app/registry: migrate to ceph object storage
diff --git a/app/registry/prod.jsonnet b/app/registry/prod.jsonnet
index 5fc2172..65b2413 100644
--- a/app/registry/prod.jsonnet
+++ b/app/registry/prod.jsonnet
@@ -1,6 +1,7 @@
# registry.k0.hswaw.net, a private docker registry
# This needs an oauth2 secret provisioned, create with:
# kubectl -n registry create secret generic auth --from-literal=oauth2_secret=...
+# kubectl get secrets rook-ceph-object-user-waw-hdd-redundant-1-object-registry -n ceph-waw1 -o yaml --export | kubectl replace -f - -n registry
local kube = import "../../kube/kube.libsonnet";
local cm = import "../../cluster/kube/lib/cert-manager.libsonnet";
@@ -68,8 +69,10 @@
cache: {
blobdescriptor: "inmemory",
},
- filesystem: {
- rootdirectory: "/var/lib/registry",
+ s3: {
+ regionendpoint: "https://object.ceph-waw1.hswaw.net",
+ bucket: "registry",
+ region: "waw-hdd-redunant-1-object:default-placement",
},
},
http: {
@@ -81,6 +84,9 @@
certificate: "/certs/tls.crt",
key: "/certs/tls.key",
},
+ debug: {
+ addr: "localhost:5001",
+ },
},
health: {
storagedriver: {
@@ -224,6 +230,16 @@
certs: { mountPath: "/certs" },
authcerts: { mountPath: "/authcerts" },
},
+ env_: {
+ REGISTRY_STORAGE_S3_ACCESSKEY: { secretKeyRef: {
+ name: "rook-ceph-object-user-waw-hdd-redundant-1-object-registry",
+ key: "AccessKey"
+ }},
+ REGISTRY_STORAGE_S3_SECRETKEY: { secretKeyRef: {
+ name: "rook-ceph-object-user-waw-hdd-redundant-1-object-registry",
+ key: "SecretKey",
+ }},
+ },
},
},
},