From cff1e92377a6f5efe9c2470219d04db98e592cfc Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 4 Mar 2024 16:12:01 +0800 Subject: [PATCH 01/25] chore(charts): add diagnostic mode --- .../templates/registry-cronjob-daily.yaml | 5 +++++ .../registry/templates/registry-deployment.yaml | 6 ++++++ charts/registry/values.yaml | 16 ++++++++++++++++ 3 files changed, 27 insertions(+) diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index 60f89b7..c816338 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -32,11 +32,16 @@ spec: - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} imagePullPolicy: {{.Values.imagePullPolicy}} name: drycc-registry-garbage-collect + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 14 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 14 }} + {{- else }} args: - /bin/boot - garbage-collect - $(DRYCC_REGISTRY_CONFIG) - --dry-run - --delete-untagged + {{- end }} {{- include "builder.envs" . | indent 12 }} {{- end }} diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 22b6561..5ce2257 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -41,8 +41,13 @@ spec: - name: drycc-registry image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} imagePullPolicy: {{.Values.imagePullPolicy}} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }} + {{- end }} {{- include "registry.limits" . | indent 8 }} {{- include "registry.envs" . | indent 8 }} + {{- if not .Values.diagnosticMode.enabled }} startupProbe: tcpSocket: port: 5000 @@ -69,6 +74,7 @@ spec: timeoutSeconds: 1 successThreshold: 1 failureThreshold: 5 + {{- end }} ports: - containerPort: 5000 name: http diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 99035c5..9fddc8c 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -4,6 +4,22 @@ imageTag: "canary" imageRegistry: "registry.drycc.cc" # limitsCpu: "100m" # limitsMemory: "50Mi" + +## Enable diagnostic mode +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers + ## + args: + - infinity + nodeAffinityPreset: key: "drycc.cc/node" type: "soft" From e6352b8dac143729c55bb003a34ff190e0312683 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 6 Mar 2024 12:36:36 +0800 Subject: [PATCH 02/25] feat(charts): reuses the value from an existing secret and config --- charts/registry/templates/registry-cronjob-daily.yaml | 4 ++-- charts/registry/templates/registry-secret.yaml | 6 +++--- charts/registry/values.yaml | 7 +++++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index c816338..ff3578c 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -27,7 +27,7 @@ spec: - -v - -u - $(DRYCC_STORAGE_ENDPOINT) - {{- include "builder.envs" . | indent 12 }} + {{- include "registry.envs" . | indent 12 }} containers: - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} imagePullPolicy: {{.Values.imagePullPolicy}} @@ -43,5 +43,5 @@ spec: - --dry-run - --delete-untagged {{- end }} - {{- include "builder.envs" . | indent 12 }} + {{- include "registry.envs" . | indent 12 }} {{- end }} diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index 301ceae..743f047 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -10,11 +10,11 @@ type: Opaque data: {{- if eq .Values.global.registryLocation "on-cluster" }} host: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain | b64enc }} - secret: {{ randAlphaNum 32 | b64enc }} + secret: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "secret" "defaultValue" (randAlphaNum 32) "context" $) }} {{- else }} host: {{ .Values.host | b64enc }} organization: {{ .Values.organization | b64enc }} {{- end }} - username: {{ if .Values.username | default "" | ne "" }}{{ .Values.username | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} - password: {{ if .Values.password | default "" | ne "" }}{{ .Values.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} + username: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "username" "defaultValue" (.Values.username | default (randAlphaNum 32)) "context" $) }} + password: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "password" "defaultValue" (.Values.password | default (randAlphaNum 32)) "context" $) }} redirect: {{ .Values.redirect | b64enc }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 9fddc8c..af87d91 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -39,11 +39,14 @@ podAntiAffinityPreset: # registry replicas replicas: 1 # registry storage redirect -redirect: false +redirect: "false" concurrencyPolicy: "Replace" # Service service: # Provide any additional service annotations - annotations: {} \ No newline at end of file + annotations: {} + +global: + registryLocation: "on-cluster" From e4ebb4258eae752bd5a9a74e97387c2ee1692668 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 18 Mar 2024 16:41:09 +0800 Subject: [PATCH 03/25] chore(woodpecker): migrations woodpecker-ci to 2 --- .woodpecker/build-linux.yml | 5 ++--- .woodpecker/chart.yaml | 6 ++---- .woodpecker/manifest.yml | 5 ++--- .woodpecker/test-linux.yml | 5 ++--- 4 files changed, 8 insertions(+), 13 deletions(-) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index 8cdd984..f411033 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -3,12 +3,11 @@ matrix: - linux/amd64 - linux/arm64 -platform: ${platform} - labels: type: exec + platform: ${platform} -pipeline: +steps: - name: publish-linux image: bash commands: diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml index 3204cf5..20f9ea9 100644 --- a/.woodpecker/chart.yaml +++ b/.woodpecker/chart.yaml @@ -1,11 +1,9 @@ -platform: linux/amd64 - labels: type: exec + platform: linux/amd64 -pipeline: +steps: - name: generate-chart - type: local image: bash commands: - export VERSION=$(sed 's#v##' <<< $CI_COMMIT_TAG) diff --git a/.woodpecker/manifest.yml b/.woodpecker/manifest.yml index 2d5c4e5..b4735ee 100644 --- a/.woodpecker/manifest.yml +++ b/.woodpecker/manifest.yml @@ -1,9 +1,8 @@ -platform: linux/amd64 - labels: type: exec + platform: linux/amd64 -pipeline: +steps: - name: generate-manifest image: bash commands: diff --git a/.woodpecker/test-linux.yml b/.woodpecker/test-linux.yml index 313179e..d47ccc5 100644 --- a/.woodpecker/test-linux.yml +++ b/.woodpecker/test-linux.yml @@ -3,12 +3,11 @@ matrix: - linux/amd64 - linux/arm64 -platform: ${platform} - labels: type: exec + platform: ${platform} -pipeline: +steps: - name: test-linux image: bash commands: From b17c5f6b8b9ef32487a867aacfd1477f453fa97e Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 19 Mar 2024 23:13:56 +0800 Subject: [PATCH 04/25] fix(woodpecker): CI_SYSTEM_ARCH env removed --- .woodpecker/build-linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index f411033..782d2f5 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -11,7 +11,7 @@ steps: - name: publish-linux image: bash commands: - - export VERSION=$([ -z $CI_COMMIT_TAG ] && echo latest || echo $CI_COMMIT_TAG)-$(sed 's#/#-#g' <<< $CI_SYSTEM_ARCH) + - export VERSION=$([ -z $CI_COMMIT_TAG ] && echo latest || echo $CI_COMMIT_TAG)-$(sed 's#/#-#g' <<< $CI_SYSTEM_PLATFORM) - echo $CONTAINER_PASSWORD | podman login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - make podman-build podman-immutable-push secrets: From 0f96e2a21de4d484bba4a914edd76b37d858aae1 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 20 Mar 2024 14:22:50 +0800 Subject: [PATCH 05/25] chore(charts): change canary app version --- .woodpecker/chart.yaml | 4 ++-- charts/registry/templates/registry-cronjob-daily.yaml | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml index 20f9ea9..5aa7eb3 100644 --- a/.woodpecker/chart.yaml +++ b/.woodpecker/chart.yaml @@ -8,7 +8,7 @@ steps: commands: - export VERSION=$(sed 's#v##' <<< $CI_COMMIT_TAG) - export IMAGE_TAG=$([ ! -z $CI_COMMIT_TAG ] && echo \"$VERSION\" || echo \"canary\") - - export APP_VERSION=$([ ! -z $CI_COMMIT_TAG ] && echo $VERSION || echo 1.0.0) + - export APP_VERSION=$([ -z $CI_COMMIT_TAG ] && echo $CI_COMMIT_SHA || echo $VERSION) - export CHART_VERSION=$([ -z $CI_COMMIT_TAG ] && echo 1.0.0 || echo $VERSION) - sed -i "s/imageTag:\ \"canary\"/imageTag:\ $IMAGE_TAG/g" charts/$${CI_REPO_NAME}/values.yaml - helm package -u charts/$${CI_REPO_NAME} --version $CHART_VERSION --app-version $APP_VERSION @@ -25,4 +25,4 @@ steps: - tag depends_on: -- manifest \ No newline at end of file +- manifest diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index ff3578c..a854722 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -37,11 +37,12 @@ spec: args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 14 }} {{- else }} args: - - /bin/boot - - garbage-collect - - $(DRYCC_REGISTRY_CONFIG) - - --dry-run - - --delete-untagged + - /usr/bin/env + - bash + - -ec + - | + # run garbage collect + boot garbage-collect ${DRYCC_REGISTRY_CONFIG} --dry-run --delete-untagged {{- end }} {{- include "registry.envs" . | indent 12 }} {{- end }} From 9314abbce22acccd6b88acebf51a0166a03ea1ea Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 15 Nov 2024 11:37:25 +0800 Subject: [PATCH 06/25] chore(mc): bump version to 2024.11.05.11.29.45 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index cc66961..4c354ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,8 +14,8 @@ FROM registry.drycc.cc/drycc/base:${CODENAME} ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ - JQ_VERSION="1.7" \ - MC_VERSION="2023.09.20.15.22.31" \ + JQ_VERSION="1.7.1" \ + MC_VERSION="2024.11.05.11.29.45" \ REGISTRY_VERSION="2.8.3" COPY rootfs/bin/ /bin/ From ad8ef8024416d0567708532f4ae0b8f4c787bc17 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 23 Dec 2024 14:16:34 +0800 Subject: [PATCH 07/25] fix(wooddpecker): secsets are deprecated --- .woodpecker/build-linux.yml | 17 +++++++++++------ .woodpecker/chart.yaml | 14 +++++++++----- .woodpecker/manifest.yml | 13 ++++++++----- .woodpecker/test-linux.yml | 8 +++++--- 4 files changed, 33 insertions(+), 19 deletions(-) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index 782d2f5..3424a97 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -14,12 +14,17 @@ steps: - export VERSION=$([ -z $CI_COMMIT_TAG ] && echo latest || echo $CI_COMMIT_TAG)-$(sed 's#/#-#g' <<< $CI_SYSTEM_PLATFORM) - echo $CONTAINER_PASSWORD | podman login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1 - make podman-build podman-immutable-push - secrets: - - codename - - dev_registry - - drycc_registry - - container_username - - container_password + environment: + CODENAME: + from_secret: codename + DEV_REGISTRY: + from_secret: dev_registry + DRYCC_REGISTRY: + from_secret: drycc_registry + CONTAINER_USERNAME: + from_secret: container_username + CONTAINER_PASSWORD: + from_secret: container_password when: event: - push diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml index 5aa7eb3..40397e0 100644 --- a/.woodpecker/chart.yaml +++ b/.woodpecker/chart.yaml @@ -14,11 +14,15 @@ steps: - helm package -u charts/$${CI_REPO_NAME} --version $CHART_VERSION --app-version $APP_VERSION - echo $CONTAINER_PASSWORD | helm registry login $DRYCC_REGISTRY -u $CONTAINER_USERNAME --password-stdin - helm push $${CI_REPO_NAME}-$CHART_VERSION.tgz oci://$DRYCC_REGISTRY/$([ -z $CI_COMMIT_TAG ] && echo charts-testing || echo charts) - secrets: - - dev_registry - - drycc_registry - - container_username - - container_password + environment: + DEV_REGISTRY: + from_secret: dev_registry + DRYCC_REGISTRY: + from_secret: drycc_registry + CONTAINER_USERNAME: + from_secret: container_username + CONTAINER_PASSWORD: + from_secret: container_password when: event: - push diff --git a/.woodpecker/manifest.yml b/.woodpecker/manifest.yml index b4735ee..6a91aa3 100644 --- a/.woodpecker/manifest.yml +++ b/.woodpecker/manifest.yml @@ -8,8 +8,9 @@ steps: commands: - sed -i "s/{{project}}/$${CI_REPO_NAME}/g" .woodpecker/manifest.tmpl - sed -i "s/registry.drycc.cc/$${DRYCC_REGISTRY}/g" .woodpecker/manifest.tmpl - secrets: - - drycc_registry + environment: + DRYCC_REGISTRY: + from_secret: drycc_registry when: event: - tag @@ -26,9 +27,11 @@ steps: -v $(pwd):$(pwd) -w $(pwd) docker.io/plugins/manifest - secrets: - - container_username - - container_password + environment: + CONTAINER_USERNAME: + from_secret: container_username + CONTAINER_PASSWORD: + from_secret: container_password when: event: - tag diff --git a/.woodpecker/test-linux.yml b/.woodpecker/test-linux.yml index d47ccc5..0d5a93f 100644 --- a/.woodpecker/test-linux.yml +++ b/.woodpecker/test-linux.yml @@ -12,9 +12,11 @@ steps: image: bash commands: - make test - secrets: - - codename - - dev_registry + environment: + CODENAME: + from_secret: codename + DEV_REGISTRY: + from_secret: dev_registry when: event: - push From f4269c6a06f158cf30465a3b5c2ad3ed99122fd1 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 2 Apr 2025 11:52:03 +0800 Subject: [PATCH 08/25] chore(registry): add cron event --- .woodpecker/build-linux.yml | 1 + .woodpecker/chart.yaml | 1 + .woodpecker/manifest.yml | 2 ++ .woodpecker/test-linux.yml | 1 + 4 files changed, 5 insertions(+) diff --git a/.woodpecker/build-linux.yml b/.woodpecker/build-linux.yml index 3424a97..ef4ecfd 100644 --- a/.woodpecker/build-linux.yml +++ b/.woodpecker/build-linux.yml @@ -29,6 +29,7 @@ steps: event: - push - tag + - cron depends_on: - test-linux \ No newline at end of file diff --git a/.woodpecker/chart.yaml b/.woodpecker/chart.yaml index 40397e0..cfcd3ec 100644 --- a/.woodpecker/chart.yaml +++ b/.woodpecker/chart.yaml @@ -27,6 +27,7 @@ steps: event: - push - tag + - cron depends_on: - manifest diff --git a/.woodpecker/manifest.yml b/.woodpecker/manifest.yml index 6a91aa3..19fc70c 100644 --- a/.woodpecker/manifest.yml +++ b/.woodpecker/manifest.yml @@ -15,6 +15,7 @@ steps: event: - tag - push + - cron - name: publish-manifest image: bash @@ -36,6 +37,7 @@ steps: event: - tag - push + - cron depends_on: - build-linux diff --git a/.woodpecker/test-linux.yml b/.woodpecker/test-linux.yml index 0d5a93f..194832f 100644 --- a/.woodpecker/test-linux.yml +++ b/.woodpecker/test-linux.yml @@ -21,3 +21,4 @@ steps: event: - push - tag + - cron From 42ac284cd4cff4f202d5b1fdf4e35f4a8f0936eb Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 2 Apr 2025 12:40:12 +0800 Subject: [PATCH 09/25] fix(test): s3 api error --- Dockerfile | 2 +- contrib/ci/s3.json | 10 ---------- contrib/ci/start-s3.sh | 7 ------- contrib/ci/test.sh | 18 ++++++++---------- 4 files changed, 9 insertions(+), 28 deletions(-) delete mode 100644 contrib/ci/s3.json delete mode 100755 contrib/ci/start-s3.sh diff --git a/Dockerfile b/Dockerfile index 4c354ff..94400a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ - MC_VERSION="2024.11.05.11.29.45" \ + MC_VERSION="2025.03.12.17.29.24" \ REGISTRY_VERSION="2.8.3" COPY rootfs/bin/ /bin/ diff --git a/contrib/ci/s3.json b/contrib/ci/s3.json deleted file mode 100644 index c34dd33..0000000 --- a/contrib/ci/s3.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "identities": [{ - "name": "drycc", - "credentials": [{ - "accessKey": "$DRYCC_STORAGE_ACCESSKEY", - "secretKey": "$DRYCC_STORAGE_SECRETKEY" - }], - "actions": ["Admin", "Read", "List", "Tagging", "Write"] - }] -} \ No newline at end of file diff --git a/contrib/ci/start-s3.sh b/contrib/ci/start-s3.sh deleted file mode 100755 index 55b5092..0000000 --- a/contrib/ci/start-s3.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash -eval "cat </etc/seaweedfs/s3.json -$( cat /tmp/weed/s3.json ) -EOF -" 2> /dev/null - -weed server -dir=/data -s3 -s3.config=/etc/seaweedfs/s3.json diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index d2fc18e..f1d8c7f 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -2,22 +2,20 @@ set -eoxf pipefail -BASE_DIR=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")") DRYCC_STORAGE_ACCESSKEY=f4c4281665bc11ee8e0400163e04a9cd DRYCC_STORAGE_SECRETKEY=f4c4281665bc11ee8e0400163e04a9cd -STORAGE_JOB=$(podman run -d --entrypoint init-stack -p 8333:8333 \ - -v "${BASE_DIR}":/tmp/weed \ - -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ - -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ - "${DEV_REGISTRY}"/drycc/storage:canary /tmp/weed/start-s3.sh) +STORAGE_JOB=$(podman run -d --entrypoint init-stack \ + -e MINIO_ROOT_USER="${DRYCC_STORAGE_ACCESSKEY}" \ + -e MINIO_ROOT_PASSWORD="${DRYCC_STORAGE_SECRETKEY}" \ + "${DEV_REGISTRY}"/drycc/storage:canary minio server /data) # wait for port STORAGE_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${STORAGE_JOB}") -echo -e "\\033[32m---> Waitting for ${STORAGE_IP}:8333\\033[0m" -wait-for-port --host="${STORAGE_IP}" 8333 -echo -e "\\033[32m---> S3 service ${STORAGE_IP}:8333 ready...\\033[0m" +echo -e "\\033[32m---> Waitting for ${STORAGE_IP}:9000\\033[0m" +wait-for-port --host="${STORAGE_IP}" 9000 +echo -e "\\033[32m---> S3 service ${STORAGE_IP}:9000 ready...\\033[0m" podman logs "${STORAGE_JOB}" JOB=$(podman run -d \ @@ -27,7 +25,7 @@ JOB=$(podman run -d \ -e DRYCC_REGISTRY_PASSWORD=admin \ -e DRYCC_STORAGE_LOOKUP=path \ -e DRYCC_STORAGE_BUCKET=registry \ - -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:8333" \ + -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:9000" \ -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ "$1") From f61f709f22d1fe7ca2680c8057965e93ceb9f87c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 2 Apr 2025 16:17:42 +0800 Subject: [PATCH 10/25] chore(registry): bump registry to 3.0.0 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 94400a6..46bca6d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ ENV DRYCC_UID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ MC_VERSION="2025.03.12.17.29.24" \ - REGISTRY_VERSION="2.8.3" + REGISTRY_VERSION="3.0.0" COPY rootfs/bin/ /bin/ COPY --from=build /bin/boot /bin/boot From eeb812fbaa4cb249bef288e25fdf2f175779f4d5 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 2 Apr 2025 17:03:42 +0800 Subject: [PATCH 11/25] fix(registry): env REGISTRY_VERSION conflicts --- main.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/main.go b/main.go index 07ff818..956f6c1 100644 --- a/main.go +++ b/main.go @@ -67,6 +67,8 @@ func main() { if err := cmd.Run(); err != nil { log.Fatal("Error creating the registry bucket: ", err) } + // avoid conflicts with env variables + os.Unsetenv("REGISTRY_VERSION") if len(os.Args) > 1 { cmd = exec.Command(registryBinary, os.Args[1:]...) } else { From d159e8e97df8c5b65ee027979335d77f9207f6ea Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 8 Apr 2025 11:32:51 +0800 Subject: [PATCH 12/25] chore(mc): bump mc version to 2025.04.03.17.07.56 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 46bca6d..7dbc46b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ - MC_VERSION="2025.03.12.17.29.24" \ + MC_VERSION="2025.04.03.17.07.56" \ REGISTRY_VERSION="3.0.0" COPY rootfs/bin/ /bin/ From 7b889aa745b4647fd9e0ea5b09f0ac24038fa0ba Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 6 May 2025 17:41:57 +0800 Subject: [PATCH 13/25] chore(registry): add registry proxy --- .gitignore | 2 +- Dockerfile | 17 +-- README.md | 10 +- .../templates/registry-deployment.yaml | 3 + .../templates/registry-proxy-daemonset.yaml | 112 ++++++++++++++++++ charts/registry/values.yaml | 2 + contrib/ci/test.sh | 43 +++++-- main.go | 4 +- rootfs/bin/{init_registry => init-registry} | 0 rootfs/bin/start-proxy | 18 +++ rootfs/opt/drycc/nginx/conf/nginx.conf | 22 ++++ rootfs/opt/drycc/nginx/conf/registry.conf.tpl | 24 ++++ 12 files changed, 236 insertions(+), 21 deletions(-) create mode 100644 charts/registry/templates/registry-proxy-daemonset.yaml rename rootfs/bin/{init_registry => init-registry} (100%) create mode 100755 rootfs/bin/start-proxy create mode 100644 rootfs/opt/drycc/nginx/conf/nginx.conf create mode 100644 rootfs/opt/drycc/nginx/conf/registry.conf.tpl diff --git a/.gitignore b/.gitignore index 1b73338..e5361b7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -rootfs/opt/ contrib/ci/tmp/ .vscode/ +rootfs/opt/registry/sbin \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 7dbc46b..e14594f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,8 @@ ARG LDFLAGS ADD . /workspace RUN export GO111MODULE=on \ && cd /workspace \ - && CGO_ENABLED=0 init-stack go build -ldflags "${LDFLAGS}" -o /bin/boot main.go \ - && upx -9 --brute /bin/boot + && CGO_ENABLED=0 init-stack go build -ldflags "${LDFLAGS}" -o /bin/start-registry main.go \ + && upx -9 --brute /bin/start-registry FROM registry.drycc.cc/drycc/base:${CODENAME} @@ -16,18 +16,16 @@ ENV DRYCC_UID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ MC_VERSION="2025.04.03.17.07.56" \ + NGINX_VERSION="1.25.1" \ REGISTRY_VERSION="3.0.0" -COPY rootfs/bin/ /bin/ -COPY --from=build /bin/boot /bin/boot - RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \ && install-packages apache2-utils \ && install-stack jq $JQ_VERSION \ && install-stack mc $MC_VERSION \ + && install-stack nginx ${NGINX_VERSION} \ && install-stack registry $REGISTRY_VERSION \ - && chmod +x /bin/init_registry \ && rm -rf \ /usr/share/doc \ /usr/share/man \ @@ -42,12 +40,15 @@ RUN groupadd drycc --gid ${DRYCC_GID} \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \ /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \ && mkdir -p /usr/share/man/man{1..8} \ - && chown -R ${DRYCC_UID}:${DRYCC_GID} ${DRYCC_HOME_DIR} + && chown -R ${DRYCC_UID}:${DRYCC_GID} /opt/drycc +COPY --from=build /bin/start-registry /bin/start-registry +COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/bin/ /bin/ +COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/opt/drycc/nginx /opt/drycc/nginx COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/config-example.yml /opt/drycc/registry/etc/config.yml + ENV DRYCC_REGISTRY_CONFIG /opt/drycc/registry/etc/config.yml USER ${DRYCC_UID} VOLUME ["${DRYCC_HOME_DIR}"] -CMD ["/bin/boot"] EXPOSE 5000 diff --git a/README.md b/README.md index 5e9ea3d..ae7eea3 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,15 @@ We welcome your input! If you have feedback, please submit an [issue][issues]. I # About -The registry is a [Container registry](https://github.com/distribution/distribution) component for use in Kubernetes. While it's intended for use inside of the Drycc open source [PaaS](https://en.wikipedia.org/wiki/Platform_as_a_service), it's flexible enough to be used as a standalone pod on any Kubernetes cluster. +Registry consists of two components, namely the proxy component and the registry component. + +## Proxy + +The proxy component is a proxy deployed on every Kubernetes worker node, proxying all requests to the Drycc Workflow [registry][registry]. This allows the worker nodes daemons to communicate to the registry over localhost, bypassing the need for adding the `--insecure-registry` flag to the daemons. + +## Registry + +The registry component is a [Container registry](https://github.com/distribution/distribution) component for use in Kubernetes. While it's intended for use inside of the Drycc open source [PaaS](https://en.wikipedia.org/wiki/Platform_as_a_service), it's flexible enough to be used as a standalone pod on any Kubernetes cluster. If you decide to use this component standalone, you can host your own Container registry in your own Kubernetes cluster. diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 5ce2257..e1c619c 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -44,6 +44,9 @@ spec: {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }} args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }} + {{- else }} + args: + - start-registry {{- end }} {{- include "registry.limits" . | indent 8 }} {{- include "registry.envs" . | indent 8 }} diff --git a/charts/registry/templates/registry-proxy-daemonset.yaml b/charts/registry/templates/registry-proxy-daemonset.yaml new file mode 100644 index 0000000..971231b --- /dev/null +++ b/charts/registry/templates/registry-proxy-daemonset.yaml @@ -0,0 +1,112 @@ +{{- if eq .Values.global.registryLocation "on-cluster" }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: drycc-registry-proxy + labels: + heritage: drycc + annotations: + component.drycc.cc/version: {{ .Values.imageTag }} +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: drycc-registry-proxy + heritage: drycc + template: + metadata: + name: drycc-registry-proxy + labels: + heritage: drycc + app: drycc-registry-proxy + spec: + securityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 + initContainers: + - name: drycc-registry-init + image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest + imagePullPolicy: {{.Values.imagePullPolicy}} + args: + - netcat + - -v + - -a + - $(DRYCC_REGISTRY_HOST) + env: + - name: "DRYCC_REGISTRY_HOST" + valueFrom: + secretKeyRef: + name: registry-secret + key: host + containers: + - name: drycc-registry-proxy + image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} + imagePullPolicy: {{.Values.imagePullPolicy}} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }} + {{- else }} + args: + - start-proxy + {{- end }} + {{- if or (.Values.limitsCpu) (.Values.limitsMemory)}} + resources: + limits: + {{- if (.Values.limitsCpu) }} + cpu: {{.Values.limitsCpu}} + {{- end}} + {{- if (.Values.limitsMemory) }} + memory: {{.Values.limitsMemory}} + {{- end}} + {{- end}} + {{- if not .Values.diagnosticMode.enabled }} + startupProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + livenessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + {{- end }} + env: + - name: "DRYCC_REGISTRY_HOST" + valueFrom: + secretKeyRef: + name: registry-secret + key: host + - name: "DRYCC_REGISTRY_USERNAME" + valueFrom: + secretKeyRef: + name: registry-secret + key: username + - name: "DRYCC_REGISTRY_PASSWORD" + valueFrom: + secretKeyRef: + name: registry-secret + key: password + ports: + - containerPort: 8080 + hostPort: {{.Values.proxyPort}} +{{- end }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index af87d91..f57b5eb 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -40,6 +40,8 @@ podAntiAffinityPreset: replicas: 1 # registry storage redirect redirect: "false" +# host port for the registry proxy in the daemonset +proxyPort: 5555 concurrencyPolicy: "Replace" diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index f1d8c7f..c7241af 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -6,7 +6,7 @@ DRYCC_STORAGE_ACCESSKEY=f4c4281665bc11ee8e0400163e04a9cd DRYCC_STORAGE_SECRETKEY=f4c4281665bc11ee8e0400163e04a9cd -STORAGE_JOB=$(podman run -d --entrypoint init-stack \ +STORAGE_JOB=$(podman run -d --rm --entrypoint init-stack \ -e MINIO_ROOT_USER="${DRYCC_STORAGE_ACCESSKEY}" \ -e MINIO_ROOT_PASSWORD="${DRYCC_STORAGE_SECRETKEY}" \ "${DEV_REGISTRY}"/drycc/storage:canary minio server /data) @@ -18,7 +18,7 @@ wait-for-port --host="${STORAGE_IP}" 9000 echo -e "\\033[32m---> S3 service ${STORAGE_IP}:9000 ready...\\033[0m" podman logs "${STORAGE_JOB}" -JOB=$(podman run -d \ +REGISTRY_JOB=$(podman run -d --rm \ -e REGISTRY_HTTP_SECRET=drycc \ -e DRYCC_REGISTRY_REDIRECT=false \ -e DRYCC_REGISTRY_USERNAME=admin \ @@ -28,23 +28,48 @@ JOB=$(podman run -d \ -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:9000" \ -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ - "$1") + "$1" start-registry) # shellcheck disable=SC2317 function clean_before_exit { # delay before exiting, so stdout/stderr flushes through the logging system - podman kill "${JOB}" + podman kill "${REGISTRY_JOB}" podman kill "${STORAGE_JOB}" - podman rm -f "${JOB}" "${STORAGE_JOB}" + podman kill "${PROXY_JOB}" } trap clean_before_exit EXIT # let the registry run for a few seconds -REGISTRY_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${JOB}") +REGISTRY_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${REGISTRY_JOB}") echo -e "\\033[32m---> Waitting for ${REGISTRY_IP}:5000\\033[0m" wait-for-port --host="${REGISTRY_IP}" 5000 echo -e "\\033[32m---> S3 service ${REGISTRY_IP}:5000 ready...\\033[0m" + +# proxy job +PROXY_JOB=$(podman run -d \ + -p 15555:8080 \ + -e DRYCC_REGISTRY_HOST="${REGISTRY_IP}:5000" \ + -e DRYCC_REGISTRY_USERNAME=admin \ + -e DRYCC_REGISTRY_PASSWORD=admin \ + "$1" start-proxy) + +# let the registry proxy run for a few seconds +REGISTRY_PROXY_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${PROXY_JOB}") +echo -e "\\033[32m---> Waitting for ${REGISTRY_PROXY_IP}:8080\\033[0m" +wait-for-port --host="${REGISTRY_PROXY_IP}" 8080 +echo -e "\\033[32m---> S3 service ${REGISTRY_PROXY_IP}:8080 ready...\\033[0m" + # check that the registry is still up -podman tag "$1" "${REGISTRY_IP}:5000/registry:canary" -echo admin | podman login "${REGISTRY_IP}:5000" --tls-verify=false --username admin --password-stdin > /dev/null 2>&1 -podman push "${REGISTRY_IP}:5000/registry:canary" --tls-verify=false +http_status_code=$(curl -X GET -s -o /dev/null -w "%{http_code}" "http://${REGISTRY_PROXY_IP}:8080/v2/") +if [ "$http_status_code" != "200" ]; then + echo "Expected http status code: 200, actual: ${http_status_code}" + exit 1 +fi + +http_status_code=$(curl -X POST -s -o /dev/null -w "%{http_code}" "http://${REGISTRY_PROXY_IP}:8080/v2/") +if [ "$http_status_code" != "403" ]; then + echo "Expected http status code: 403, actual: ${http_status_code}" + exit 1 +fi + +echo -e "\\033[32m---> All test success...\\033[0m" \ No newline at end of file diff --git a/main.go b/main.go index 956f6c1..13718e0 100644 --- a/main.go +++ b/main.go @@ -57,11 +57,11 @@ func main() { os.Setenv("REGISTRY_VALIDATION_DISABLED", "true") os.Setenv("REGISTRY_STORAGE_S3_ROOTDIRECTORY", "/registry") - // run /bin/init_registry + // run /bin/init-registry os.Setenv("REGISTRY_AUTH", "htpasswd") os.Setenv("REGISTRY_AUTH_HTPASSWD_REALM", "basic-realm") os.Setenv("REGISTRY_AUTH_HTPASSWD_PATH", registryHtpasswd) - cmd := exec.Command("/bin/init_registry") + cmd := exec.Command("/bin/init-registry") cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr if err := cmd.Run(); err != nil { diff --git a/rootfs/bin/init_registry b/rootfs/bin/init-registry similarity index 100% rename from rootfs/bin/init_registry rename to rootfs/bin/init-registry diff --git a/rootfs/bin/start-proxy b/rootfs/bin/start-proxy new file mode 100755 index 0000000..5354551 --- /dev/null +++ b/rootfs/bin/start-proxy @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +REGISTRY_HOST=${DRYCC_REGISTRY_HOST:?no host} +AUTHORIZATION=$(echo -ne "${DRYCC_REGISTRY_USERNAME:? no username}":"${DRYCC_REGISTRY_PASSWORD:? no password}" | base64 -w 0) + +cat /opt/drycc/nginx/conf/registry.conf.tpl > /opt/drycc/nginx/conf/registry.conf +sed -i "s#%REGISTRY_HOST%#${REGISTRY_HOST}#g" /opt/drycc/nginx/conf/registry.conf +sed -i "s#%AUTHORIZATION%#${AUTHORIZATION}#g" /opt/drycc/nginx/conf/registry.conf + +# wait for registry to come online +while ! curl -sS "$REGISTRY_HOST" &>/dev/null; do + echo "waiting for the registry (%s) to come online..." + echo "$REGISTRY_HOST" + sleep 1 +done + +echo "starting registry-proxy..." +exec nginx -g "daemon off;" diff --git a/rootfs/opt/drycc/nginx/conf/nginx.conf b/rootfs/opt/drycc/nginx/conf/nginx.conf new file mode 100644 index 0000000..bd3f31d --- /dev/null +++ b/rootfs/opt/drycc/nginx/conf/nginx.conf @@ -0,0 +1,22 @@ +worker_processes 1; + +error_log /dev/stderr warn; +pid /opt/drycc/nginx/logs/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /opt/drycc/nginx/conf/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout main; + sendfile on; + keepalive_timeout 65; + include /opt/drycc/nginx/conf/registry.conf; +} diff --git a/rootfs/opt/drycc/nginx/conf/registry.conf.tpl b/rootfs/opt/drycc/nginx/conf/registry.conf.tpl new file mode 100644 index 0000000..627f2f2 --- /dev/null +++ b/rootfs/opt/drycc/nginx/conf/registry.conf.tpl @@ -0,0 +1,24 @@ +upstream container-registry { + server %REGISTRY_HOST%; +} + +server { + listen 8080; + server_name localhost; + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) + chunked_transfer_encoding on; + location / { + proxy_pass http://container-registry; + proxy_set_header Host $http_host; # required for container client's sake + proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 900; + proxy_set_header Authorization "Basic %AUTHORIZATION%"; + limit_except GET HEAD OPTIONS { + deny all; + } + } +} \ No newline at end of file From 63d60da785721ef3246fa50a359b486b966af99c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 7 May 2025 18:05:16 +0800 Subject: [PATCH 14/25] chore(charts): use condition --- charts/registry/templates/_helper.tpl | 36 +++++++++++++------ .../templates/registry-cronjob-daily.yaml | 2 -- .../templates/registry-deployment.yaml | 2 -- .../templates/registry-proxy-daemonset.yaml | 12 ++----- .../registry/templates/registry-secret.yaml | 16 ++++----- .../templates/registry-service-account.yaml | 2 -- .../registry/templates/registry-service.yaml | 2 -- charts/registry/values.yaml | 13 +++++-- contrib/ci/test.sh | 1 - 9 files changed, 44 insertions(+), 42 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index a4e066b..2b013c9 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -4,11 +4,6 @@ env: value: "true" - name: REGISTRY_LOG_LEVEL value: info -- name: "REGISTRY_HTTP_SECRET" - valueFrom: - secretKeyRef: - name: registry-secret - key: secret - name: "DRYCC_REGISTRY_REDIRECT" valueFrom: secretKeyRef: @@ -24,21 +19,39 @@ env: secretKeyRef: name: registry-secret key: password +{{- if (.Values.storageEndpoint) }} - name: "DRYCC_STORAGE_LOOKUP" valueFrom: secretKeyRef: - name: storage-creds - key: lookup + name: registry-secret + key: storage-lookup - name: "DRYCC_STORAGE_BUCKET" valueFrom: secretKeyRef: - name: storage-creds - key: registry-bucket + name: registry-secret + key: storage-bucket - name: "DRYCC_STORAGE_ENDPOINT" valueFrom: secretKeyRef: - name: storage-creds - key: endpoint + name: registry-secret + key: storage-endpoint +- name: "DRYCC_STORAGE_ACCESSKEY" + valueFrom: + secretKeyRef: + name: registry-secret + key: storage-accesskey +- name: "DRYCC_STORAGE_SECRETKEY" + valueFrom: + secretKeyRef: + name: registry-secret + key: storage-secretkey +{{- else if .Values.storage.enabled }} +- name: "DRYCC_STORAGE_LOOKUP" + value: "path" +- name: "DRYCC_STORAGE_BUCKET" + value: "registry" +- name: "DRYCC_STORAGE_ENDPOINT" + value: {{ printf "http://drycc-storage.%s.svc.%s:9000" .Release.Namespace .Values.global.clusterDomain }} - name: "DRYCC_STORAGE_ACCESSKEY" valueFrom: secretKeyRef: @@ -50,6 +63,7 @@ env: name: storage-creds key: secretkey {{- end }} +{{- end }} {{/* Generate registry deployment limits */}} {{- define "registry.limits" -}} diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index a854722..d052868 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -1,4 +1,3 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: batch/v1 kind: CronJob metadata: @@ -45,4 +44,3 @@ spec: boot garbage-collect ${DRYCC_REGISTRY_CONFIG} --dry-run --delete-untagged {{- end }} {{- include "registry.envs" . | indent 12 }} -{{- end }} diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index e1c619c..85e018b 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -1,4 +1,3 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: apps/v1 kind: Deployment metadata: @@ -91,4 +90,3 @@ spec: volumes: - name: registry-storage emptyDir: {} -{{- end }} diff --git a/charts/registry/templates/registry-proxy-daemonset.yaml b/charts/registry/templates/registry-proxy-daemonset.yaml index 971231b..49167fb 100644 --- a/charts/registry/templates/registry-proxy-daemonset.yaml +++ b/charts/registry/templates/registry-proxy-daemonset.yaml @@ -1,4 +1,3 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -36,10 +35,7 @@ spec: - $(DRYCC_REGISTRY_HOST) env: - name: "DRYCC_REGISTRY_HOST" - valueFrom: - secretKeyRef: - name: registry-secret - key: host + value: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain }} containers: - name: drycc-registry-proxy image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} @@ -92,10 +88,7 @@ spec: {{- end }} env: - name: "DRYCC_REGISTRY_HOST" - valueFrom: - secretKeyRef: - name: registry-secret - key: host + value: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain }} - name: "DRYCC_REGISTRY_USERNAME" valueFrom: secretKeyRef: @@ -109,4 +102,3 @@ spec: ports: - containerPort: 8080 hostPort: {{.Values.proxyPort}} -{{- end }} diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index 743f047..9621da9 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -4,17 +4,15 @@ metadata: name: registry-secret labels: heritage: drycc - annotations: - drycc.cc/registry-location: "{{ .Values.global.registryLocation }}" type: Opaque data: - {{- if eq .Values.global.registryLocation "on-cluster" }} - host: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain | b64enc }} - secret: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "secret" "defaultValue" (randAlphaNum 32) "context" $) }} - {{- else }} - host: {{ .Values.host | b64enc }} - organization: {{ .Values.organization | b64enc }} - {{- end }} username: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "username" "defaultValue" (.Values.username | default (randAlphaNum 32)) "context" $) }} password: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "password" "defaultValue" (.Values.password | default (randAlphaNum 32)) "context" $) }} redirect: {{ .Values.redirect | b64enc }} + {{- if (.Values.storageEndpoint) }} + storage-lookup: {{ .Values.storageLookup | b64enc }} + storage-bucket: {{ .Values.storageBucket | b64enc }} + storage-endpoint: {{ .Values.storageEndpoint | b64enc }} + storage-accesskey: {{ .Values.storageAccesskey | b64enc }} + storage-secretkey: {{ .Values.storageSecretkey | b64enc }} + {{- end }} diff --git a/charts/registry/templates/registry-service-account.yaml b/charts/registry/templates/registry-service-account.yaml index 3766311..a3b2b78 100644 --- a/charts/registry/templates/registry-service-account.yaml +++ b/charts/registry/templates/registry-service-account.yaml @@ -1,8 +1,6 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: v1 kind: ServiceAccount metadata: name: drycc-registry labels: heritage: drycc -{{- end }} diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index 6b6d579..1ac9221 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -1,4 +1,3 @@ -{{- if eq .Values.global.registryLocation "on-cluster" }} apiVersion: v1 kind: Service metadata: @@ -14,4 +13,3 @@ spec: selector: app: drycc-registry sessionAffinity: ClientIP -{{- end }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index f57b5eb..232250f 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -45,10 +45,17 @@ proxyPort: 5555 concurrencyPolicy: "Replace" +# The following parameters will no longer use the built-in storage component. +storageLookup: "auto" +storageBucket: "builder" +storageEndpoint: "" +storageAccesskey: "" +storageSecretkey: "" + +storage: + enabled: true + # Service service: # Provide any additional service annotations annotations: {} - -global: - registryLocation: "on-cluster" diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index c7241af..58ec868 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -19,7 +19,6 @@ echo -e "\\033[32m---> S3 service ${STORAGE_IP}:9000 ready...\\033[0m" podman logs "${STORAGE_JOB}" REGISTRY_JOB=$(podman run -d --rm \ - -e REGISTRY_HTTP_SECRET=drycc \ -e DRYCC_REGISTRY_REDIRECT=false \ -e DRYCC_REGISTRY_USERNAME=admin \ -e DRYCC_REGISTRY_PASSWORD=admin \ From 7a03f6824da6395eda2715b2fa2cc9e6facb2e3f Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 8 May 2025 13:55:31 +0800 Subject: [PATCH 15/25] chore(storage): add check storage --- rootfs/bin/init-registry | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index a3a6041..2b762a0 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -13,6 +13,8 @@ has_bucket(){ mc ls storage -json|jq -r '.key'|grep -w "${DRYCC_STORAGE_BUCKET}" } +mc ping storage -x + if [ -z "$(has_bucket)" ] ;then mc mb storage/"${DRYCC_STORAGE_BUCKET}" if [ -z "$(has_bucket)" ] ;then From 0883f1ea605ebe3d1b5a4161d4d63a672557f6c4 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 8 May 2025 14:34:40 +0800 Subject: [PATCH 16/25] chore(storage): add prometheus metrics --- Dockerfile | 3 ++- charts/registry/templates/_helper.tpl | 5 +++++ charts/registry/templates/registry-secret.yaml | 1 + charts/registry/templates/registry-service.yaml | 3 +++ rootfs/config-example.yml | 5 +++++ 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e14594f..823b551 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,7 +47,8 @@ COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/bin/ /bin/ COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/opt/drycc/nginx /opt/drycc/nginx COPY --chown=${DRYCC_UID}:${DRYCC_GID} rootfs/config-example.yml /opt/drycc/registry/etc/config.yml -ENV DRYCC_REGISTRY_CONFIG /opt/drycc/registry/etc/config.yml +ENV OTEL_TRACES_EXPORTER=none \ + DRYCC_REGISTRY_CONFIG=/opt/drycc/registry/etc/config.yml USER ${DRYCC_UID} VOLUME ["${DRYCC_HOME_DIR}"] diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 2b013c9..05a6d7d 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -4,6 +4,11 @@ env: value: "true" - name: REGISTRY_LOG_LEVEL value: info +- name: "REGISTRY_HTTP_SECRET" + valueFrom: + secretKeyRef: + name: registry-secret + key: secret - name: "DRYCC_REGISTRY_REDIRECT" valueFrom: secretKeyRef: diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index 9621da9..7b396d5 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -6,6 +6,7 @@ metadata: heritage: drycc type: Opaque data: + secret: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "secret" "defaultValue" (randAlphaNum 32) "context" $) }} username: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "username" "defaultValue" (.Values.username | default (randAlphaNum 32)) "context" $) }} password: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "password" "defaultValue" (.Values.password | default (randAlphaNum 32)) "context" $) }} redirect: {{ .Values.redirect | b64enc }} diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index 1ac9221..69e78bc 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -3,6 +3,9 @@ kind: Service metadata: name: drycc-registry annotations: + prometheus.io/path: /metrics + prometheus.io/port: "9000" + prometheus.io/scrape: "true" {{- with .Values.service.annotations }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/rootfs/config-example.yml b/rootfs/config-example.yml index 3277f9a..a55566c 100644 --- a/rootfs/config-example.yml +++ b/rootfs/config-example.yml @@ -9,6 +9,11 @@ storage: rootdirectory: /var/lib/registry http: addr: :5000 + debug: + addr: :9000 + prometheus: + enabled: true + path: /metrics headers: X-Content-Type-Options: [nosniff] health: From beef8abe3d339c9d739c5900bb29020db76ecd16 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 12 May 2025 09:34:54 +0800 Subject: [PATCH 17/25] chore(charts): change resources format --- charts/registry/templates/_helper.tpl | 20 ------------ .../templates/registry-deployment.yaml | 5 ++- .../templates/registry-proxy-daemonset.yaml | 14 +++------ charts/registry/values.yaml | 31 ++++++++++++++++--- 4 files changed, 35 insertions(+), 35 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 05a6d7d..208561e 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -69,23 +69,3 @@ env: key: secretkey {{- end }} {{- end }} - -{{/* Generate registry deployment limits */}} -{{- define "registry.limits" -}} -{{- if or (.Values.limitsCpu) (.Values.limitsMemory)}} -resources: - limits: - {{- if (.Values.limitsCpu) }} - cpu: {{.Values.limitsCpu}} - {{- end }} - {{- if (.Values.limitsMemory) }} - memory: {{.Values.limitsMemory}} - {{- end }} - {{- if (.Values.limitsHugepages2Mi) }} - hugepages-2Mi: {{.Values.limitsHugepages2Mi}} - {{- end }} - {{- if (.Values.limitsHugepages1Gi) }} - hugepages-1Gi: {{.Values.limitsHugepages1Gi}} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/registry/templates/registry-deployment.yaml b/charts/registry/templates/registry-deployment.yaml index 85e018b..dc362e3 100644 --- a/charts/registry/templates/registry-deployment.yaml +++ b/charts/registry/templates/registry-deployment.yaml @@ -47,7 +47,10 @@ spec: args: - start-registry {{- end }} - {{- include "registry.limits" . | indent 8 }} + {{- with index .Values "resources" }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} {{- include "registry.envs" . | indent 8 }} {{- if not .Values.diagnosticMode.enabled }} startupProbe: diff --git a/charts/registry/templates/registry-proxy-daemonset.yaml b/charts/registry/templates/registry-proxy-daemonset.yaml index 49167fb..2993c21 100644 --- a/charts/registry/templates/registry-proxy-daemonset.yaml +++ b/charts/registry/templates/registry-proxy-daemonset.yaml @@ -47,16 +47,10 @@ spec: args: - start-proxy {{- end }} - {{- if or (.Values.limitsCpu) (.Values.limitsMemory)}} + {{- with index .Values "proxy" "resources" }} resources: - limits: - {{- if (.Values.limitsCpu) }} - cpu: {{.Values.limitsCpu}} - {{- end}} - {{- if (.Values.limitsMemory) }} - memory: {{.Values.limitsMemory}} - {{- end}} - {{- end}} + {{- toYaml . | nindent 10 }} + {{- end }} {{- if not .Values.diagnosticMode.enabled }} startupProbe: httpGet: @@ -101,4 +95,4 @@ spec: key: password ports: - containerPort: 8080 - hostPort: {{.Values.proxyPort}} + hostPort: {{.Values.proxy.port}} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 232250f..282b25e 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -2,8 +2,6 @@ imageOrg: "drycc" imagePullPolicy: "Always" imageTag: "canary" imageRegistry: "registry.drycc.cc" -# limitsCpu: "100m" -# limitsMemory: "50Mi" ## Enable diagnostic mode ## @@ -40,8 +38,25 @@ podAntiAffinityPreset: replicas: 1 # registry storage redirect redirect: "false" -# host port for the registry proxy in the daemonset -proxyPort: 5555 + +proxy: + # host port for the registry proxy in the daemonset + port: 5555 + resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi + +resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi concurrencyPolicy: "Replace" @@ -59,3 +74,11 @@ storage: service: # Provide any additional service annotations annotations: {} + +resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi From 3070676f77bd6d46b22cf1d0a5bbc9dc60bd22dd Mon Sep 17 00:00:00 2001 From: lijianguo Date: Thu, 3 Jul 2025 16:11:54 +0800 Subject: [PATCH 18/25] Merge pull request #15 from jianxiaoguo/main chore(registry): update cronjob command --- charts/registry/templates/registry-cronjob-daily.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/registry/templates/registry-cronjob-daily.yaml b/charts/registry/templates/registry-cronjob-daily.yaml index d052868..442841b 100644 --- a/charts/registry/templates/registry-cronjob-daily.yaml +++ b/charts/registry/templates/registry-cronjob-daily.yaml @@ -41,6 +41,6 @@ spec: - -ec - | # run garbage collect - boot garbage-collect ${DRYCC_REGISTRY_CONFIG} --dry-run --delete-untagged + start-registry garbage-collect ${DRYCC_REGISTRY_CONFIG} --dry-run --delete-untagged {{- end }} {{- include "registry.envs" . | indent 12 }} From b8c0a9db3263799bd937c0e41542422296b0d2f2 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 11 Jul 2025 10:44:34 +0800 Subject: [PATCH 19/25] chore(registry): add --ignore-existing --- rootfs/bin/init-registry | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index 2b762a0..0c644fa 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -8,21 +8,8 @@ mc config host add storage \ "${DRYCC_STORAGE_SECRETKEY}" \ --lookup "${DRYCC_STORAGE_LOOKUP}" \ --api s3v4 - -has_bucket(){ - mc ls storage -json|jq -r '.key'|grep -w "${DRYCC_STORAGE_BUCKET}" -} - mc ping storage -x - -if [ -z "$(has_bucket)" ] ;then - mc mb storage/"${DRYCC_STORAGE_BUCKET}" - if [ -z "$(has_bucket)" ] ;then - echo "create bucket ${DRYCC_STORAGE_BUCKET} error" - exit 1 - fi -fi -echo "create bucket ${DRYCC_STORAGE_BUCKET} success" +mc mb --ignore-existing storage/"${DRYCC_STORAGE_BUCKET}" htpasswd -Bbn "${DRYCC_REGISTRY_USERNAME}" "${DRYCC_REGISTRY_PASSWORD}" > "${REGISTRY_AUTH_HTPASSWD_PATH}" echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" \ No newline at end of file From 2e6778db7e8f0e4a77f24a24929833fcedb78d76 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 15 Jul 2025 23:29:41 +0800 Subject: [PATCH 20/25] chore(charts): remove cluster domain --- charts/registry/templates/_helper.tpl | 2 +- charts/registry/templates/registry-proxy-daemonset.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 208561e..35b6554 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -56,7 +56,7 @@ env: - name: "DRYCC_STORAGE_BUCKET" value: "registry" - name: "DRYCC_STORAGE_ENDPOINT" - value: {{ printf "http://drycc-storage.%s.svc.%s:9000" .Release.Namespace .Values.global.clusterDomain }} + value: http://drycc-storage:9000 - name: "DRYCC_STORAGE_ACCESSKEY" valueFrom: secretKeyRef: diff --git a/charts/registry/templates/registry-proxy-daemonset.yaml b/charts/registry/templates/registry-proxy-daemonset.yaml index 2993c21..c83a364 100644 --- a/charts/registry/templates/registry-proxy-daemonset.yaml +++ b/charts/registry/templates/registry-proxy-daemonset.yaml @@ -35,7 +35,7 @@ spec: - $(DRYCC_REGISTRY_HOST) env: - name: "DRYCC_REGISTRY_HOST" - value: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain }} + value: drycc-registry:5000 containers: - name: drycc-registry-proxy image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/registry:{{.Values.imageTag}} @@ -82,7 +82,7 @@ spec: {{- end }} env: - name: "DRYCC_REGISTRY_HOST" - value: {{ printf "drycc-registry.%s.svc.%s:5000" .Release.Namespace .Values.global.clusterDomain }} + value: drycc-registry:5000 - name: "DRYCC_REGISTRY_USERNAME" valueFrom: secretKeyRef: From a7f785fcab21815c3a76e9d388e6bf1e794e81ac Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 22 Jul 2025 10:59:31 +0800 Subject: [PATCH 21/25] chore(storage): use path style replace lookup --- charts/registry/templates/_helper.tpl | 14 +++++++------- charts/registry/templates/registry-secret.yaml | 2 +- charts/registry/values.yaml | 2 +- contrib/ci/test.sh | 2 +- main.go | 4 ++-- rootfs/bin/init-registry | 6 +++--- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index 35b6554..a0a03b9 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -25,11 +25,6 @@ env: name: registry-secret key: password {{- if (.Values.storageEndpoint) }} -- name: "DRYCC_STORAGE_LOOKUP" - valueFrom: - secretKeyRef: - name: registry-secret - key: storage-lookup - name: "DRYCC_STORAGE_BUCKET" valueFrom: secretKeyRef: @@ -50,9 +45,12 @@ env: secretKeyRef: name: registry-secret key: storage-secretkey +- name: "DRYCC_STORAGE_PATH_STYLE" + valueFrom: + secretKeyRef: + name: registry-secret + key: storage-path-style {{- else if .Values.storage.enabled }} -- name: "DRYCC_STORAGE_LOOKUP" - value: "path" - name: "DRYCC_STORAGE_BUCKET" value: "registry" - name: "DRYCC_STORAGE_ENDPOINT" @@ -67,5 +65,7 @@ env: secretKeyRef: name: storage-creds key: secretkey +- name: "DRYCC_STORAGE_PATH_STYLE" + value: "on" {{- end }} {{- end }} diff --git a/charts/registry/templates/registry-secret.yaml b/charts/registry/templates/registry-secret.yaml index 7b396d5..9fa12be 100644 --- a/charts/registry/templates/registry-secret.yaml +++ b/charts/registry/templates/registry-secret.yaml @@ -11,9 +11,9 @@ data: password: {{ include "common.secrets.lookup" (dict "secret" "registry-secret" "key" "password" "defaultValue" (.Values.password | default (randAlphaNum 32)) "context" $) }} redirect: {{ .Values.redirect | b64enc }} {{- if (.Values.storageEndpoint) }} - storage-lookup: {{ .Values.storageLookup | b64enc }} storage-bucket: {{ .Values.storageBucket | b64enc }} storage-endpoint: {{ .Values.storageEndpoint | b64enc }} storage-accesskey: {{ .Values.storageAccesskey | b64enc }} storage-secretkey: {{ .Values.storageSecretkey | b64enc }} + storage-path-style: {{ .Values.storagePathStyle | b64enc }} {{- end }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index 282b25e..87a2895 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -61,11 +61,11 @@ resources: {} concurrencyPolicy: "Replace" # The following parameters will no longer use the built-in storage component. -storageLookup: "auto" storageBucket: "builder" storageEndpoint: "" storageAccesskey: "" storageSecretkey: "" +storagePathStyle: "auto" storage: enabled: true diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 58ec868..896f63e 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -22,11 +22,11 @@ REGISTRY_JOB=$(podman run -d --rm \ -e DRYCC_REGISTRY_REDIRECT=false \ -e DRYCC_REGISTRY_USERNAME=admin \ -e DRYCC_REGISTRY_PASSWORD=admin \ - -e DRYCC_STORAGE_LOOKUP=path \ -e DRYCC_STORAGE_BUCKET=registry \ -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:9000" \ -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ + -e DRYCC_STORAGE_PATH_STYLE=on \ "$1" start-registry) # shellcheck disable=SC2317 diff --git a/main.go b/main.go index 13718e0..ef543e0 100644 --- a/main.go +++ b/main.go @@ -14,11 +14,11 @@ const ( registryHtpasswd = "/opt/drycc/registry/etc/htpasswd" registryConfigEnvVar = "DRYCC_REGISTRY_CONFIG" registryRedirectEnvVar = "DRYCC_REGISTRY_REDIRECT" - storageLookupEnvVar = "DRYCC_STORAGE_LOOKUP" storageBucketEnvVar = "DRYCC_STORAGE_BUCKET" storageEndpointEnvVar = "DRYCC_STORAGE_ENDPOINT" storageAccesskeyEnvVar = "DRYCC_STORAGE_ACCESSKEY" storageSecretkeyEnvVar = "DRYCC_STORAGE_SECRETKEY" + storagePathStyleEnvVar = "DRYCC_STORAGE_PATH_STYLE" defaultCommand = "serve" ) @@ -40,7 +40,7 @@ func main() { os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", os.Getenv(storageSecretkeyEnvVar)) os.Setenv("REGISTRY_STORAGE_S3_BUCKET", os.Getenv(storageBucketEnvVar)) - if os.Getenv(storageLookupEnvVar) == "path" { + if os.Getenv(storagePathStyleEnvVar) == "on" { os.Setenv("REGISTRY_STORAGE_S3_FORCEPATHSTYLE", "true") } diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index 0c644fa..cf0a674 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -2,12 +2,12 @@ set -e -mc config host add storage \ +mc alias set storage \ "${DRYCC_STORAGE_ENDPOINT}" \ "${DRYCC_STORAGE_ACCESSKEY}" \ "${DRYCC_STORAGE_SECRETKEY}" \ - --lookup "${DRYCC_STORAGE_LOOKUP}" \ - --api s3v4 + --path "${DRYCC_STORAGE_PATH_STYLE}" + mc ping storage -x mc mb --ignore-existing storage/"${DRYCC_STORAGE_BUCKET}" From d54e502b67b728b3c628a3b267777aeb120b6b2c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 2 Sep 2025 14:02:37 +0800 Subject: [PATCH 22/25] fix(shell): check storage ready --- rootfs/bin/init-registry | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index cf0a674..fbf570e 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -9,7 +9,12 @@ mc alias set storage \ --path "${DRYCC_STORAGE_PATH_STYLE}" mc ping storage -x +if ! mc admin info storage > /dev/null 2>&1; then + sleep 9s +else + mc ready storage +fi mc mb --ignore-existing storage/"${DRYCC_STORAGE_BUCKET}" htpasswd -Bbn "${DRYCC_REGISTRY_USERNAME}" "${DRYCC_REGISTRY_PASSWORD}" > "${REGISTRY_AUTH_HTPASSWD_PATH}" -echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" \ No newline at end of file +echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" From 78e4360cc297c0babccfa8311d73a56727ace3c1 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sat, 13 Sep 2025 23:31:38 +0800 Subject: [PATCH 23/25] chore(registry): bump new version --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 823b551..c7f5b3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,8 +15,8 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ - MC_VERSION="2025.04.03.17.07.56" \ - NGINX_VERSION="1.25.1" \ + MC_VERSION="2025.08.13.08.35.41" \ + NGINX_VERSION="1.29.1" \ REGISTRY_VERSION="3.0.0" RUN groupadd drycc --gid ${DRYCC_GID} \ From f866599a3ec14f56eaf50fe97c8b1edada0fc17c Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 7 Nov 2025 10:18:27 +0800 Subject: [PATCH 24/25] chore(registry): change env to build arg --- Dockerfile | 6 +++--- charts/registry/templates/_helper.tpl | 2 +- contrib/ci/test.sh | 8 ++++---- main.go | 2 +- rootfs/bin/init-registry | 23 +++++++++++++---------- 5 files changed, 22 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index c7f5b3d..e9e37c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,20 +11,20 @@ RUN export GO111MODULE=on \ FROM registry.drycc.cc/drycc/base:${CODENAME} -ENV DRYCC_UID=1001 \ +ARG DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/var/lib/registry \ JQ_VERSION="1.7.1" \ - MC_VERSION="2025.08.13.08.35.41" \ NGINX_VERSION="1.29.1" \ + RCLONE_VERSION="1.71.1" \ REGISTRY_VERSION="3.0.0" RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \ && install-packages apache2-utils \ && install-stack jq $JQ_VERSION \ - && install-stack mc $MC_VERSION \ && install-stack nginx ${NGINX_VERSION} \ + && install-stack rclone $RCLONE_VERSION \ && install-stack registry $REGISTRY_VERSION \ && rm -rf \ /usr/share/doc \ diff --git a/charts/registry/templates/_helper.tpl b/charts/registry/templates/_helper.tpl index a0a03b9..cd87b72 100644 --- a/charts/registry/templates/_helper.tpl +++ b/charts/registry/templates/_helper.tpl @@ -66,6 +66,6 @@ env: name: storage-creds key: secretkey - name: "DRYCC_STORAGE_PATH_STYLE" - value: "on" + value: "true" {{- end }} {{- end }} diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh index 896f63e..6be70b3 100755 --- a/contrib/ci/test.sh +++ b/contrib/ci/test.sh @@ -7,9 +7,9 @@ DRYCC_STORAGE_SECRETKEY=f4c4281665bc11ee8e0400163e04a9cd STORAGE_JOB=$(podman run -d --rm --entrypoint init-stack \ - -e MINIO_ROOT_USER="${DRYCC_STORAGE_ACCESSKEY}" \ - -e MINIO_ROOT_PASSWORD="${DRYCC_STORAGE_SECRETKEY}" \ - "${DEV_REGISTRY}"/drycc/storage:canary minio server /data) + -e RUSTFS_ACCESS_KEY="${DRYCC_STORAGE_ACCESSKEY}" \ + -e RUSTFS_SECRET_KEY="${DRYCC_STORAGE_SECRETKEY}" \ + "${DEV_REGISTRY}"/drycc/storage:canary rustfs /data) # wait for port STORAGE_IP=$(podman inspect --format "{{ .NetworkSettings.IPAddress }}" "${STORAGE_JOB}") @@ -26,7 +26,7 @@ REGISTRY_JOB=$(podman run -d --rm \ -e DRYCC_STORAGE_ENDPOINT="http://${STORAGE_IP}:9000" \ -e DRYCC_STORAGE_ACCESSKEY="${DRYCC_STORAGE_ACCESSKEY}" \ -e DRYCC_STORAGE_SECRETKEY="${DRYCC_STORAGE_SECRETKEY}" \ - -e DRYCC_STORAGE_PATH_STYLE=on \ + -e DRYCC_STORAGE_PATH_STYLE=true \ "$1" start-registry) # shellcheck disable=SC2317 diff --git a/main.go b/main.go index ef543e0..27b534c 100644 --- a/main.go +++ b/main.go @@ -40,7 +40,7 @@ func main() { os.Setenv("REGISTRY_STORAGE_S3_SECRETKEY", os.Getenv(storageSecretkeyEnvVar)) os.Setenv("REGISTRY_STORAGE_S3_BUCKET", os.Getenv(storageBucketEnvVar)) - if os.Getenv(storagePathStyleEnvVar) == "on" { + if os.Getenv(storagePathStyleEnvVar) == "true" { os.Setenv("REGISTRY_STORAGE_S3_FORCEPATHSTYLE", "true") } diff --git a/rootfs/bin/init-registry b/rootfs/bin/init-registry index fbf570e..4d05fc8 100755 --- a/rootfs/bin/init-registry +++ b/rootfs/bin/init-registry @@ -2,19 +2,22 @@ set -e -mc alias set storage \ - "${DRYCC_STORAGE_ENDPOINT}" \ - "${DRYCC_STORAGE_ACCESSKEY}" \ - "${DRYCC_STORAGE_SECRETKEY}" \ - --path "${DRYCC_STORAGE_PATH_STYLE}" -mc ping storage -x -if ! mc admin info storage > /dev/null 2>&1; then +mkdir -p ~/.config/rclone +touch ~/.config/rclone/rclone.conf +rclone config create storage s3 \ + provider=Other \ + access_key_id="${DRYCC_STORAGE_ACCESSKEY}" \ + secret_access_key="${DRYCC_STORAGE_SECRETKEY}" \ + endpoint="${DRYCC_STORAGE_ENDPOINT}" \ + force_path_style="${DRYCC_STORAGE_PATH_STYLE:-true}" --no-output + +if ! rclone lsd storage: > /dev/null 2>&1; then sleep 9s -else - mc ready storage + echo "waiting for object storage to become ready..." fi -mc mb --ignore-existing storage/"${DRYCC_STORAGE_BUCKET}" + +rclone mkdir "storage:${DRYCC_STORAGE_BUCKET}" htpasswd -Bbn "${DRYCC_REGISTRY_USERNAME}" "${DRYCC_REGISTRY_PASSWORD}" > "${REGISTRY_AUTH_HTPASSWD_PATH}" echo "create ${REGISTRY_AUTH_HTPASSWD_PATH} success" From d5af6b12a5cf5d2feab04e6210a0a4cdda496e7e Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 1 Apr 2026 11:30:29 +0800 Subject: [PATCH 25/25] fix(charts): warning I0401 --- charts/registry/templates/registry-service.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/registry/templates/registry-service.yaml b/charts/registry/templates/registry-service.yaml index 69e78bc..fbafcf2 100644 --- a/charts/registry/templates/registry-service.yaml +++ b/charts/registry/templates/registry-service.yaml @@ -15,4 +15,3 @@ spec: clusterIP: None selector: app: drycc-registry - sessionAffinity: ClientIP