Add k8s manifest

metal-stack · Nov 23, 2023 · 399b955 · 399b955
1 parent 14ade3e
commit 399b955
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -3,8 +3,8 @@
 Container and OCI Image Mirror.
 
 `oci-mirror` lets you mirror container images or any other oci artefact between registries.
-It is designed to run on a regular basis, as a `CronJob` in kubernetes for example.
-Under the hood it uses `go-containerregistry` to copy images directly from one registry to another.
+It is designed to run on a regular basis, as a [CronJob](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs) in kubernetes for example.
+Under the hood it uses [go-containerregistry](github.com/google/go-containerregistry) to copy images directly from one registry to another.
 
 ## Configuration
 
@@ -17,3 +17,8 @@ First create a `oci-mirror.yaml` which matches your needs, then run it with the
 ```bash
 docker run -it -v $PWD/oci-mirror.yaml:/oci-mirror.yaml --rm ghcr.io/metal-stack/oci-mirror mirror
 ```
+
+## TODO
+
+- [ ] eventually support http(s) artifacts to be stored as OCIs
+- [ ] support Regex Match for image tags
diff --git a/deploy/oci-mirror.yaml b/deploy/oci-mirror.yaml
@@ -0,0 +1,73 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: oci-mirror
+spec:
+  schedule: "0 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: oci-mirror
+            image: ghcr.io/metal-stack/oci-mirror
+            imagePullPolicy: IfNotPresent
+            command:
+            - mirror
+            - -mirror-config=/config/oci-mirror.yaml
+            volumeMounts:
+              - name: mirror-config
+                mountPath: /config
+          volumes:
+            - name: mirror-config
+              secret:
+                name: mirror-config
+                items:
+                  - key: oci-mirror.yaml
+                    path: oci-mirror.yaml
+          restartPolicy: OnFailure
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mirror-config
+stringData:
+  oci-mirror.yaml: |
+      # destination registries which requires authentication
+      registries:
+        "docker.io":
+          auth:
+            username:
+            password:
+        "localhost:5000":
+          auth:
+            username: admin
+            password: secret123
+      # images to mirror
+      images:
+        # source is the image which should get mirrored
+        - source: "alpine"
+          # to this new location
+          destination: "172.17.0.1:5000/library/alpine"
+          # match defines which images to mirror
+          match:
+            # tags is a list of image tags to mirror
+            tags:
+              - "3.17"
+              - "3.18"
+        - source: "busybox"
+          destination: "172.17.0.1:5000/library/busybox"
+          match:
+            # semver will only mirror the tags of the source images which match this semantic version constraint
+            semver: ">= 1.35"
+        - source: "nginx"
+          destination: "172.17.0.1:5000/library/nginx"
+          match:
+            # only mirror the 20 newest semantic versioned image tags of this image
+            last: 20
+        - source: "ubuntu"
+          destination: "172.17.0.1:5000/library/ubuntu"
+          match:
+            # mirror all tags of this image
+            all_tags: true
diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 require (
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 // indirect
+	github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Microsoft/hcsshim v0.11.4 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect

diff --git a/go.sum b/go.sum
@@ -5,8 +5,8 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/GehirnInc/crypt v0.0.0-20190301055215-6c0105aabd46/go.mod h1:kC29dT1vFpj7py2OvG1khBdQpo3kInWP+6QipLbdngo=
-github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 h1:KeNholpO2xKjgaaSyd+DyQRrsQjhbSeS7qe4nEw8aQw=
-github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962/go.mod h1:kC29dT1vFpj7py2OvG1khBdQpo3kInWP+6QipLbdngo=
+github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 h1:IEjq88XO4PuBDcvmjQJcQGg+w+UaafSy8G5Kcb5tBhI=
+github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5/go.mod h1:exZ0C/1emQJAw5tHOaUDyY1ycttqBAPcxuzf7QbY6ec=
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=