_ENDPOINT" + value: {{ printf "http://drycc-storage.%s.svc.%s:9000" .Release.Namespace .Values.global.clusterDomain }} - name: "DRYCC_STORAGE_ACCESSKEY" valueFrom: secretKeyRef: @@ -50,6 +63,7 @@ env: name: storage-creds key: secretkey {{- end }} +{{- end }} {{/* Generate registry deployment limits */}} {{- define "registry.limits" -}} diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index a854722..d052868 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -1,4 +1,3 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: batch/v1 kind: CronJob metadata: @@ -45,4 +44,3 @@ spec: boot garbage-collect ${DRYCC_REGISTRY_CONFIG} --dry-run --delete-untagged {{- end }} {{- include "registry.envs" . | indent 12 }} -{{- end }} diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index e1c619c..85e018b 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -1,4 +1,3 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: apps/v1 kind: Deployment metadata: @@ -91,4 +90,3 @@ spec: volumes: - name: registry-storage emptyDir: {} -{{- end }} diff --git a/charts/registry/templates/registry-proxy-daemonset.yaml b/charts/registry/templates/registry-proxy-daemonset.yaml index 971231b..49167fb 100644 --- a/charts/registry/templates/registry-proxy-daemonset.yaml +++ b/charts/registry/templates/registry-proxy-daemonset.yaml @@ -1,4 +1,3 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -36,10 +35,7 @@ spec: - $(DRYCC_REGISTRY_HOST) env: - name: "DRYCC_REGISTRY_HOST" - valueFrom: - secretKeyRef: - name: registry-secret - key: host + value: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain }} containers: - name: drycc-registry-proxy image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} @@ -92,10 +88,7 @@ spec: {{- end }} env: - name: "DRYCC_REGISTRY_HOST" - valueFrom: - secretKeyRef: - name: registry-secret - key: host + value: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain }} - name: "DRYCC_REGISTRY_USERNAME" valueFrom: secretKeyRef: @@ -109,4 +102,3 @@ spec: ports: - containerPort: 8080 hostPort: {{.Values.proxyPort}} -{{- end }} diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index 743f047..9621da9 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -4,17 +4,15 @@ metadata: name: registry-secret labels: heritage: drycc - annotations: - drycc.cc/registry-location: "{{ .Values.global.registryLocation }}" type: Opaque data: - {{- if eq .Values.global.registryLocation "on-cluster" }} - host: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain | b64enc }} - secret: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "secret" "defaultValue" (randAlphaNum 32) "context" $) }} - {{- else }} - host: {{ .Values.host | b64enc }} - organization: {{ .Values.organization | b64enc }} - {{- end }} username: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "username" "defaultValue" (.Values.username | default (randAlphaNum 32)) "context" $) }} password: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "password" "defaultValue" (.Values.password | default (randAlphaNum 32)) "context" $) }} redirect: {{ .Values.redirect | b64enc }} + {{- if (.Values.storageEndpoint) }} + storage-lookup: {{ .Values.storageLookup | b64enc }} + storage-bucket: {{ .Values.storageBucket | b64enc }} + storage-endpoint: {{ .Values.storageEndpoint | b64enc }} + storage-accesskey: {{ .Values.storageAccesskey | b64enc }} + storage-secretkey: {{ .Values.storageSecretkey | b64enc }} + {{- end }} diff --git a/charts/registry/templates/registry-service-account.yaml b/charts/registry/templates/registry-service-account.yaml index 3766311..a3b2b78 100644 --- a/charts/registry/templates/registry-service-account.yaml +++ b/charts/registry/templates/registry-service-account.yaml @@ -1,8 +1,6 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: v1 kind: ServiceAccount metadata: name: drycc-registry labels: heritage: drycc -{{- end }} diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index 6b6d579..1ac9221 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -1,4 +1,3 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: v1 kind: Service metadata: @@ -14,4 +13,3 @@ spec: selector: app: drycc-registry sessionAffinity: ClientIP -{{- end }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index f57b5eb..232250f 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -45,10 +45,17 @@ proxyPort: 5555 concurrencyPolicy: "Replace" +# The following parameters will no longer use the built-in storage component. +storageLookup: "auto" +storageBucket: "builder" +storageEndpoint: "" +storageAccesskey: "" +storageSecretkey: "" + +storage: + enabled: true + # Service service: # Provide any additional service annotations annotations: {} - -global: - registryLocation: "on-cluster" diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index c7241af..58ec868 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -19,7 +19,6 @@ echo -e "\\033[32m---> S3 service ${STORAGE_IP}:9000 ready...\\033[0m" podman logs "${STORAGE_JOB}" REGISTRY_JOB=$(podman run -d --rm \ - -e REGISTRY_HTTP_SECRET=drycc \ -e DRYCC_REGISTRY_REDIRECT=false \ -e DRYCC_REGISTRY_USERNAME=admin \ -e DRYCC_REGISTRY_PASSWORD=admin \ From 7a03f6824da6395eda2715b2fa2cc9e6facb2e3f Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 8 May 2025 13:55:31 +0800 Subject: [PATCH 59/69] chore(storage): add check storage --- rootfs/bin/init-registry | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index a3a6041..2b762a0 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -13,6 +13,8 @@ has_bucket(){ mc ls storage -json|jq -r '.key'|grep -w "${DRYCC_STORAGE_BUCKET}" } +mc ping storage -x + if [ -z "$(has_bucket)" ] ;then mc mb storage/"${DRYCC_STORAGE_BUCKET}" if [ -z "$(has_bucket)" ] ;then From 0883f1ea605ebe3d1b5a4161d4d63a672557f6c4 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 8 May 2025 14:34:40 +0800 Subject: [PATCH 60/69] chore(storage): add prometheus metrics --- Dockerfile | 3 ++- charts/registry/templates/_helper.tpl | 5 +++++ charts/registry/templates/registry-secret.yaml | 1 + charts/registry/templates/registry-service.yaml | 3 +++ rootfs/config-example.yml | 5 +++++ 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e14594f..823b551 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,7 +47,8 @@ COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/bin/ /bin/ COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/opt/drycc/nginx /opt/drycc/nginx COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/config-example.yml /opt/drycc/registry/etc/config.yml -ENV DRYCC_REGISTRY_CONFIG /opt/drycc/registry/etc/config.yml +ENV OTEL_TRACES_EXPORTER=none \ + DRYCC_REGISTRY_CONFIG=/opt/drycc/registry/etc/config.yml USER ${DRYCC_UID} VOLUME ["${DRYCC_HOME_DIR}"] diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 2b013c9..05a6d7d 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -4,6 +4,11 @@ env: value: "true" - name: REGISTRY_LOG_LEVEL value: info +- name: "REGISTRY_HTTP_SECRET" + valueFrom: + secretKeyRef: + name: registry-secret + key: secret - name: "DRYCC_REGISTRY_REDIRECT" valueFrom: secretKeyRef: diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index 9621da9..7b396d5 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -6,6 +6,7 @@ metadata: heritage: drycc type: Opaque data: + secret: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "secret" "defaultValue" (randAlphaNum 32) "context" $) }} username: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "username" "defaultValue" (.Values.username | default (randAlphaNum 32)) "context" $) }} password: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "password" "defaultValue" (.Values.password | default (randAlphaNum 32)) "context" $) }} redirect: {{ .Values.redirect | b64enc }} diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index 1ac9221..69e78bc 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -3,6 +3,9 @@ kind: Service metadata: name: drycc-registry annotations: + prometheus.io/path: /metrics + prometheus.io/port: "9000" + prometheus.io/scrape: "true" {{- with .Values.service.annotations }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/rootfs/config-example.yml b/rootfs/config-example.yml index 3277f9a..a55566c 100644 --- a/rootfs/config-example.yml +++ b/rootfs/config-example.yml @@ -9,6 +9,11 @@ storage: rootdirectory: /var/lib/registry http: addr: :5000 + debug: + addr: :9000 + prometheus: + enabled: true + path: /metrics headers: X-Content-Type-Options: [nosniff] health: From beef8abe3d339c9d739c5900bb29020db76ecd16 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 12 May 2025 09:34:54 +0800 Subject: [PATCH 61/69] chore(charts): change resources format --- charts/registry/templates/_helper.tpl | 20 ------------ .../templates/registry-deployment.yaml | 5 ++- .../templates/registry-proxy-daemonset.yaml | 14 +++------ charts/registry/values.yaml | 31 ++++++++++++++++--- 4 files changed, 35 insertions(+), 35 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 05a6d7d..208561e 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -69,23 +69,3 @@ env: key: secretkey {{- end }} {{- end }} - -{{/* Generate registry deployment limits */}} -{{- define "registry.limits" -}} -{{- if or (.Values.limitsCpu) (.Values.limitsMemory)}} -resources: - limits: - {{- if (.Values.limitsCpu) }} - cpu: {{.Values.limitsCpu}} - {{- end }} - {{- if (.Values.limitsMemory) }} - memory: {{.Values.limitsMemory}} - {{- end }} - {{- if (.Values.limitsHugepages2Mi) }} - hugepages-2Mi: {{.Values.limitsHugepages2Mi}} - {{- end }} - {{- if (.Values.limitsHugepages1Gi) }} - hugepages-1Gi: {{.Values.limitsHugepages1Gi}} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 85e018b..dc362e3 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -47,7 +47,10 @@ spec: args: - start-registry {{- end }} - {{- include "registry.limits" . | indent 8 }} + {{- with index .Values "resources" }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} {{- include "registry.envs" . | indent 8 }} {{- if not .Values.diagnosticMode.enabled }} startupProbe: diff --git a/charts/registry/templates/registry-proxy-daemonset.yaml b/charts/registry/templates/registry-proxy-daemonset.yaml index 49167fb..2993c21 100644 --- a/charts/registry/templates/registry-proxy-daemonset.yaml +++ b/charts/registry/templates/registry-proxy-daemonset.yaml @@ -47,16 +47,10 @@ spec: args: - start-proxy {{- end }} - {{- if or (.Values.limitsCpu) (.Values.limitsMemory)}} + {{- with index .Values "proxy" "resources" }} resources: - limits: - {{- if (.Values.limitsCpu) }} - cpu: {{.Values.limitsCpu}} - {{- end}} - {{- if (.Values.limitsMemory) }} - memory: {{.Values.limitsMemory}} - {{- end}} - {{- end}} + {{- toYaml . | nindent 10 }} + {{- end }} {{- if not .Values.diagnosticMode.enabled }} startupProbe: httpGet: @@ -101,4 +95,4 @@ spec: key: password ports: - containerPort: 8080 - hostPort: {{.Values.proxyPort}} + hostPort: {{.Values.proxy.port}} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 232250f..282b25e 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -2,8 +2,6 @@ imageOrg: "drycc" imagePullPolicy: "Always" imageTag: "canary" imageRegistry: "registry.drycc.cc" -# limitsCpu: "100m" -# limitsMemory: "50Mi" ## Enable diagnostic mode ## @@ -40,8 +38,25 @@ podAntiAffinityPreset: replicas: 1 # registry storage redirect redirect: "false" -# host port for the registry proxy in the daemonset -proxyPort: 5555 + +proxy: + # host port for the registry proxy in the daemonset + port: 5555 + resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi + +resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi concurrencyPolicy: "Replace" @@ -59,3 +74,11 @@ storage: service: # Provide any additional service annotations annotations: {} + +resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi From 3070676f77bd6d46b22cf1d0a5bbc9dc60bd22dd Mon Sep 17 00:00:00 2001 From: lijianguo Date: Thu, 3 Jul 2025 16:11:54 +0800 Subject: [PATCH 62/69] Merge pull request #15 from jianxiaoguo/main chore(registry): update cronjob command --- charts/registry/templates/registry-cronjob-daily.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index d052868..442841b 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -41,6 +41,6 @@ spec: - -ec - | # run garbage collect - boot garbage-collect ${DRYCC_REGISTRY_CONFIG} --dry-run --delete-untagged + start-registry garbage-collect ${DRYCC_REGISTRY_CONFIG} --dry-run --delete-untagged {{- end }} {{- include "registry.envs" . | indent 12 }} From b8c0a9db3263799bd937c0e41542422296b0d2f2 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 11 Jul 2025 10:44:34 +0800 Subject: [PATCH 63/69] chore(registry): add --ignore-existing --- rootfs/bin/init-registry | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index 2b762a0..0c644fa 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -8,21 +8,8 @@ mc config host add storage \ "${DRYCC_STORAGE_SECRETKEY}" \ --lookup "${DRYCC_STORAGE_LOOKUP}" \ --api s3v4 - -has_bucket(){ - mc ls storage -json|jq -r '.key'|grep -w "${DRYCC_STORAGE_BUCKET}" -} - mc ping storage -x - -if [ -z "$(has_bucket)" ] ;then - mc mb storage/"${DRYCC_STORAGE_BUCKET}" - if [ -z "$(has_bucket)" ] ;then - echo "create bucket ${DRYCC_STORAGE_BUCKET} error" - exit 1 - fi -fi -echo "create bucket ${DRYCC_STORAGE_BUCKET} success" +mc mb --ignore-existing storage/"${DRYCC_STORAGE_BUCKET}" htpasswd -Bbn "${DRYCC_REGISTRY_USERNAME}" "${DRYCC_REGISTRY_PASSWORD}" > "${REGISTRY_AUTH_HTPASSWD_PATH}" echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" \ No newline at end of file From 2e6778db7e8f0e4a77f24a24929833fcedb78d76 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 15 Jul 2025 23:29:41 +0800 Subject: [PATCH 64/69] chore(charts): remove cluster domain --- charts/registry/templates/_helper.tpl | 2 +- charts/registry/templates/registry-proxy-daemonset.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 208561e..35b6554 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -56,7 +56,7 @@ env: - name: "DRYCC_STORAGE_BUCKET" value: "registry" - name: "DRYCC_STORAGE_ENDPOINT" - value: {{ printf "http://drycc-storage.%s.svc.%s:9000" .Release.Namespace .Values.global.clusterDomain }} + value: http://drycc-storage:9000 - name: "DRYCC_STORAGE_ACCESSKEY" valueFrom: secretKeyRef: diff --git a/charts/registry/templates/registry-proxy-daemonset.yaml b/charts/registry/templates/registry-proxy-daemonset.yaml index 2993c21..c83a364 100644 --- a/charts/registry/templates/registry-proxy-daemonset.yaml +++ b/charts/registry/templates/registry-proxy-daemonset.yaml @@ -35,7 +35,7 @@ spec: - $(DRYCC_REGISTRY_HOST) env: - name: "DRYCC_REGISTRY_HOST" - value: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain }} + value: drycc-registry:5000 containers: - name: drycc-registry-proxy image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} @@ -82,7 +82,7 @@ spec: {{- end }} env: - name: "DRYCC_REGISTRY_HOST" - value: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain }} + value: drycc-registry:5000 - name: "DRYCC_REGISTRY_USERNAME" valueFrom: secretKeyRef: From a7f785fcab21815c3a76e9d388e6bf1e794e81ac Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 22 Jul 2025 10:59:31 +0800 Subject: [PATCH 65/69] chore(storage): use path style replace lookup --- charts/registry/templates/_helper.tpl | 14 +++++++------- charts/registry/templates/registry-secret.yaml | 2 +- charts/registry/values.yaml | 2 +- contrib/ci/test.sh | 2 +- main.go | 4 ++-- rootfs/bin/init-registry | 6 +++--- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 35b6554..a0a03b9 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -25,11 +25,6 @@ env: name: registry-secret key: password {{- if (.Values.storageEndpoint) }} -- name: "DRYCC_STORAGE_LOOKUP" - valueFrom: - secretKeyRef: - name: registry-secret - key: storage-lookup - name: "DRYCC_STORAGE_BUCKET" valueFrom: secretKeyRef: @@ -50,9 +45,12 @@ env: secretKeyRef: name: registry-secret key: storage-secretkey +- name: "DRYCC_STORAGE_PATH_STYLE" + valueFrom: + secretKeyRef: + name: registry-secret + key: storage-path-style {{- else if .Values.storage.enabled }} -- name: "DRYCC_STORAGE_LOOKUP" - value: "path" - name: "DRYCC_STORAGE_BUCKET" value: "registry" - name: "DRYCC_STORAGE_ENDPOINT" @@ -67,5 +65,7 @@ env: secretKeyRef: name: storage-creds key: secretkey +- name: "DRYCC_STORAGE_PATH_STYLE" + value: "on" {{- end }} {{- end }} diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index 7b396d5..9fa12be 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -11,9 +11,9 @@ data: password: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "password" "defaultValue" (.Values.password | default (randAlphaNum 32)) "context" $) }} redirect: {{ .Values.redirect | b64enc }} {{- if (.Values.storageEndpoint) }} - storage-lookup: {{ .Values.storageLookup | b64enc }} storage-bucket: {{ .Values.storageBucket | b64enc }} storage-endpoint: {{ .Values.storageEndpoint | b64enc }} storage-accesskey: {{ .Values.storageAccesskey | b64enc }} storage-secretkey: {{ .Values.storageSecretkey | b64enc }} + storage-path-style: {{ .Values.storagePathStyle | b64enc }} {{- end }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 282b25e..87a2895 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -61,11 +61,11 @@ resources: {} concurrencyPolicy: "Replace" # The following parameters will no longer use the built-in storage component. -storageLookup: "auto" storageBucket: "builder" storageEndpoint: "" storageAccesskey: "" storageSecretkey: "" +storagePathStyle: "auto" storage: enabled: true diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 58ec868..896f63e 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -22,11 +22,11 @@ REGISTRY_JOB=$(podman run -d --rm \ -e DRYCC_REGISTRY_REDIRECT=false \ -e DRYCC_REGISTRY_USERNAME=admin \ -e DRYCC_REGISTRY_PASSWORD=admin \ - -e DRYCC_STORAGE_LOOKUP=path \ -e DRYCC_STORAGE_BUCKET=registry \ -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:9000" \ -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ + -e DRYCC_STORAGE_PATH_STYLE=on \ "$1" start-registry) # shellcheck disable=SC2317 diff --git a/main.go b/main.go index 13718e0..ef543e0 100644 --- a/main.go +++ b/main.go @@ -14,11 +14,11 @@ const ( registryHtpasswd = "/opt/drycc/registry/etc/htpasswd" registryConfigEnvVar = "DRYCC_REGISTRY_CONFIG" registryRedirectEnvVar = "DRYCC_REGISTRY_REDIRECT" - storageLookupEnvVar = "DRYCC_STORAGE_LOOKUP" storageBucketEnvVar = "DRYCC_STORAGE_BUCKET" storageEndpointEnvVar = "DRYCC_STORAGE_ENDPOINT" storageAccesskeyEnvVar = "DRYCC_STORAGE_ACCESSKEY" storageSecretkeyEnvVar = "DRYCC_STORAGE_SECRETKEY" + storagePathStyleEnvVar = "DRYCC_STORAGE_PATH_STYLE" defaultCommand = "serve" ) @@ -40,7 +40,7 @@ func main() { os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", os.Getenv(storageSecretkeyEnvVar)) os.Setenv("REGISTRY_STORAGE_S3_BUCKET", os.Getenv(storageBucketEnvVar)) - if os.Getenv(storageLookupEnvVar) == "path" { + if os.Getenv(storagePathStyleEnvVar) == "on" { os.Setenv("REGISTRY_STORAGE_S3_FORCEPATHSTYLE", "true") } diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index 0c644fa..cf0a674 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -2,12 +2,12 @@ set -e -mc config host add storage \ +mc alias set storage \ "${DRYCC_STORAGE_ENDPOINT}" \ "${DRYCC_STORAGE_ACCESSKEY}" \ "${DRYCC_STORAGE_SECRETKEY}" \ - --lookup "${DRYCC_STORAGE_LOOKUP}" \ - --api s3v4 + --path "${DRYCC_STORAGE_PATH_STYLE}" + mc ping storage -x mc mb --ignore-existing storage/"${DRYCC_STORAGE_BUCKET}" From d54e502b67b728b3c628a3b267777aeb120b6b2c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 2 Sep 2025 14:02:37 +0800 Subject: [PATCH 66/69] fix(shell): check storage ready --- rootfs/bin/init-registry | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index cf0a674..fbf570e 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -9,7 +9,12 @@ mc alias set storage \ --path "${DRYCC_STORAGE_PATH_STYLE}" mc ping storage -x +if ! mc admin info storage > /dev/null 2>&1; then + sleep 9s +else + mc ready storage +fi mc mb --ignore-existing storage/"${DRYCC_STORAGE_BUCKET}" htpasswd -Bbn "${DRYCC_REGISTRY_USERNAME}" "${DRYCC_REGISTRY_PASSWORD}" > "${REGISTRY_AUTH_HTPASSWD_PATH}" -echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" \ No newline at end of file +echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" From 78e4360cc297c0babccfa8311d73a56727ace3c1 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sat, 13 Sep 2025 23:31:38 +0800 Subject: [PATCH 67/69] chore(registry): bump new version --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 823b551..c7f5b3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,8 +15,8 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ - MC_VERSION="2025.04.03.17.07.56" \ - NGINX_VERSION="1.25.1" \ + MC_VERSION="2025.08.13.08.35.41" \ + NGINX_VERSION="1.29.1" \ REGISTRY_VERSION="3.0.0" RUN groupadd drycc --gid ${DRYCC_GID} \ From f866599a3ec14f56eaf50fe97c8b1edada0fc17c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 7 Nov 2025 10:18:27 +0800 Subject: [PATCH 68/69] chore(registry): change env to build arg --- Dockerfile | 6 +++--- charts/registry/templates/_helper.tpl | 2 +- contrib/ci/test.sh | 8 ++++---- main.go | 2 +- rootfs/bin/init-registry | 23 +++++++++++++---------- 5 files changed, 22 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index c7f5b3d..e9e37c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,20 +11,20 @@ RUN export GO111MODULE=on \ FROM registry.drycc.cc/drycc/base:${CODENAME} -ENV DRYCC_UID=1001 \ +ARG DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ - MC_VERSION="2025.08.13.08.35.41" \ NGINX_VERSION="1.29.1" \ + RCLONE_VERSION="1.71.1" \ REGISTRY_VERSION="3.0.0" RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \ && install-packages apache2-utils \ && install-stack jq $JQ_VERSION \ - && install-stack mc $MC_VERSION \ && install-stack nginx ${NGINX_VERSION} \ + && install-stack rclone $RCLONE_VERSION \ && install-stack registry $REGISTRY_VERSION \ && rm -rf \ /usr/share/doc \ diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index a0a03b9..cd87b72 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -66,6 +66,6 @@ env: name: storage-creds key: secretkey - name: "DRYCC_STORAGE_PATH_STYLE" - value: "on" + value: "true" {{- end }} {{- end }} diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 896f63e..6be70b3 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -7,9 +7,9 @@ DRYCC_STORAGE_SECRETKEY=f4c4281665bc11ee8e0400163e04a9cd STORAGE_JOB=$(podman run -d --rm --entrypoint init-stack \ - -e MINIO_ROOT_USER="${DRYCC_STORAGE_ACCESSKEY}" \ - -e MINIO_ROOT_PASSWORD="${DRYCC_STORAGE_SECRETKEY}" \ - "${DEV_REGISTRY}"/drycc/storage:canary minio server /data) + -e RUSTFS_ACCESS_KEY="${DRYCC_STORAGE_ACCESSKEY}" \ + -e RUSTFS_SECRET_KEY="${DRYCC_STORAGE_SECRETKEY}" \ + "${DEV_REGISTRY}"/drycc/storage:canary rustfs /data) # wait for port STORAGE_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${STORAGE_JOB}") @@ -26,7 +26,7 @@ REGISTRY_JOB=$(podman run -d --rm \ -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:9000" \ -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ - -e DRYCC_STORAGE_PATH_STYLE=on \ + -e DRYCC_STORAGE_PATH_STYLE=true \ "$1" start-registry) # shellcheck disable=SC2317 diff --git a/main.go b/main.go index ef543e0..27b534c 100644 --- a/main.go +++ b/main.go @@ -40,7 +40,7 @@ func main() { os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", os.Getenv(storageSecretkeyEnvVar)) os.Setenv("REGISTRY_STORAGE_S3_BUCKET", os.Getenv(storageBucketEnvVar)) - if os.Getenv(storagePathStyleEnvVar) == "on" { + if os.Getenv(storagePathStyleEnvVar) == "true" { os.Setenv("REGISTRY_STORAGE_S3_FORCEPATHSTYLE", "true") } diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index fbf570e..4d05fc8 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -2,19 +2,22 @@ set -e -mc alias set storage \ - "${DRYCC_STORAGE_ENDPOINT}" \ - "${DRYCC_STORAGE_ACCESSKEY}" \ - "${DRYCC_STORAGE_SECRETKEY}" \ - --path "${DRYCC_STORAGE_PATH_STYLE}" -mc ping storage -x -if ! mc admin info storage > /dev/null 2>&1; then +mkdir -p ~/.config/rclone +touch ~/.config/rclone/rclone.conf +rclone config create storage s3 \ + provider=Other \ + access_key_id="${DRYCC_STORAGE_ACCESSKEY}" \ + secret_access_key="${DRYCC_STORAGE_SECRETKEY}" \ + endpoint="${DRYCC_STORAGE_ENDPOINT}" \ + force_path_style="${DRYCC_STORAGE_PATH_STYLE:-true}" --no-output + +if ! rclone lsd storage: > /dev/null 2>&1; then sleep 9s -else - mc ready storage + echo "waiting for object storage to become ready..." fi -mc mb --ignore-existing storage/"${DRYCC_STORAGE_BUCKET}" + +rclone mkdir "storage:${DRYCC_STORAGE_BUCKET}" htpasswd -Bbn "${DRYCC_REGISTRY_USERNAME}" "${DRYCC_REGISTRY_PASSWORD}" > "${REGISTRY_AUTH_HTPASSWD_PATH}" echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" From d5af6b12a5cf5d2feab04e6210a0a4cdda496e7e Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 1 Apr 2026 11:30:29 +0800 Subject: [PATCH 69/69] fix(charts): warning I0401 --- charts/registry/templates/registry-service.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index 69e78bc..fbafcf2 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -15,4 +15,3 @@ spec: clusterIP: None selector: app: drycc-registry - sessionAffinity: ClientIP