WIP: app/registry: ceph object storage
diff --git a/app/registry/prod.jsonnet b/app/registry/prod.jsonnet
index 28d706d..5fc2172 100644
--- a/app/registry/prod.jsonnet
+++ b/app/registry/prod.jsonnet
@@ -11,6 +11,7 @@
cfg:: {
namespace: "registry",
domain: "k0.hswaw.net",
+ storageClassName: "waw-hdd-redundant-1",
},
metadata(component):: {
@@ -100,6 +101,19 @@
},
},
+ authVolumeClaim: kube.PersistentVolumeClaim("auth-token-storage") {
+ metadata+: app.metadata("auth-token-storage"),
+ spec+: {
+ storageClassName: cfg.storageClassName,
+ accessModes: [ "ReadWriteOnce" ],
+ resources: {
+ requests: {
+ storage: "1Gi",
+ },
+ },
+ },
+ },
+
authConfig: kube.ConfigMap("auth-config") {
metadata+: app.metadata("auth-config"),
data: {
@@ -121,7 +135,7 @@
profile_url: "https://sso.hackerspace.pl/api/1/profile",
redirect_url: "https://registry.k0.hswaw.net/oauth2",
username_key: "username",
- token_db: "/tmp/oauth2_tokens.ldb",
+ token_db: "/data/oauth2_tokens.ldb",
registry_url: "https://registry.k0.hswaw.net",
},
acl: [
@@ -152,6 +166,7 @@
template+: {
spec+: {
volumes_: {
+ data: kube.PersistentVolumeClaimVolume(app.authVolumeClaim),
config: kube.ConfigMapVolume(app.authConfig),
certs: {
secret: { secretName: app.authCertificate.spec.secretName },
@@ -167,6 +182,7 @@
config: { mountPath: "/config" },
certs: { mountPath: "/certs" },
secrets: { mountPath: "/secrets" },
+ data: { mountPath: "/data" },
},
},
},
@@ -254,4 +270,14 @@
],
},
},
+
+ registryStorageUser: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "registry") {
+ metadata+: {
+ namespace: "ceph-waw1",
+ },
+ spec: {
+ store: "waw-hdd-redundant-1-object",
+ displayName: "docker-registry user",
+ },
+ },
}