Merge pull request #320 from darkdoc/switch_to_internal_registry

Switch to internal registry

charts/datacenter/manuela-tst/templates/_helpers.tpl

@@ -0,0 +1,15 @@
+{{- define "imageRegistryHostname" -}}
+{{- if (eq .Values.global.imageregistry.type "openshift-internal") -}}
+registry.{{- .Values.global.hubClusterDomain -}}
+{{- else }}
+{{- .Values.global.imageregistry.hostname -}}
+{{- end }}
+{{- end }}
+
+{{- define "imageRegistryAccount" -}}
+{{- if (eq .Values.global.imageregistry.type "openshift-internal") -}}
+ie-registry
+{{- else }}
+{{- .Values.global.imageregistry.account -}}
+{{- end }}
+{{- end }}

charts/datacenter/manuela-tst/templates/line-dashboard/line-dashboard-is.yaml

@@ -17,7 +17,7 @@ spec:
   - name: {{ . | quote }}
     from:
       kind: DockerImage
-      name: "{{ $.Values.global.imageregistry.hostname }}/{{ $.Values.global.imageregistry.account }}/{{ $.Values.iot_frontend.repo_name }}:{{ . }}"
+      name: "{{ include "imageRegistryHostname" $ }}/{{ include "imageRegistryAccount" $ }}/{{ $.Values.iot_frontend.repo_name }}:{{ . }}"
     referencePolicy:
       type: Local
 {{- end }}

charts/datacenter/manuela-tst/templates/machine-sensor/machine-sensor-is.yaml

@@ -17,7 +17,7 @@ spec:
   - name: {{ . | quote }}
     from:
       kind: DockerImage
-      name: "{{ $.Values.global.imageregistry.hostname }}/{{ $.Values.global.imageregistry.account }}/{{ $.Values.machine_sensor.repo_name }}:{{ . }}"
+      name: "{{ include "imageRegistryHostname" $ }}/{{ include "imageRegistryAccount" $ }}/{{ $.Values.machine_sensor.repo_name }}:{{ . }}"
     referencePolicy:
       type: Local
 {{- end }}

charts/datacenter/manuela-tst/templates/messaging/messaging-is.yaml

@@ -16,7 +16,7 @@ spec:
   - name: {{ . | quote }}
     from:
       kind: DockerImage
-      name: "{{ $.Values.global.imageregistry.hostname }}/{{ $.Values.global.imageregistry.account }}/{{ $.Values.iot_consumer.repo_name }}:{{ . }}"
+      name: "{{ include "imageRegistryHostname" $ }}/{{ include "imageRegistryAccount" $ }}/{{ $.Values.iot_consumer.repo_name }}:{{ . }}"
     referencePolicy:
       type: Local
 {{- end }}

charts/datacenter/pipelines/templates/_helpers.tpl

@@ -1,3 +1,22 @@
+{{/*
+Set the hostname for the imageregistry if type is openshift-internal
+*/}}
+{{- define "imageRegistryHostname" -}}
+{{- if (eq .Values.global.imageregistry.type "openshift-internal") -}}
+registry.{{- .Values.global.hubClusterDomain -}}
+{{- else }}
+{{- .Values.global.imageregistry.hostname -}}
+{{- end }}
+{{- end }}
+
+{{- define "imageRegistryAccount" -}}
+{{- if (eq .Values.global.imageregistry.type "openshift-internal") -}}
+ie-registry
+{{- else }}
+{{- .Values.global.imageregistry.account -}}
+{{- end }}
+{{- end }}
+
 {{- define "build-base-images" -}}
 - name: buildah-build
   taskRef:

charts/datacenter/pipelines/templates/configmaps/environment.yaml

@@ -7,8 +7,8 @@ metadata:
   name: environment
 data:
   DESCRIPTION: "Config keys for openshift-pipelines"
-  IMAGE_PROVIDER: {{ .Values.global.imageregistry.hostname }}
-  IMAGE_ACCOUNT: {{ .Values.global.imageregistry.account }}
+  IMAGE_PROVIDER: {{ include "imageRegistryHostname" . }}
+  IMAGE_ACCOUNT: {{ include "imageRegistryAccount" . }}
   GIT_EMAIL: {{ .Values.global.git.email }}
   GIT_DEV_REPO_URL: {{ $full_giturl }}
   GIT_DEV_REPO_REVISION: {{ .Values.global.git.dev_revision }}

charts/datacenter/pipelines/templates/pipelines/registry.yaml

@@ -0,0 +1,46 @@
+{{- if (eq .Values.global.imageregistry.type "openshift-internal") -}}
+---
+apiVersion: imageregistry.operator.openshift.io/v1
+kind: Config
+metadata:
+  name: cluster
+spec:
+  defaultRoute: false
+  routes:
+  - name: registry
+    hostname: {{ include "imageRegistryHostname" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: image-puller
+subjects:
+- kind: Group
+  apiGroup: rbac.authorization.k8s.io
+  name: system:unauthenticated
+- kind: Group
+  apiGroup: rbac.authorization.k8s.io
+  name: system:authenticated
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: system:image-puller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: registry-admin
+subjects:
+- kind: ServiceAccount
+  name: pipeline
+  namespace: manuela-ci
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: registry-admin
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ include "imageRegistryAccount" . }}
+{{- end }}

charts/datacenter/pipelines/templates/secret-image-registry-credentials.yaml

@@ -1,3 +1,4 @@
+{{- if (ne .Values.global.imageregistry.type "openshift-internal") -}}
 ---
 apiVersion: "external-secrets.io/v1beta1"
 kind: ExternalSecret
@@ -15,8 +16,9 @@ spec:
       metadata:
         annotations:
           # Tekton magic, see https://tekton.dev/vault/pipelines-v0.15.2/auth/
-          tekton.dev/docker-0: https://{{ .Values.global.imageregistry.hostname }}
+          tekton.dev/docker-0: https://{{ include "imageRegistryHostname" . }}
       type: kubernetes.io/basic-auth
   dataFrom:
   - extract:
       key: {{ .Values.imageregistrysecret.key }}
+{{- end }}

charts/factory/manuela-stormshift/templates/_helpers.tpl

@@ -0,0 +1,15 @@
+{{- define "imageRegistryHostname" -}}
+{{- if (eq .Values.global.imageregistry.type "openshift-internal") -}}
+registry.{{- .Values.global.hubClusterDomain -}}
+{{- else }}
+{{- .Values.global.imageregistry.hostname -}}
+{{- end }}
+{{- end }}
+
+{{- define "imageRegistryAccount" -}}
+{{- if (eq .Values.global.imageregistry.type "openshift-internal") -}}
+ie-registry
+{{- else }}
+{{- .Values.global.imageregistry.account -}}
+{{- end }}
+{{- end }}

charts/factory/manuela-stormshift/templates/line-dashboard/line-dashboard-is.yaml

@@ -18,8 +18,10 @@ spec:
   - name: {{ . | quote }}
     from:
       kind: DockerImage
-      name: "{{ $.Values.global.imageregistry.hostname }}/{{ $.Values.global.imageregistry.account }}/{{ $.Values.iot_frontend.repo_name }}:{{ . }}"
-    importPolicy: {}
+      name: "{{ include "imageRegistryHostname" $ }}/{{ include "imageRegistryAccount" $ }}/{{ $.Values.iot_frontend.repo_name }}:{{ . }}"
+    importPolicy: {
+      insecure: true
+    }
     referencePolicy:
       type: Local
 {{- end }}

charts/factory/manuela-stormshift/templates/machine-sensor/machine-sensor-is.yaml

@@ -18,8 +18,10 @@ spec:
   - name: {{ . | quote }}
     from:
       kind: DockerImage
-      name: "{{ $.Values.global.imageregistry.hostname }}/{{ $.Values.global.imageregistry.account }}/{{ $.Values.machine_sensor.repo_name }}:{{ . }}"
-    importPolicy: {}
+      name: "{{ include "imageRegistryHostname" $ }}/{{ include "imageRegistryAccount" $ }}/{{ $.Values.machine_sensor.repo_name }}:{{ . }}"
+    importPolicy: {
+      insecure: true
+    }
     referencePolicy:
       type: Local
 {{- end }}

charts/factory/manuela-stormshift/templates/messaging/messaging-is.yaml

@@ -18,8 +18,10 @@ spec:
   - name: {{ $.Values.iot_consumer.tag | quote }}
     from:
       kind: DockerImage
-      name: "{{ $.Values.global.imageregistry.hostname }}/{{ $.Values.global.imageregistry.account }}/{{ $.Values.iot_consumer.repo_name }}:{{ . }}"
-    importPolicy: {}
+      name: "{{ include "imageRegistryHostname" $ }}/{{ include "imageRegistryAccount" $ }}/{{ $.Values.iot_consumer.repo_name }}:{{ . }}"
+    importPolicy: {
+      insecure: true
+    }
     referencePolicy:
       type: Local
 {{- end }}

scripts/check-pipeline-resources.sh

@@ -4,7 +4,6 @@ while [ 1 ]; do
 	echo "Waiting for seed resources to be ready in manuela-ci"
 	oc get -n manuela-ci pipeline seed 1>/dev/null 2>/dev/null && \
 	oc get -n manuela-ci secret gitea-admin-secret 1>/dev/null 2>/dev/null && \
-	oc get -n manuela-ci secret image-registry-credentials 1>/dev/null 2>/dev/null && \
 	echo "Bootstrap seed now can run" && break;
 	sleep 5;
 done

values-global.yaml

@@ -15,9 +15,11 @@ global:
     installPlanApproval: Automatic
 
   imageregistry:
-    account: PLAINTEXT
-    hostname: quay.io
-    type: quay
+    # account: PLAINTEXT
+    # hostname: quay.io
+    # type: quay
+    # Account and hostname will be set automatically if the type is openshift-internal
+    type: openshift-internal
 
   git:
     account: gitea_admin

values-secret.yaml.template

@@ -13,14 +13,15 @@ version: "2.0"
 #    valuesDirectoryURL: https://github.com/beekhof/patterns/raw/main
 
 secrets:
-  - name: imageregistry
-    fields:
-    # eg. Quay -> Robot Accounts -> Robot Login
-    - name: username
-      onMissingValue: prompt
-      value: null
-      prompt: "Insert Quay Username"
-    - name: password
-      onMissingValue: prompt
-      value: null
-      prompt: "Insert Quay Password"
+# uncomment this if global.imageregistry.type is quay
+#  - name: imageregistry
+#    fields:
+#    # eg. Quay -> Robot Accounts -> Robot Login
+#    - name: username
+#      onMissingValue: prompt
+#      value: null
+#      prompt: "Insert Quay Username"
+#    - name: password
+#      onMissingValue: prompt
+#      value: null
+#      prompt: "Insert Quay Password"