INT 21h

Hi, I am Vladimir Smagin, SysAdmin and Kaptain. Telegram Email / GIT / Thingiverse / RSS / GPG

Private Docker Registry in DigitalOcean Kubernetes with s3 storage in Spaces

№ 10420 В разделе "Sysadmin" от December 4th, 2019,
В подшивках: , ,

Prepare Configmap with auth information. Use command htpasswd -Bbn vlad 123 to create login and password for users. No need to restart all pods of registry to apply changes. May be you want to store it in Secret resource, at your choice.

Example:

---
apiVersion: v1
kind: ConfigMap
metadata:
  creationTimestamp: null
  name: registry-auth
data:
  htpasswd: |
    vlad:$2y$05$anFCx3pAPG/BNxPsEKcau.LPKjWFN7hHkoXbvIMp7Jie97uYafuSq

Now create bucket my-own-registry in Spaces with access key id and secret key. Do not forget to set http_secret and nodeSelector. http_secret required if you want multiple pods.

Example:

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: registry
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: registry
    spec:
      containers:
      - name: registry
        image: registry:2
        ports:
        - name: registry
          containerPort: 5000
        volumeMounts:
        - mountPath: /auth
          name: auth
        env:
        - name: REGISTRY_STORAGE_DELETE_ENABLED
          value: "true"
        - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED
          value: "false"
        - name: REGISTRY_AUTH
          value: "htpasswd"
        - name: REGISTRY_AUTH_HTPASSWD_REALM
          value: "Registry Realm"
        - name: REGISTRY_AUTH_HTPASSWD_PATH
          value: /auth/htpasswd
        - name: REGISTRY_STORAGE
          value: "s3"
        - name: REGISTRY_STORAGE_S3_ACCESSKEY
          value: "TVV3WXZ233MEPEBXFP7X"
        - name: REGISTRY_STORAGE_S3_SECRETKEY
          value: "ERlofd+hb9Ps1oBR5jUJuPa9NIMRSLxvUyulKJnt8S0"
        - name: REGISTRY_STORAGE_S3_BUCKET
          value: "my-own-registry"
        - name: REGISTRY_STORAGE_S3_REGION
          value: "fra1"
        - name: REGISTRY_STORAGE_S3_REGIONENDPOINT
          value: "https://fra1.digitaloceanspaces.com"
        - name: REGISTRY_LOG_LEVEL
          value: "info"
        - name: REGISTRY_HTTP_ADDR
          value: "0.0.0.0:5000"
        - name: REGISTRY_HTTP_SECRET
          value: sexy_pony
        resources:
          limits:
            cpu: 100m
            memory: 200Mi
          requests:
            cpu: 50m
            memory: 50Mi
      volumes:
      - name: auth
        configMap:
          name: registry-auth
      nodeSelector:
        doks.digitalocean.com/node-pool: infra

Last step easily shares registry. Set limit for image size in proxy-body-size, value 0 means no limits.

Example:

---
apiVersion: v1
kind: Service
metadata:
  name: registry
  labels:
    name: registry
spec:
  ports:
  - port: 80
    targetPort: registry
    protocol: TCP
    name: registry
  selector:
    name: registry
  type: ClusterIP

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
  name: registry
spec:
  rules:
  - host: registry.k8s.blindage.org
    http:
      paths:
      - backend:
          serviceName: registry
          servicePort: registry
        path: /
  tls:
  - hosts:
    - k8s.blindage.org
    - '*.k8s.blindage.org'
    secretName: k8s-blindage-tls

Problems:

time="2019-12-14T22:03:19.448702167Z" level=info msg="PurgeUploads starting: olderThan=2019-12-07 22:03:19.439373039 +0000 UTC m=-601559.638413974, actuallyDelete=true"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc4e6bd]

Its a bug.

Нет комментариев »

CronJobs operator for Kubernetes

№ 10306 В разделах: Programming Sysadmin от September 17th, 2019,
В подшивках: , , ,

Helps to control multiple cronjobs with same image, but different commands.

Checkout code and documentation https://git.blindage.org/21h/cron-operator

Нет комментариев »

Redis operator for Kubernetes

№ 10254 В разделах: Programming Sysadmin от August 27th, 2019,
В подшивках: , , , ,

Redis operator runs Sentinel and Redis, makes Redis high available with HAProxy.

https://git.blindage.org/21h/redis-operator

Нет комментариев »

MQTT operator for Kubernetes

№ 10248 В разделах: Programming Sysadmin от August 23rd, 2019,
В подшивках: , , , ,

Run multiple MQTT instances in your Kubernetes cluster. Can store persistent database.

Documentation and download here https://git.blindage.org/21h/mqtt-operator

Нет комментариев »

Django operator for Kubernetes

№ 10240 В разделах: Programming Sysadmin от August 22nd, 2019,
В подшивках: , , , ,

You can run projects with collectstatic and migrations at init stage, provide ENVs, service and pods annotations.

https://git.blindage.org/21h/django-operator

Full Spec:

image specific settings

PullPolicy: imagePullPolicy, default IfNotPresent
Image: string, required, format “image:tag”
Replicas: integer, default 1

manage resources

Read more about resources limiting here https://kubernetes.io/docs/concepts/policy/resource-quotas/

PodRequests: default is empty
PodLimits: default is empty

Affinity and antiaffinity manual https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

Affinity: default is empty

set annotations to service and pod

ServiceAnnotations: key: value dict, default is empty
PodAnnotations: key: value dict, default is empty

application specific configuration

AppPort: integer, internal application port, default 8000
AppEnv: EnvVar array, default is empty
AppStaticPath: string, path to static files, default /app/static
RunMigrate: bool, run migrations at init stage, default False
RunCollectStatic: bool, run collectstatic at init stage, default False

Нет комментариев »

Яндекс.Метрика

Fortune cookie: Smile, Cthulhu Loathes You.