diff --git a/template/nextcloud.yaml b/template/nextcloud.yaml new file mode 100644 index 00000000..4a967cdf --- /dev/null +++ b/template/nextcloud.yaml @@ -0,0 +1,269 @@ +apiVersion: app.sealos.io/v1 +kind: Template +metadata: + name: nextcloud +spec: + title: Nextcloud + description: Nextcloud is an open-source forum software. + url: 'https://nextcloud.com/' + gitRepo: 'https://github.com/nextcloud/docker' + author: 'sealos' + readme: 'https://raw.githubusercontent.com/nextcloud/docker/master/README.md' + icon: 'https://avatars.githubusercontent.com/u/19211038?s=48&v=4' + templateType: inline + defaults: + app_host: + type: string + value: ${{ random(8) }} + app_name: + type: string + value: nextcloud-${{ random(8) }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: ${{ defaults.app_name }} + annotations: + originImageName: nextcloud + deploy.cloud.sealos.io/minReplicas: '1' + deploy.cloud.sealos.io/maxReplicas: '1' + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} + app: ${{ defaults.app_name }} +spec: + replicas: 1 + revisionHistoryLimit: 1 + minReadySeconds: 10 + serviceName: ${{ defaults.app_name }} + selector: + matchLabels: + app: ${{ defaults.app_name }} + template: + metadata: + labels: + app: ${{ defaults.app_name }} + spec: + terminationGracePeriodSeconds: 10 + initContainers: + - name: init-mysql + image: mysql:5.7 + command: + - bash + - "-c" + - | + mysql --host=$DB_HOST --user=$DB_USER --password=$DB_PASSWORD --port=$DB_PORT -e 'CREATE DATABASE IF NOT EXISTS nextcloud' + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: host + - name: DB_USER + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: password + - name: DB_PORT + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: port + containers: + - name: ${{ defaults.app_name }} + image: nextcloud:28.0.3 + env: + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: password + - name: MYSQL_HOST + valueFrom: + secretKeyRef: + name: ${{ defaults.app_name }}-mysql-conn-credential + key: host + - name: NEXTCLOUD_DATA_DIR + value: /var/www/html/data + resources: + requests: + cpu: 100m + memory: 102Mi + limits: + cpu: 1000m + memory: 1024Mi + command: [] + args: [] + ports: + - containerPort: 80 + imagePullPolicy: Always + volumeMounts: + - name: vn-rootvn-vn-nextcloud + mountPath: /var/www/html + volumes: [] + volumeClaimTemplates: + - metadata: + annotations: + path: /var/www/html + value: '1' + name: vn-rootvn-vn-nextcloud + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Service +metadata: + name: ${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} +spec: + ports: + - port: 80 + selector: + app: ${{ defaults.app_name }} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} + cloud.sealos.io/app-deploy-manager-domain: ${{ defaults.app_host }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 32m + nginx.ingress.kubernetes.io/server-snippet: | + client_header_buffer_size 64k; + large_client_header_buffers 4 128k; + nginx.ingress.kubernetes.io/ssl-redirect: 'false' + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/client-body-buffer-size: 64k + nginx.ingress.kubernetes.io/proxy-buffer-size: 64k + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri ~* \.(js|css|gif|jpe?g|png)) { + expires 30d; + add_header Cache-Control "public"; + } +spec: + rules: + - host: ${{ defaults.app_host }}.${{ SEALOS_CLOUD_DOMAIN }} + http: + paths: + - pathType: Prefix + path: /()(.*) + backend: + service: + name: ${{ defaults.app_name }} + port: + number: 80 + tls: + - hosts: + - ${{ defaults.app_host }}.${{ SEALOS_CLOUD_DOMAIN }} + secretName: ${{ SEALOS_CERT_SECRET_NAME }} + +--- +apiVersion: apps.kubeblocks.io/v1alpha1 +kind: Cluster +metadata: + finalizers: + - cluster.kubeblocks.io/finalizer + labels: + clusterdefinition.kubeblocks.io/name: apecloud-mysql + clusterversion.kubeblocks.io/name: ac-mysql-8.0.30 + sealos-db-provider-cr: ${{ defaults.app_name }}-mysql + annotations: {} + name: ${{ defaults.app_name }}-mysql +spec: + affinity: + nodeLabels: {} + podAntiAffinity: Preferred + tenancy: SharedNode + topologyKeys: [] + clusterDefinitionRef: apecloud-mysql + clusterVersionRef: ac-mysql-8.0.30 + componentSpecs: + - componentDefRef: mysql + monitor: true + name: mysql + replicas: 1 + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 100m + memory: 102Mi + serviceAccountName: ${{ defaults.app_name }}-mysql + volumeClaimTemplates: + - name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: openebs-backup + terminationPolicy: Delete + tolerations: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + sealos-db-provider-cr: ${{ defaults.app_name }}-mysql + app.kubernetes.io/instance: ${{ defaults.app_name }}-mysql + app.kubernetes.io/managed-by: kbcli + name: ${{ defaults.app_name }}-mysql + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + sealos-db-provider-cr: ${{ defaults.app_name }}-mysql + app.kubernetes.io/instance: ${{ defaults.app_name }}-mysql + app.kubernetes.io/managed-by: kbcli + name: ${{ defaults.app_name }}-mysql +rules: + - apiGroups: + - '' + resources: + - events + verbs: + - create + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + sealos-db-provider-cr: ${{ defaults.app_name }}-mysql + app.kubernetes.io/instance: ${{ defaults.app_name }}-mysql + app.kubernetes.io/managed-by: kbcli + name: ${{ defaults.app_name }}-mysql +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ${{ defaults.app_name }}-mysql +subjects: + - kind: ServiceAccount + name: ${{ defaults.app_name }}-mysql + namespace: ${{ SEALOS_NAMESPACE }} \ No newline at end of file diff --git a/template/registry.yaml b/template/registry.yaml new file mode 100644 index 00000000..3668a828 --- /dev/null +++ b/template/registry.yaml @@ -0,0 +1,316 @@ +apiVersion: app.sealos.io/v1 +kind: Template +metadata: + name: registry +spec: + title: 'registry' + url: 'https://distribution.github.io/distribution' + gitRepo: 'https://github.com/distribution/distribution' + author: 'sealos' + description: 'gui-registry is a web UI for registry, default registry username and password is root/root' + readme: 'https://raw.githubusercontent.com/distribution/distribution/main/README.md' + icon: 'https://avatars.githubusercontent.com/u/78096003?s=48&v=4' + templateType: inline + defaults: + app_host: + type: string + value: ${{ random(8) }} + gui_host: + type: string + value: ${{ random(8) }} + app_name: + type: string + value: registry-${{ random(8) }} + inputs: +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: ${{ defaults.app_name }} + annotations: + originImageName: registry + deploy.cloud.sealos.io/minReplicas: '1' + deploy.cloud.sealos.io/maxReplicas: '1' + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} + app: ${{ defaults.app_name }} +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + app: ${{ defaults.app_name }} + minReadySeconds: 10 + serviceName: registry + template: + metadata: + labels: + app: ${{ defaults.app_name }} + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: ${{ defaults.app_name }} + image: registry:2.8.3 + env: [] + resources: + requests: + cpu: 50m + memory: 25Mi + limits: + cpu: 500m + memory: 256Mi + ports: + - containerPort: 5000 + imagePullPolicy: Always + volumeMounts: + - name: vn-etcvn-dockervn-registryvn-configvn-yml + mountPath: /etc/docker/registry/config.yml + subPath: ./etc/docker/registry/config.yml + - name: vn-etcvn-registryvn-registry-htpasswd + mountPath: vn-etcvn-registryvn-registry_htpasswd + subPath: ./vn-etcvn-registryvn-registry_htpasswd + - name: vn-varvn-libvn-registry + mountPath: /var/lib/registry + volumes: + - name: vn-etcvn-dockervn-registryvn-configvn-yml + configMap: + name: ${{ defaults.app_name }} + items: + - key: vn-etcvn-dockervn-registryvn-configvn-yml + path: ./etc/docker/registry/config.yml + - name: vn-etcvn-registryvn-registry-htpasswd + configMap: + name: ${{ defaults.app_name }} + items: + - key: vn-etcvn-registryvn-registry_htpasswd + path: ./vn-etcvn-registryvn-registry_htpasswd + volumeClaimTemplates: + - metadata: + annotations: + path: /var/lib/registry + value: '1' + name: vn-varvn-libvn-registry + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ${{ defaults.app_name }} +data: + vn-etcvn-dockervn-registryvn-configvn-yml: |- + version: 0.1 + log: + fields: + service: registry + storage: + filesystem: + rootdirectory: /var/lib/registry + delete: + enabled: true + http: + addr: :5000 + debug: + addr: :5001 + prometheus: + enabled: true + path: /metrics + headers: + X-Content-Type-Options: [nosniff] + Access-Control-Allow-Origin: ['https://${{ defaults.gui_host }}.${{ SEALOS_CLOUD_DOMAIN }}'] + Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE'] + Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control'] + Access-Control-Max-Age: [1728000] + Access-Control-Allow-Credentials: [true] + Access-Control-Expose-Headers: ['Docker-Content-Digest'] + proxy: + on: true + health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 + auth: + htpasswd: + realm: "Registry Realm" + path: /vn-etcvn-registryvn-registry_htpasswd + vn-etcvn-registryvn-registry_htpasswd: root:$2y$05$CXZgu7SFjg4UsH1JsFyi0OtLtPv0ghFbL/BYLAURxuWrJK.61fRL2 + +--- +apiVersion: v1 +kind: Service +metadata: + name: ${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} +spec: + ports: + - port: 5000 + selector: + app: ${{ defaults.app_name }} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: ${{ defaults.app_name }} + cloud.sealos.io/app-deploy-manager-domain: ${{ defaults.app_host }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 2g + nginx.ingress.kubernetes.io/server-snippet: | + client_header_buffer_size 64k; + large_client_header_buffers 4 128k; + nginx.ingress.kubernetes.io/ssl-redirect: 'false' + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/client-body-buffer-size: 64k + nginx.ingress.kubernetes.io/proxy-buffer-size: 64k + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri ~* \.(js|css|gif|jpe?g|png)) { + expires 30d; + add_header Cache-Control "public"; + } +spec: + rules: + - host: ${{ defaults.app_host }}.${{ SEALOS_CLOUD_DOMAIN }} + http: + paths: + - pathType: Prefix + path: /()(.*) + backend: + service: + name: ${{ defaults.app_name }} + port: + number: 5000 + tls: + - hosts: + - ${{ defaults.app_host }}.${{ SEALOS_CLOUD_DOMAIN }} + secretName: ${{ SEALOS_CERT_SECRET_NAME }} +--- +apiVersion: v1 +kind: Service +metadata: + name: gui-${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: gui-${{ defaults.app_name }} +spec: + ports: + - port: 80 + selector: + app: gui-${{ defaults.app_name }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gui-${{ defaults.app_name }} + annotations: + originImageName: joxit/docker-registry-ui:2.5.6-debian + deploy.cloud.sealos.io/minReplicas: '1' + deploy.cloud.sealos.io/maxReplicas: '1' + labels: + cloud.sealos.io/app-deploy-manager: gui-${{ defaults.app_name }} + app: gui-${{ defaults.app_name }} +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + app: gui-${{ defaults.app_name }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + template: + metadata: + labels: + app: gui-${{ defaults.app_name }} + spec: + containers: + - name: gui-${{ defaults.app_name }} + image: joxit/docker-registry-ui:2.5.6-debian + env: + - name: REGISTRY_TITLE + value: Sealos-Registry-GUI + - name: SINGLE_REGISTRY + value: 'true' + - name: DELETE_IMAGES + value: 'true' + - name: SHOW_CONTENT_DIGEST + value: 'true' + - name: NGINX_PROXY_PASS_URL + value: http://${{ defaults.app_name }}.${{ SEALOS_NAMESPACE }}.svc.cluster.local:5000 + - name: SHOW_CATALOG_NB_TAGS + value: 'true' + - name: CATALOG_MIN_BRANCHES + value: '1' + - name: CATALOG_MAX_BRANCHES + value: '1' + - name: TAGLIST_PAGE_SIZE + value: '100' + - name: REGISTRY_SECURED + value: 'false' + - name: CATALOG_ELEMENTS_LIMIT + value: '1000' + resources: + requests: + cpu: 50m + memory: 25Mi + limits: + cpu: 500m + memory: 256Mi + ports: + - containerPort: 80 + imagePullPolicy: Always + volumeMounts: [] + volumes: [] +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gui-${{ defaults.app_name }} + labels: + cloud.sealos.io/app-deploy-manager: gui-${{ defaults.app_name }} + cloud.sealos.io/app-deploy-manager-domain: ${{ defaults.gui_host }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 32m + nginx.ingress.kubernetes.io/server-snippet: | + client_header_buffer_size 64k; + large_client_header_buffers 4 128k; + nginx.ingress.kubernetes.io/ssl-redirect: 'false' + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/client-body-buffer-size: 64k + nginx.ingress.kubernetes.io/proxy-buffer-size: 64k + nginx.ingress.kubernetes.io/proxy-send-timeout: '300' + nginx.ingress.kubernetes.io/proxy-read-timeout: '300' + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri ~* \.(js|css|gif|jpe?g|png)) { + expires 30d; + add_header Cache-Control "public"; + } +spec: + rules: + - host: ${{ defaults.gui_host }}.${{ SEALOS_CLOUD_DOMAIN }} + http: + paths: + - pathType: Prefix + path: /()(.*) + backend: + service: + name: gui-${{ defaults.app_name }} + port: + number: 80 + tls: + - hosts: + - ${{ defaults.gui_host }}.${{ SEALOS_CLOUD_DOMAIN }} + secretName: ${{ SEALOS_CERT_SECRET_NAME }}