kadet.net/servers
1
0
Fork 0
Code Releases Activity

Add self-hosted docker-registry

Browse Source
This commit is contained in:
Kacper Donat 2021-04-13 21:04:14 +02:00
parent 216fd6b447
commit e93948d378
7 changed files with 115 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
services/portainer/stack.yml
View File

@ -20,7 +20,7 @@ services:
- portainer_data:/data - portainer_data:/data
networks: networks:
- agent_network - agent_network
- {{ ingress_network }} - "{{ ingress_network }}"
deploy: deploy:
mode: replicated mode: replicated
replicas: 1 replicas: 1

21
services/registry/config/config.yml Normal file
View File

@ -0,0 +1,21 @@
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
{{ registry_storage|to_nice_yaml(indent=2, width=140)|indent(2) }}
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/htpasswd
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3

30
services/registry/stack.yml Normal file
View File

@ -0,0 +1,30 @@
version: "{{ compose_version }}"
services:
registry:
image: registry:2
secrets:
- source: htpasswd_{{ registry_htpasswd.stat.checksum }}
target: /etc/docker/registry/htpasswd
configs:
- source: registry_{{ registry_config.checksum }}
target: /etc/docker/registry/config.yml
deploy:
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.{{ service }}.rule=Host(`{{ service }}.{{ main_domain }}`)
- traefik.http.routers.{{ service }}.tls=true
- traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
- traefik.http.services.{{ service }}.loadbalancer.server.port=5000
networks: ['{{ ingress_network }}']
configs:
registry_{{ registry_config.checksum }}:
file: ./config/config.yml
secrets:
htpasswd_{{ registry_htpasswd.stat.checksum }}:
file: ./config/htpasswd

29
services/registry/tasks/config.yml Normal file
View File

@ -0,0 +1,29 @@
---
- name: 'Copy config for "{{ service }}"'
template:
src: "{{ service_path }}/config/config.yml"
dest: "{{ remote_service_path }}/config/config.yml"
register: registry_config
tags:
- config
- name: 'Generate passwords file for "{{ service }}"'
community.general.htpasswd:
path: "{{ remote_service_path }}/config/htpasswd"
name: "{{ registry_user.name }}"
crypt_scheme: bcrypt
password: "{{ registry_user.password }}"
loop: "{{ registry_users }}"
loop_control:
loop_var: registry_user
label: "{{ registry_user.name }}"
tags:
- config
- name: 'Compute config hash for passwords file of "{{ service }}"'
ansible.builtin.stat:
path: "{{ remote_service_path }}/config/htpasswd"
get_mime: no
get_attributes: no
get_checksum: yes
register: registry_htpasswd

1
tasks/deploy.yml
View File

@ -13,6 +13,7 @@
with_dict: "{{ service_config[service]|default({}) }}" with_dict: "{{ service_config[service]|default({}) }}"
loop_control: loop_control:
loop_var: variable loop_var: variable
label: "{{ variable.key }}"
tags: tags:
- always - always

2
vars/environment.yml
View File

@ -4,6 +4,8 @@ pip_install_packages:
- docker - docker
- jsondiff - jsondiff
- pyyaml - pyyaml
- passlib
- bcrypt
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
pip_package: python3-pip pip_package: python3-pip
pip_executable: pip3 pip_executable: pip3

31
vars/services.yml
View File

@ -38,5 +38,36 @@ service_config:
cojedzie: cojedzie:
cojedzie_gtm: GTM-TQNX386 cojedzie_gtm: GTM-TQNX386
registry:
registry_users:
- name: kadet
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62613965333632643231306232323064306439313330353830663132393137633632613839656463
6335356336383632313765393634356563393066316261660a643762366532623735626430636634
35333465663730383033313762353539323663613038366531626163336430663062313466626137
6330386139356263390a663366633232346637346233653261373330343864613262313465336432
31366633323433653632366633376533343764343565653737633837383330323630313433323836
6530363533656439663631636532363864373666343163376632
registry_storage:
s3:
accesskey: !vault |
$ANSIBLE_VAULT;1.1;AES256
62343638373430393732616566373062633161316565646161613739363364346266663461386134
6662356631333130323835386365393864633332643064360a313738373234323336376434663234
66666137653065383762303365643663303365376662663931316430346331373538323963353263
3961663835393334370a613137316433396637316437616662356364626535626166333930356139
36323930633662363664663064346239386230616537353332356338653463356365
secretkey: !vault |
$ANSIBLE_VAULT;1.1;AES256
62386333363935343736626233333035373534316636303063313039633764653162643761393431
6137393061623538346562623731373937643361353839620a356662373131623263636663626334
35353435613763346139613931316537626434363462646139366539636139336161623463343433
6563656236663563650a313965336364323134336531373135666162663232623261313362663363
36363165623231616331613165626563383038613534303465646530303132623930
region: eu-central-003
regionendpoint: https://s3.eu-central-003.backblazeb2.com
bucket: kadet-docker
www_data_users: www_data_users:
- vagrant - vagrant