diff --git a/k8s/gitlab/buckets.cue b/k8s/gitlab/buckets.cue index cd12098..e2c109c 100644 --- a/k8s/gitlab/buckets.cue +++ b/k8s/gitlab/buckets.cue @@ -63,3 +63,51 @@ let objectStoreUrl = "http://\(rook.objectStoreHost):\(strconv.FormatInt(rook.ob ] } } + +#RegistryBucketSecret: externalsecrets.#ExternalSecret & { + #bucket: _ + #store: _ + metadata: name: #bucket.metadata.name + spec: { + secretStoreRef: { + name: #store.metadata.name + kind: #store.kind + } + refreshInterval: "0" + target: { + name: metadata.name + deletionPolicy: "Merge" + creationPolicy: "Merge" + template: { + engineVersion: "v2" + data: + connection: """ + s3: + v4auth: true + regionendpoint: \(strconv.Quote(objectStoreUrl)) + pathstyle: true + region: "" + bucket: \(strconv.Quote(#bucket.spec.bucketName)) + accesskey: {{ .aws_access_key_id | quote }} + secretkey: {{ .aws_secret_access_key | quote }} + """ + } + } + data: [ + { + secretKey: "aws_access_key_id" + remoteRef: { + key: metadata.name + property: "AWS_ACCESS_KEY_ID" + } + }, + { + secretKey: "aws_secret_access_key" + remoteRef: { + key: metadata.name + property: "AWS_SECRET_ACCESS_KEY" + } + }, + ] + } +} diff --git a/k8s/gitlab/gitlab.cue b/k8s/gitlab/gitlab.cue index 531361a..fc9d34e 100644 --- a/k8s/gitlab/gitlab.cue +++ b/k8s/gitlab/gitlab.cue @@ -114,6 +114,9 @@ kustomizations: $default: manifest: { packagesBucket: #BucketClaim & { metadata: name: "gitlab-packages" } packagesSecret: #BucketSecret & { #bucket: packagesBucket, #store: store } + + registryBucket: #BucketClaim & { metadata: name: "gitlab-registry" } + registrySecret: #RegistryBucketSecret & { #bucket: registryBucket, #store: store } } let gitlabDbRw = kustomizations["$default"].manifest["gitlab-db"].metadata.name + "-rw" @@ -209,7 +212,7 @@ kustomizations: helm: manifest: { global: storageClass: dcsi.localHostpath } registry: { - nodeSelector: storage: "yes" + storage: secret: kustomizations["$default"].manifest.registrySecret.metadata.name database: { enabled: true host: registryDbRw