From 9db346a82c593c983905de86712396eff8a3515a Mon Sep 17 00:00:00 2001 From: jiahui Date: Mon, 13 Nov 2023 17:21:00 +0800 Subject: [PATCH 1/5] add nextcloud tmplate --- template/nextcloud.yaml | 269 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 269 insertions(+) create mode 100644 template/nextcloud.yaml diff --git a/template/nextcloud.yaml b/template/nextcloud.yaml new file mode 100644 index 00000000..8a90fc22 --- /dev/null +++ b/template/nextcloud.yaml @@ -0,0 +1,269 @@ +apiVersion: app.sealos.io/v1 +kind: Template +metadata: + name: nextcloud +spec: + title: Nextcloud + description: Nextcloud is an open-source forum software. + url: 'https://nextcloud.com/' + gitRepo: 'https://github.com/nextcloud/docker' + author: 'sealos' + readme: 'https://raw.githubusercontent.com/nextcloud/docker/master/README.md' + icon: 'https://avatars.githubusercontent.com/u/19211038?s=48&v=4' + templateType: inline + defaults: + app_host: + type: string + value: ${{ random(8) }} + app_name: + type: string + value: nextcloud-${{ random(8) }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: ${{ defaults.app_name }} + annotations: + originImageName: nextcloud + deploy.cloud.sealos.io/minReplicas: '1' + deploy.cloud.sealos.io/maxReplicas: '1' + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} + app: ${{ defaults.app_name }} +spec: + replicas: 1 + revisionHistoryLimit: 1 + minReadySeconds: 10 + serviceName: ${{ defaults.app_name }} + selector: + matchLabels: + app: ${{ defaults.app_name }} + template: + metadata: + labels: + app: ${{ defaults.app_name }} + spec: + terminationGracePeriodSeconds: 10 + initContainers: + - name: init-mysql + image: mysql:5.7 + command: + - bash + - "-c" + - | + mysql --host=$DB_HOST --user=$DB_USER --password=$DB_PASSWORD --port=$DB_PORT -e 'CREATE DATABASE IF NOT EXISTS nextcloud' + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: host + - name: DB_USER + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: password + - name: DB_PORT + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: port + containers: + - name: ${{ defaults.app_name }} + image: nextcloud + env: + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: password + - name: MYSQL_HOST + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: host + - name: NEXTCLOUD_DATA_DIR + value: /var/www/html/data + resources: + requests: + cpu: 100m + memory: 102Mi + limits: + cpu: 1000m + memory: 1024Mi + command: [] + args: [] + ports: + - containerPort: 80 + imagePullPolicy: Always + volumeMounts: + - name: vn-rootvn-vn-nextcloud + mountPath: /var/www/html + volumes: [] + volumeClaimTemplates: + - metadata: + annotations: + path: /var/www/html + value: '1' + name: vn-rootvn-vn-nextcloud + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Service +metadata: + name: ${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} +spec: + ports: + - port: 80 + selector: + app: ${{ defaults.app_name }} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} + cloud.sealos.io/app-deploy-manager-domain: ${{ defaults.app_host }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 32m + nginx.ingress.kubernetes.io/server-snippet: | + client_header_buffer_size 64k; + large_client_header_buffers 4 128k; + nginx.ingress.kubernetes.io/ssl-redirect: 'false' + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/client-body-buffer-size: 64k + nginx.ingress.kubernetes.io/proxy-buffer-size: 64k + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri ~* \.(js|css|gif|jpe?g|png)) { + expires 30d; + add_header Cache-Control "public"; + } +spec: + rules: + - host: ${{ defaults.app_host }}.${{ SEALOS_CLOUD_DOMAIN }} + http: + paths: + - pathType: Prefix + path: /()(.*) + backend: + service: + name: ${{ defaults.app_name }} + port: + number: 80 + tls: + - hosts: + - ${{ defaults.app_host }}.${{ SEALOS_CLOUD_DOMAIN }} + secretName: ${{ SEALOS_CERT_SECRET_NAME }} + +--- +apiVersion: apps.kubeblocks.io/v1alpha1 +kind: Cluster +metadata: + finalizers: + - cluster.kubeblocks.io/finalizer + labels: + clusterdefinition.kubeblocks.io/name: apecloud-mysql + clusterversion.kubeblocks.io/name: ac-mysql-8.0.30 + sealos-db-provider-cr: ${{ defaults.app_name }}-mysql + annotations: {} + name: ${{ defaults.app_name }}-mysql +spec: + affinity: + nodeLabels: {} + podAntiAffinity: Preferred + tenancy: SharedNode + topologyKeys: [] + clusterDefinitionRef: apecloud-mysql + clusterVersionRef: ac-mysql-8.0.30 + componentSpecs: + - componentDefRef: mysql + monitor: true + name: mysql + replicas: 1 + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 100m + memory: 102Mi + serviceAccountName: ${{ defaults.app_name }}-mysql + volumeClaimTemplates: + - name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: openebs-backup + terminationPolicy: Delete + tolerations: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + sealos-db-provider-cr: ${{ defaults.app_name }}-mysql + app.kubernetes.io/instance: ${{ defaults.app_name }}-mysql + app.kubernetes.io/managed-by: kbcli + name: ${{ defaults.app_name }}-mysql + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + sealos-db-provider-cr: ${{ defaults.app_name }}-mysql + app.kubernetes.io/instance: ${{ defaults.app_name }}-mysql + app.kubernetes.io/managed-by: kbcli + name: ${{ defaults.app_name }}-mysql +rules: + - apiGroups: + - '' + resources: + - events + verbs: + - create + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + sealos-db-provider-cr: ${{ defaults.app_name }}-mysql + app.kubernetes.io/instance: ${{ defaults.app_name }}-mysql + app.kubernetes.io/managed-by: kbcli + name: ${{ defaults.app_name }}-mysql +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ${{ defaults.app_name }}-mysql +subjects: + - kind: ServiceAccount + name: ${{ defaults.app_name }}-mysql + namespace: ${{ SEALOS_NAMESPACE }} \ No newline at end of file From 85cf5417c25b00b092ead2460c7a778e9edfe727 Mon Sep 17 00:00:00 2001 From: jiahui Date: Tue, 14 Nov 2023 16:42:32 +0800 Subject: [PATCH 2/5] add registry and registry-gui tmplate --- template/registry.yaml | 327 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 327 insertions(+) create mode 100644 template/registry.yaml diff --git a/template/registry.yaml b/template/registry.yaml new file mode 100644 index 00000000..672772b7 --- /dev/null +++ b/template/registry.yaml @@ -0,0 +1,327 @@ +apiVersion: app.sealos.io/v1 +kind: Template +metadata: + name: registry +spec: + title: 'registry' + url: 'https://distribution.github.io/distribution' + gitRepo: 'https://github.com/distribution/distribution' + author: 'sealos' + description: 'registry is an implementation of the OCI Distribution Specification. gui-registry is a web UI for registry, default registry username and password is root/root . +example: + registry the external network address is https://registry.cloud.sealos.io , gui-registry the external network address is https://gui-registry.cloud.sealos.io: + push image: + docker login nfzuflxg.cloud.sealos.io # username: root, password: root + docker tag nginx:latest registry.cloud.sealos.io/nginx:latest # tag image + docker push registry.cloud.sealos.io/nginx:latest # push image to registry + web management: + Access address:https://gui-registry.cloud.sealos.io + username: root # registry username + password: root # registry password + ' + readme: 'https://raw.githubusercontent.com/distribution/distribution/main/README.md' + icon: 'https://avatars.githubusercontent.com/u/78096003?s=48&v=4' + templateType: inline + defaults: + app_host: + type: string + value: ${{ random(8) }} + gui_host: + type: string + value: ${{ random(8) }} + app_name: + type: string + value: registry-${{ random(8) }} + inputs: +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: ${{ defaults.app_name }} + annotations: + originImageName: registry + deploy.cloud.sealos.io/minReplicas: '1' + deploy.cloud.sealos.io/maxReplicas: '1' + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} + app: ${{ defaults.app_name }} +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + app: ${{ defaults.app_name }} + minReadySeconds: 10 + serviceName: registry + template: + metadata: + labels: + app: ${{ defaults.app_name }} + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: ${{ defaults.app_name }} + image: registry + env: [] + resources: + requests: + cpu: 50m + memory: 25Mi + limits: + cpu: 500m + memory: 256Mi + ports: + - containerPort: 5000 + imagePullPolicy: Always + volumeMounts: + - name: vn-etcvn-dockervn-registryvn-configvn-yml + mountPath: /etc/docker/registry/config.yml + subPath: ./etc/docker/registry/config.yml + - name: vn-etcvn-registryvn-registry-htpasswd + mountPath: vn-etcvn-registryvn-registry_htpasswd + subPath: ./vn-etcvn-registryvn-registry_htpasswd + - name: vn-varvn-libvn-registry + mountPath: /var/lib/registry + volumes: + - name: vn-etcvn-dockervn-registryvn-configvn-yml + configMap: + name: ${{ defaults.app_name }} + items: + - key: vn-etcvn-dockervn-registryvn-configvn-yml + path: ./etc/docker/registry/config.yml + - name: vn-etcvn-registryvn-registry-htpasswd + configMap: + name: ${{ defaults.app_name }} + items: + - key: vn-etcvn-registryvn-registry_htpasswd + path: ./vn-etcvn-registryvn-registry_htpasswd + volumeClaimTemplates: + - metadata: + annotations: + path: /var/lib/registry + value: '1' + name: vn-varvn-libvn-registry + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ${{ defaults.app_name }} +data: + vn-etcvn-dockervn-registryvn-configvn-yml: |- + version: 0.1 + log: + fields: + service: registry + storage: + filesystem: + rootdirectory: /var/lib/registry + delete: + enabled: true + http: + addr: :5000 + debug: + addr: :5001 + prometheus: + enabled: true + path: /metrics + headers: + X-Content-Type-Options: [nosniff] + Access-Control-Allow-Origin: ['https://${{ defaults.gui_host }}.${{ SEALOS_CLOUD_DOMAIN }}'] + Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE'] + Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control'] + Access-Control-Max-Age: [1728000] + Access-Control-Allow-Credentials: [true] + Access-Control-Expose-Headers: ['Docker-Content-Digest'] + proxy: + on: true + health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 + auth: + htpasswd: + realm: "Registry Realm" + path: /vn-etcvn-registryvn-registry_htpasswd + vn-etcvn-registryvn-registry_htpasswd: root:$2y$05$CXZgu7SFjg4UsH1JsFyi0OtLtPv0ghFbL/BYLAURxuWrJK.61fRL2 + +--- +apiVersion: v1 +kind: Service +metadata: + name: ${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} +spec: + ports: + - port: 5000 + selector: + app: ${{ defaults.app_name }} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} + cloud.sealos.io/app-deploy-manager-domain: ${{ defaults.app_host }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 32m + nginx.ingress.kubernetes.io/server-snippet: | + client_header_buffer_size 64k; + large_client_header_buffers 4 128k; + nginx.ingress.kubernetes.io/ssl-redirect: 'false' + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/client-body-buffer-size: 64k + nginx.ingress.kubernetes.io/proxy-buffer-size: 64k + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri ~* \.(js|css|gif|jpe?g|png)) { + expires 30d; + add_header Cache-Control "public"; + } +spec: + rules: + - host: ${{ defaults.app_host }}.${{ SEALOS_CLOUD_DOMAIN }} + http: + paths: + - pathType: Prefix + path: /()(.*) + backend: + service: + name: ${{ defaults.app_name }} + port: + number: 5000 + tls: + - hosts: + - ${{ defaults.app_host }}.${{ SEALOS_CLOUD_DOMAIN }} + secretName: ${{ SEALOS_CERT_SECRET_NAME }} +--- +apiVersion: v1 +kind: Service +metadata: + name: gui-${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: gui-${{ defaults.app_name }} +spec: + ports: + - port: 80 + selector: + app: gui-${{ defaults.app_name }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gui-${{ defaults.app_name }} + annotations: + originImageName: joxit/docker-registry-ui:2.5.6-debian + deploy.cloud.sealos.io/minReplicas: '1' + deploy.cloud.sealos.io/maxReplicas: '1' + labels: + cloud.sealos.io/app-deploy-manager: gui-${{ defaults.app_name }} + app: gui-${{ defaults.app_name }} +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + app: gui-${{ defaults.app_name }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + template: + metadata: + labels: + app: gui-${{ defaults.app_name }} + spec: + containers: + - name: gui-${{ defaults.app_name }} + image: joxit/docker-registry-ui:2.5.6-debian + env: + - name: REGISTRY_TITLE + value: Sealos-Registry-GUI + - name: SINGLE_REGISTRY + value: 'true' + - name: DELETE_IMAGES + value: 'true' + - name: SHOW_CONTENT_DIGEST + value: 'true' + - name: NGINX_PROXY_PASS_URL + value: http://${{ defaults.app_name }}.${{ SEALOS_NAMESPACE }}.svc.cluster.local:5000 + - name: SHOW_CATALOG_NB_TAGS + value: 'true' + - name: CATALOG_MIN_BRANCHES + value: '1' + - name: CATALOG_MAX_BRANCHES + value: '1' + - name: TAGLIST_PAGE_SIZE + value: '100' + - name: REGISTRY_SECURED + value: 'false' + - name: CATALOG_ELEMENTS_LIMIT + value: '1000' + resources: + requests: + cpu: 50m + memory: 25Mi + limits: + cpu: 500m + memory: 256Mi + ports: + - containerPort: 80 + imagePullPolicy: Always + volumeMounts: [] + volumes: [] +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gui-${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: gui-${{ defaults.app_name }} + cloud.sealos.io/app-deploy-manager-domain: ${{ defaults.gui_host }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 32m + nginx.ingress.kubernetes.io/server-snippet: | + client_header_buffer_size 64k; + large_client_header_buffers 4 128k; + nginx.ingress.kubernetes.io/ssl-redirect: 'false' + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/client-body-buffer-size: 64k + nginx.ingress.kubernetes.io/proxy-buffer-size: 64k + nginx.ingress.kubernetes.io/proxy-send-timeout: '300' + nginx.ingress.kubernetes.io/proxy-read-timeout: '300' + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri ~* \.(js|css|gif|jpe?g|png)) { + expires 30d; + add_header Cache-Control "public"; + } +spec: + rules: + - host: ${{ defaults.gui_host }}.${{ SEALOS_CLOUD_DOMAIN }} + http: + paths: + - pathType: Prefix + path: /()(.*) + backend: + service: + name: gui-${{ defaults.app_name }} + port: + number: 80 + tls: + - hosts: + - ${{ defaults.gui_host }}.${{ SEALOS_CLOUD_DOMAIN }} + secretName: ${{ SEALOS_CERT_SECRET_NAME }} From 9f8f84225249ff888f196c264413b8fe10e92fde Mon Sep 17 00:00:00 2001 From: jiahui Date: Tue, 21 Nov 2023 16:46:04 +0800 Subject: [PATCH 3/5] fix registry ingress body size --- template/registry.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/template/registry.yaml b/template/registry.yaml index 672772b7..3deecdb4 100644 --- a/template/registry.yaml +++ b/template/registry.yaml @@ -9,11 +9,11 @@ spec: author: 'sealos' description: 'registry is an implementation of the OCI Distribution Specification. gui-registry is a web UI for registry, default registry username and password is root/root . example: - registry the external network address is https://registry.cloud.sealos.io , gui-registry the external network address is https://gui-registry.cloud.sealos.io: + registry the external network address is https://domain.cloud.sealos.io , gui-registry the external network address is https://gui-registry.cloud.sealos.io: push image: - docker login nfzuflxg.cloud.sealos.io # username: root, password: root + docker login domain.cloud.sealos.io # username: root, password: root docker tag nginx:latest registry.cloud.sealos.io/nginx:latest # tag image - docker push registry.cloud.sealos.io/nginx:latest # push image to registry + docker push domain.cloud.sealos.io/nginx:latest # push image to registry web management: Access address:https://gui-registry.cloud.sealos.io username: root # registry username @@ -175,7 +175,7 @@ metadata: cloud.sealos.io/app-deploy-manager-domain: ${{ defaults.app_host }} annotations: kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-body-size: 32m + nginx.ingress.kubernetes.io/proxy-body-size: 2g nginx.ingress.kubernetes.io/server-snippet: | client_header_buffer_size 64k; large_client_header_buffers 4 128k; From aad3fa50050fa880e148cf0ed23a7e8973f27f3e Mon Sep 17 00:00:00 2001 From: jiahui Date: Fri, 8 Mar 2024 16:50:05 +0800 Subject: [PATCH 4/5] add image tag --- template/nextcloud.yaml | 2 +- template/registry.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/template/nextcloud.yaml b/template/nextcloud.yaml index 8a90fc22..4a967cdf 100644 --- a/template/nextcloud.yaml +++ b/template/nextcloud.yaml @@ -75,7 +75,7 @@ spec: key: port containers: - name: ${{ defaults.app_name }} - image: nextcloud + image: nextcloud:28.0.3 env: - name: MYSQL_DATABASE value: nextcloud diff --git a/template/registry.yaml b/template/registry.yaml index 3deecdb4..de385226 100644 --- a/template/registry.yaml +++ b/template/registry.yaml @@ -61,7 +61,7 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: ${{ defaults.app_name }} - image: registry + image: registry:2.8.3 env: [] resources: requests: From 342a00de79a32afb26ad62ecfdf25670bed74dcf Mon Sep 17 00:00:00 2001 From: jiahui Date: Mon, 8 Apr 2024 14:55:52 +0800 Subject: [PATCH 5/5] reduced description --- template/registry.yaml | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/template/registry.yaml b/template/registry.yaml index de385226..3668a828 100644 --- a/template/registry.yaml +++ b/template/registry.yaml @@ -7,18 +7,7 @@ spec: url: 'https://distribution.github.io/distribution' gitRepo: 'https://github.com/distribution/distribution' author: 'sealos' - description: 'registry is an implementation of the OCI Distribution Specification. gui-registry is a web UI for registry, default registry username and password is root/root . -example: - registry the external network address is https://domain.cloud.sealos.io , gui-registry the external network address is https://gui-registry.cloud.sealos.io: - push image: - docker login domain.cloud.sealos.io # username: root, password: root - docker tag nginx:latest registry.cloud.sealos.io/nginx:latest # tag image - docker push domain.cloud.sealos.io/nginx:latest # push image to registry - web management: - Access address:https://gui-registry.cloud.sealos.io - username: root # registry username - password: root # registry password - ' + description: 'gui-registry is a web UI for registry, default registry username and password is root/root' readme: 'https://raw.githubusercontent.com/distribution/distribution/main/README.md' icon: 'https://avatars.githubusercontent.com/u/78096003?s=48&v=4' templateType: inline