Add registry bucket

Pythoner6 · Jan 3, 2024 · 14b9a73 · 14b9a73
1 parent a373d00
commit 14b9a73
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 1 deletion.
diff --git a/k8s/gitlab/buckets.cue b/k8s/gitlab/buckets.cue
@@ -63,3 +63,51 @@ let objectStoreUrl = "http://\(rook.objectStoreHost):\(strconv.FormatInt(rook.ob
     ]
   }
 }
+
+#RegistryBucketSecret: externalsecrets.#ExternalSecret & {
+  #bucket: _
+  #store: _
+  metadata: name: #bucket.metadata.name
+  spec: {
+    secretStoreRef: {
+      name: #store.metadata.name
+      kind: #store.kind
+    }
+    refreshInterval: "0"
+    target: {
+      name: metadata.name
+      deletionPolicy: "Merge"
+      creationPolicy: "Merge"
+      template: {
+        engineVersion: "v2"
+        data:
+          connection: """
+          s3:
+            v4auth: true
+            regionendpoint: \(strconv.Quote(objectStoreUrl))
+            pathstyle: true
+            region: ""
+            bucket: \(strconv.Quote(#bucket.spec.bucketName))
+            accesskey: {{ .aws_access_key_id | quote }}
+            secretkey: {{ .aws_secret_access_key | quote }}
+          """
+      }
+    }
+    data: [
+      {
+        secretKey: "aws_access_key_id"
+        remoteRef: {
+          key: metadata.name
+          property: "AWS_ACCESS_KEY_ID"
+        }
+      },
+      {
+        secretKey: "aws_secret_access_key"
+        remoteRef: {
+          key: metadata.name
+          property: "AWS_SECRET_ACCESS_KEY"
+        }
+      },
+    ]
+  }
+}
diff --git a/k8s/gitlab/gitlab.cue b/k8s/gitlab/gitlab.cue
@@ -114,6 +114,9 @@ kustomizations: $default: manifest: {
 
   packagesBucket: #BucketClaim & { metadata: name: "gitlab-packages" }
   packagesSecret: #BucketSecret & { #bucket: packagesBucket, #store: store }
+
+  registryBucket: #BucketClaim & { metadata: name: "gitlab-registry" }
+  registrySecret: #RegistryBucketSecret & { #bucket: registryBucket, #store: store }
 }
 
 let gitlabDbRw = kustomizations["$default"].manifest["gitlab-db"].metadata.name + "-rw"
@@ -209,7 +212,7 @@ kustomizations: helm: manifest: {
           global: storageClass: dcsi.localHostpath
         }
         registry: {
-          nodeSelector: storage: "yes"
+          storage: secret: kustomizations["$default"].manifest.registrySecret.metadata.name
           database: {
             enabled: true
             host: registryDbRw