luneski/onelab-k8s-1.27
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use Swarm default registry creds (manage-images) and configurations.yml placeholders

Browse Source 
Made-with: Cursor
This commit is contained in:
timotheereausanofi
2026-03-20 10:22:05 +01:00
parent 4ef10ffc20
commit e2d50d8d16
5 changed files with 59 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
gitops/charts/onelab/templates/_helpers.tpl
View File

@@ -23,3 +23,11 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }} {{- end }}
{{- define "onelab.dockerconfigjson" -}}
{{- $server := .Values.registry.server -}}
{{- $user := .Values.registry.username -}}
{{- $pass := .Values.registry.password -}}
{{- $auth := printf "%s:%s" $user $pass | b64enc -}}
{{- $entry := dict "username" $user "password" $pass "auth" $auth -}}
{{- dict "auths" (dict $server $entry) | toJson -}}
{{- end }}

13
gitops/charts/onelab/templates/secret-registry.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.registry.createPullSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.registry.pullSecretName }}
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.registry | quote }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ include "onelab.dockerconfigjson" . | b64enc }}
{{- end }}

21
gitops/charts/onelab/values.yaml
View File

@@ -18,6 +18,14 @@ images:
imagePullSecrets: [] imagePullSecrets: []
# - name: hub-andrewalliance # - name: hub-andrewalliance
# Same defaults as app/playbooks/tasks/manage-images.yml (docker login before pull).
registry:
createPullSecret: false
pullSecretName: hub-andrewalliance
server: hub.andrewalliance.com
username: public
password: Andrew01..Release
# hostPath: matches typical single-node Swarm-style install (shared /data and /logs). # hostPath: matches typical single-node Swarm-style install (shared /data and /logs).
# Use persistence.mode: pvc + a ReadWriteMany class for multi-node shared storage. # Use persistence.mode: pvc + a ReadWriteMany class for multi-node shared storage.
persistence: persistence:
@@ -33,7 +41,7 @@ persistence:
postgresql: postgresql:
auth: auth:
password: "changeme-use-strong-password" password: "DBPasswordPlaceholder"
resources: {} resources: {}
redis: redis:
@@ -50,6 +58,7 @@ rabbitmq:
fullchain: "" fullchain: ""
syncWaves: syncWaves:
registry: "-5"
postgres: "-3" postgres: "-3"
statefulDeps: "-2" statefulDeps: "-2"
apps: "0" apps: "0"
@@ -59,12 +68,12 @@ onelab:
mailer: mailer:
noreply: "no-reply@andrewalliance.com" noreply: "no-reply@andrewalliance.com"
secrets: secrets:
authTokenKey: "replace-auth-token-key" authTokenKey: "TokenAuthPlaceholder"
monitoringToken: "replace-monitoring-token" monitoringToken: "TokenMonitoringPlaceholder"
rabbitToken: "replace-rabbit-token" rabbitToken: "TokenRabbitPlaceholder"
intercom: intercom:
appid: "" appid: "zxvgsagz"
secret: "replace-intercom-secret" secret: "QUw2jEV8utIpe9DeYjOqBjhBY9VxjXddKUCISUNu"
features: features:
ldapWorker: false ldapWorker: false

13
gitops/docs/BOOTSTRAP.md
View File

@@ -2,7 +2,9 @@
## 1. Private registry (`hub.andrewalliance.com`) ## 1. Private registry (`hub.andrewalliance.com`)
Pods need an image pull secret in namespace `onelab`: By default, `gitops/values/k3s-example.yaml` matches the Swarm installer (`app/playbooks/tasks/manage-images.yml`): user **`public`**, password **`Andrew01..Release`**, and the chart creates Secret **`hub-andrewalliance`** when `registry.createPullSecret: true`.
To use other credentials, override `registry.username` / `registry.password` or create the secret manually:
```bash ```bash
kubectl create secret docker-registry hub-andrewalliance -n onelab \ kubectl create secret docker-registry hub-andrewalliance -n onelab \
@@ -11,14 +13,7 @@ kubectl create secret docker-registry hub-andrewalliance -n onelab \
--docker-password='YOUR_PASSWORD' --docker-password='YOUR_PASSWORD'
``` ```
Then set in `gitops/values/k3s-example.yaml`: …and set `registry.createPullSecret: false` plus `imagePullSecrets: [{ name: hub-andrewalliance }]`.
```yaml
imagePullSecrets:
- name: hub-andrewalliance
```
Commit, push, and either `helm upgrade` or let Argo CD sync.
## 2. Argo CD + private Git (`git.luneski.fr`) ## 2. Argo CD + private Git (`git.luneski.fr`)

32
gitops/values/k3s-example.yaml
View File

@@ -1,10 +1,16 @@
# k3s / Argo CD overlay (private Git — rotate secrets if this file is ever made public). # Aligned with Swarm installer defaults:
# Add image pull credentials when using hub.andrewalliance.com: # - Registry: app/playbooks/tasks/manage-images.yml (user public, password Andrew01..Release)
# kubectl create secret docker-registry hub-andrewalliance -n onelab \ # - App config sample: app/configurations.yml (placeholders + intercom block)
# --docker-server=hub.andrewalliance.com --docker-username=... --docker-password=...
# then set imagePullSecrets below.
imagePullSecrets: [] registry:
createPullSecret: true
pullSecretName: hub-andrewalliance
server: hub.andrewalliance.com
username: public
password: Andrew01..Release
imagePullSecrets:
- name: hub-andrewalliance
persistence: persistence:
mode: hostPath mode: hostPath
@@ -14,17 +20,17 @@ persistence:
postgresql: postgresql:
auth: auth:
password: "9daLpcV7vKS1zXUElQRO5h4u" password: "DBPasswordPlaceholder"
onelab: onelab:
domain: "https://onelab.example.com" domain: "https://localhost"
secrets: secrets:
authTokenKey: "ntH0Yd3AcsqwMu7ah8xLbWFS4BK5GUmi" authTokenKey: "TokenAuthPlaceholder"
monitoringToken: "Cj4ix7wdg8XPIsDAFENKRTmh6lkvBLZp" monitoringToken: "TokenMonitoringPlaceholder"
rabbitToken: "GmSWRv14PXZuyM5QDgb8wpxk0dh7F6IJ" rabbitToken: "TokenRabbitPlaceholder"
intercom: intercom:
appid: "" appid: "zxvgsagz"
secret: "" secret: "QUw2jEV8utIpe9DeYjOqBjhBY9VxjXddKUCISUNu"
revproxy: revproxy:
serviceType: NodePort serviceType: NodePort