From f8684df5a9703dc150380f73e1f63959f9dda022 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 27 Mar 2025 21:13:13 +0100 Subject: [PATCH] Started a big refactoring again --- common/environments.yaml | 2 + common/templates.yaml | 9 ++ common/values/values.badhouseplants.yaml | 5 +- common/values/values.etersoft.yaml | 1 + helmfile.yaml | 10 +- helmfiles/base.yaml | 18 +++ helmfiles/system.yaml | 11 ++ installations/system/helmfile.yaml | 18 +-- .../kube-system/namespaces/secrets.yaml | 21 +++ .../namespaces/values.yaml} | 4 +- .../kube-system/roles/values.yaml | 24 +++ values/badhouseplants/secrets.namespaces.yaml | 21 --- .../coredns/values.gotmpl} | 8 +- .../kube-system/namespaces/secrets.yaml | 21 +++ .../namespaces/values.yaml} | 2 + values/etersoft/kube-system/roles/values.yaml | 1 + values/etersoft/secrets.zot-mirror.yaml | 22 +++ values/etersoft/values.zot-mirror.yaml | 149 ++++++++++++++++++ 18 files changed, 294 insertions(+), 53 deletions(-) create mode 100644 common/values/values.etersoft.yaml create mode 100644 helmfiles/base.yaml create mode 100644 helmfiles/system.yaml create mode 100644 values/badhouseplants/kube-system/namespaces/secrets.yaml rename values/badhouseplants/{values.namespaces.yaml => kube-system/namespaces/values.yaml} (100%) create mode 100644 values/badhouseplants/kube-system/roles/values.yaml delete mode 100644 values/badhouseplants/secrets.namespaces.yaml rename values/common/{values.coredns.yaml => kube-system/coredns/values.gotmpl} (89%) create mode 100644 values/etersoft/kube-system/namespaces/secrets.yaml rename values/etersoft/{values.namespaces.yaml => kube-system/namespaces/values.yaml} (53%) create mode 100644 values/etersoft/kube-system/roles/values.yaml create mode 100644 values/etersoft/secrets.zot-mirror.yaml create mode 100644 values/etersoft/values.zot-mirror.yaml diff --git a/common/environments.yaml b/common/environments.yaml index 7841f50..62a4e02 100644 --- a/common/environments.yaml +++ b/common/environments.yaml @@ -2,6 +2,7 @@ environments: badhouseplants: kubeContext: badhouseplants values: + - ./values/values.badhouseplants.yaml - base: enabled: true - velero: @@ -25,6 +26,7 @@ environments: etersoft: kubeContext: etersoft values: + - ./values/values.etersoft.yaml - base: enabled: true - velero: diff --git a/common/templates.yaml b/common/templates.yaml index 9195296..a7a5fe1 100644 --- a/common/templates.yaml +++ b/common/templates.yaml @@ -37,9 +37,18 @@ templates: default-env-secrets: secrets: - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml' + common-values: + values: + - '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml' + common-values-tpl: + values: + - '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl' env-values: values: - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml' + env-values-tpl: + values: + - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl' env-secrets: secrets: - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml' diff --git a/common/values/values.badhouseplants.yaml b/common/values/values.badhouseplants.yaml index 393b626..1e2f9e0 100644 --- a/common/values/values.badhouseplants.yaml +++ b/common/values/values.badhouseplants.yaml @@ -1,4 +1 @@ -namespaces: - kubeSystem: kube-system - kubePublic: kube-public - +registry: registry.badhouseplants.net diff --git a/common/values/values.etersoft.yaml b/common/values/values.etersoft.yaml new file mode 100644 index 0000000..4f56c2a --- /dev/null +++ b/common/values/values.etersoft.yaml @@ -0,0 +1 @@ +registry: registry.ru.badhouseplants.net diff --git a/helmfile.yaml b/helmfile.yaml index a0b58bb..2feb0e9 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -1,11 +1,5 @@ bases: - ./common/environments.yaml - ./common/templates.yaml -helmfiles: - - ./installations/system/ - - ./installations/databases/ - - ./installations/platform/ - - ./installations/pipelines/ - - ./installations/monitoring/ - - ./installations/applications/helmfile-{{ .Environment.Name }}.yaml - - ./installations/games/ + - ./helmfiles/base.yaml + - ./helmfiles/system.yaml diff --git a/helmfiles/base.yaml b/helmfiles/base.yaml new file mode 100644 index 0000000..c80ef14 --- /dev/null +++ b/helmfiles/base.yaml @@ -0,0 +1,18 @@ +releases: + # -- This one must be executed with --take-ownership at least once + - name: namespaces + chart: ./charts/namespaces/chart + namespace: kube-system + createNamespace: false + inherit: + - template: env-values + - template: env-secrets + + - name: roles + chart: ./charts/roles + namespace: kube-system + createNamespace: false + needs: + - kube-system/namespaces + inherit: + - template: env-values diff --git a/helmfiles/system.yaml b/helmfiles/system.yaml new file mode 100644 index 0000000..e1dfeec --- /dev/null +++ b/helmfiles/system.yaml @@ -0,0 +1,11 @@ +repositories: + - name: coredns + url: https://coredns.github.io/helm + +releases: + - name: coredns + chart: coredns/coredns + version: 1.39.1 + namespace: kube-system + inherit: + - template: common-values-tpl diff --git a/installations/system/helmfile.yaml b/installations/system/helmfile.yaml index 2e1614d..a9649f0 100644 --- a/installations/system/helmfile.yaml +++ b/installations/system/helmfile.yaml @@ -27,24 +27,8 @@ repositories: url: https://istio-release.storage.googleapis.com/charts - name: zot url: https://zotregistry.dev/helm-charts/ + releases: - - name: namespaces - chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart' - namespace: kube-public - createNamespace: false - inherit: - - template: default-env-values - - template: default-env-secrets - - - name: roles - chart: '{{ requiredEnv "PWD" }}/charts/roles' - namespace: kube-public - createNamespace: false - needs: - - kube-public/namespaces - inherit: - - template: default-env-values - - name: coredns chart: coredns/coredns version: 1.39.1 diff --git a/values/badhouseplants/kube-system/namespaces/secrets.yaml b/values/badhouseplants/kube-system/namespaces/secrets.yaml new file mode 100644 index 0000000..a3458b5 --- /dev/null +++ b/values/badhouseplants/kube-system/namespaces/secrets.yaml @@ -0,0 +1,21 @@ +defaultRegcred: ENC[AES256_GCM,data:lsqr2fBEosOQqYLBwps1hmgFs90zkzbdHpO8UwJWcMl1/CGkyzroACqHkL8taaOnnvwWwadIL8FU3382jamw0Xk5O51bFSBbCxTs3xd4ibwe39ha5YI6YQDHADDb/u1Yw4TctJ/h9xykXHDOL4foE5Z860e16vtMiVvniLD9OGfR6utb9gvZHE2QqZTlHR9U4PY2vLWWQMN3VRvipT7hulmOUzXMVcuBswmyDF39PvTba6Ea7A83V9h6HpqNeSA1ewKREIDOFqjhl7tIit8aQnuee58bJCTVIdg6gyR6yfu6sF22wdUlsJ7CAHtd41sbhEhWGyzJIqg=,iv:J1CfAJmNpI7lgQalYJlXs+JX5I0e6COGrsenMhvDGLA=,tag:nHkq8VF47I/9FS8uGcEyuw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWHpPUkZqbC9LaEtJYzhF + L0hIZUtOa3E4KzJDOFlwaFRVWDdJRnBtR1ZjCnVLNzhyQkdxS2dtK2lFaWRJUkJq + dThURHRTRG5GT1BqaTZRbzlUbXYzWHMKLS0tIFRSa1lkSGQrN1RGdklzYzZNU3BH + ZE0wMk1sRGg1M1lrNVFMTityK3cwK00Kbhugumz27RVo1SJjaljEbklHY6CW7xGD + UCbN0LGh5PPpN6eCbZW8dB1+/lLR9AnyYr6okrGM2iztaJQdlwRvww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-27T10:24:56Z" + mac: ENC[AES256_GCM,data:xGqmh1TPg0OJLSycbnjsF4Ai844ZzlCzawQXmROpORJEiSL/3R1W+2PsBT5KcAfG7y2+Ovyk+l1FeorIPuqnbcezX9zUxMOaFXJylmwvNYXCwoihU6Yx2hg9SuFhnwINAhCLqOaRKIh8xPUaK8nRVqwJJa0jW6eCyZ5lsLtpz90=,iv:pmPfpSv3VfVz/MvTGTWoMxzkF3BvCMhK+HxEeN5pzNI=,tag:WkLcTz/WlLXmq8EojHfdlA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/values/badhouseplants/values.namespaces.yaml b/values/badhouseplants/kube-system/namespaces/values.yaml similarity index 100% rename from values/badhouseplants/values.namespaces.yaml rename to values/badhouseplants/kube-system/namespaces/values.yaml index 997a0f1..11a16f3 100644 --- a/values/badhouseplants/values.namespaces.yaml +++ b/values/badhouseplants/kube-system/namespaces/values.yaml @@ -1,4 +1,6 @@ namespaces: + - name: kube-system + defaultRegcred: true - name: kyverno - name: velero - name: observability @@ -16,5 +18,3 @@ namespaces: istio-injection: disabled - name: org-badhouseplants - name: org-allanger - - name: kube-system - defaultRegcred: true diff --git a/values/badhouseplants/kube-system/roles/values.yaml b/values/badhouseplants/kube-system/roles/values.yaml new file mode 100644 index 0000000..16dbaee --- /dev/null +++ b/values/badhouseplants/kube-system/roles/values.yaml @@ -0,0 +1,24 @@ +roles: + - name: xray-admin + namespace: public-xray + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["public-xray"] +bindings: + - name: woodpecker-ci + namespace: pipelines + kind: ClusterRoleBinding + subjects: + - kind: ServiceAccount + namespace: pipelines + name: woodpecker-ci + roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io +sa: + - name: woodpecker-ci + namespace: pipelines diff --git a/values/badhouseplants/secrets.namespaces.yaml b/values/badhouseplants/secrets.namespaces.yaml deleted file mode 100644 index 50c2abf..0000000 --- a/values/badhouseplants/secrets.namespaces.yaml +++ /dev/null @@ -1,21 +0,0 @@ -defaultRegcred: ENC[AES256_GCM,data:QpL9wlCjErkjp16vsOAcsDA539EguT48JPb24oi6VexbbRm3cBVz9KDlrVhhbt1Uk8hMkbHfN+SQT+OQL38EW6fJiQ2CJ6JbVuyNXeolErxbeV2V9dWegiSjcekgS+tqs0YmshdfUpMFXIpmHWAsW2hty40b6+WE1iAmSf0NgrdYTG+ctMtetCIpiLwy3vgiBc581h0kmAxC3QCDVXIxtw0p0mtF3iHZmQv78FEd9CseTPH0jVlaoucM3mRPKNFi5j7sGQtrevYfPZpynpufTRLSkW84NddXbpk1gzFn5fbENjS1b0vrInqVkS0KMmewOGwf6coL0uELFclRQua1YO7hW5uVKZyUCn9UpCMFHWI=,iv:Vr6x3YFd7UGqId1PQOJqJmpSWxlalIcQdsfwCmQkdQo=,tag:rtFEPOYSzf7M8vTwe3hxtA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTSs0WkNIdlhxVURXcU5u - WDMzb000cUE5TnpPajRHZnZLblpKY0RUZmlnCnNpbno2VUVHb1g2cy9XUEV2eHdz - QWI0VVVJSllIRHdRZFdlRmFOckVmV2MKLS0tIDJER2UrTXArblBnckxJY3hSaXZk - Tk5SK3Y2YVBPem1HVjI1ejhaK2tmTVkKgfdOUiERRABkvvYLe3P7hAOoc97dNmnF - rAwK+FrRrAnfeG2R9RegocbDv64ieB1vwJpW2LeainGchn9opNjeeQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-26T19:22:13Z" - mac: ENC[AES256_GCM,data:JYkxfsrFgYHrxQTPh4uZ1RIqexJnaYefRWzYFzpE6Or2in/UBDG+UghYtbld8+wI6xSMMwfh8BgmOwUWWhqzCwzHEVaiNjRUNisw/epdbKwCuou1h6m4e8vid8NG8+FttWK2QvIzEKM9ONTJPcoCRjiKIBH7dGBAeCjAOJy6PlA=,iv:n26YeGhiZ80SQYfFUA5Lv0THDTPYvOvWoU23nTut7Qw=,tag:C3ij7ClL2ra6hutcTtbP9g==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4 diff --git a/values/common/values.coredns.yaml b/values/common/kube-system/coredns/values.gotmpl similarity index 89% rename from values/common/values.coredns.yaml rename to values/common/kube-system/coredns/values.gotmpl index b106187..d1e18e1 100644 --- a/values/common/values.coredns.yaml +++ b/values/common/kube-system/coredns/values.gotmpl @@ -1,16 +1,22 @@ +{{- if not (env "HELMFILE_BOOTSTRAP") }} image: - repository: registry.badhouseplants.net/dockerhub/coredns/coredns + repository: {{ .Values.registry }}/dockerhub/coredns/coredns pullSecrets: - name: regcred +{{- end }} + service: clusterIP: 10.43.0.10 + replicaCount: 2 + resources: limits: cpu: 100m memory: 256Mi requests: memory: 128Mi + servers: - zones: - zone: . diff --git a/values/etersoft/kube-system/namespaces/secrets.yaml b/values/etersoft/kube-system/namespaces/secrets.yaml new file mode 100644 index 0000000..31ee36e --- /dev/null +++ b/values/etersoft/kube-system/namespaces/secrets.yaml @@ -0,0 +1,21 @@ +defaultRegcred: ENC[AES256_GCM,data:YJfoPG9G4PBdkoGCGa/Q/GANcPrl15SnKZKZfkKuJmaOUo16c8la86D3M6ZRv3FPtpT57ZQAuru8aybLqk6bwi202CMuIDFxn8qTiAE/YLtPPpnIricyvOnI+ig4QZVxHb3Ewb6kBompw0wdaogUfXnQvVt39SdFkg04KZJu63xIMguPlgGR6ltW6lT/N//eadzSYaC9DT3L4KmfKhayNG1xuq2wL5NdD5t/jSfjonO7pgf5XrXY8XJGlHwDN4pdlas8Sto2SNWKg33cWutghXeqO7RpBe7fiJFgI2YzCoo992xPjwDoqLtxaZsgvXmh52Q8qTn/SF8bD9Sh3cLGDA==,iv:i0pyAYa7+pIkSfBbzr/omnPgBn/60wg/Egv4i8i56EU=,tag:ULVYyUme23ItIq4G9rYiKg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S3p6SGxZZzFrNjBvSWRO + OU5XaFhrMW9IMldELzJCWGRTdVRONGM0OVRBCkhXalIvMk9NY0NtdWtlTTBwUFE0 + blVaRWdrMUpFVlg5aldUd2RybFZ1SGcKLS0tIFE1WS9MR0pDRUtwSWFQOGxydzV2 + cUZubjVHWlhkUU5BZUlQVnF2Wk5jZjQKn9A+rb/ZPCFRDjLPzf/xvUcZ5IjASl7r + fS2hcY7eFm7zdv3g85Iu9ivg4bIcn5U6R02izTWCBGbPIdDFtFbWwg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-27T10:24:28Z" + mac: ENC[AES256_GCM,data:T3IuMQKtpbmy2NbjZZmn56yvf8mt/Ef09ZD8zmUJijVGEeUTbbtQ/39WhXSXNWI0HZuz4nGkOzhgbTrotlHByxK6/z2rLeykHNB+WFGL4jYgwoJM4vtJpCL14xGlWHPr9dyz/IZP1oG21FHHsFJjdQ/WUzOMAkcLyieuQx78h6U=,iv:6GpX7zeIkEFvG1lyRw5m1X9/ngts5JhKGcVUGn9L8Mo=,tag:320EfivP9O2pwyWOYkqtKQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/values/etersoft/values.namespaces.yaml b/values/etersoft/kube-system/namespaces/values.yaml similarity index 53% rename from values/etersoft/values.namespaces.yaml rename to values/etersoft/kube-system/namespaces/values.yaml index dda6811..d41f4a7 100644 --- a/values/etersoft/values.namespaces.yaml +++ b/values/etersoft/kube-system/namespaces/values.yaml @@ -1,3 +1,5 @@ namespaces: + - name: kube-system + defaultRegcred: true - name: applications - name: platform diff --git a/values/etersoft/kube-system/roles/values.yaml b/values/etersoft/kube-system/roles/values.yaml new file mode 100644 index 0000000..1684f2f --- /dev/null +++ b/values/etersoft/kube-system/roles/values.yaml @@ -0,0 +1 @@ +roles: [] diff --git a/values/etersoft/secrets.zot-mirror.yaml b/values/etersoft/secrets.zot-mirror.yaml new file mode 100644 index 0000000..ff88a50 --- /dev/null +++ b/values/etersoft/secrets.zot-mirror.yaml @@ -0,0 +1,22 @@ +authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str] +_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv + Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2 + bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa + ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh + Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-26T21:04:45Z" + mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/values/etersoft/values.zot-mirror.yaml b/values/etersoft/values.zot-mirror.yaml new file mode 100644 index 0000000..3044281 --- /dev/null +++ b/values/etersoft/values.zot-mirror.yaml @@ -0,0 +1,149 @@ +image: + repository: ghcr.io/project-zot/zot + tag: v2.1.3-rc4 + +ingress: + enabled: true + className: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + pathtype: Prefix + hosts: + - host: registry.ru.badhouseplants.net + paths: + - path: / + tls: + - secretName: registry.ru.badhouseplants.net + hosts: + - registry.ru.badhouseplants.net + +service: + type: ClusterIP +persistence: false +pvc: + create: true + lavels: + velero.io/exclude-from-backup: true +mountConfig: true +mountSecret: true +configFiles: + config.json: |- + { + "distSpecVersion": "1.1.1", + "storage": { + "dedupe": true, + "gc": true, + "rootDirectory": "/var/lib/registry", + "retention": { + "dryRun": false, + "delay": "24h", + "policies": [ + { + "repositories": [ + "**" + ], + "deleteReferrers": false, + "deleteUntagged": true, + "keepTags": [ + { + "mostRecentlyPulledCount": 2 + } + ] + } + ] + } + }, + "http": { + "address": "0.0.0.0", + "port": "5000", + "externalUrl": "https://registry.ru.badhouseplants.net", + "auth": { + "htpasswd": { + "path": "/secret/htpasswd" + } + }, + "accessControl": { + "metrics": { + "users": [ + "admin" + ] + }, + "repositories": { + "**": { + "anonymousPolicy": [], + "policies": [ + { + "users": [ + "mirror_user", + "overlord" + ], + "actions": [ + "read", + "create", + "update", + "delete" + ] + } + ] + } + } + } + }, + "log": { + "level": "info" + }, + "extensions": { + "scrub": { + "enable": true + }, + "metrics": { + "enable": true, + "prometheus": { + "path": "/metrics" + } + }, + "mgmt": { + "enable": false + }, + "sync": { + "enable": true, + "registries": [ + { + "urls": [ + "https://docker.io/library", + "https://docker.io" + ], + "content": [ + { + "prefix": "**", + "destination": "/dockerhub" + } + ], + "onDemand": true, + "tlsVerify": true + }, + { + "urls": [ + "https://registry.k8s.io" + ], + "content": [ + { + "prefix": "**", + "destination": "/k8s" + } + ], + "onDemand": true, + "tlsVerify": true + } + ] + } + } + } + +secretFiles: + htpasswd: |- + overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ. + mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi