Move nfs stuff to namespace. Move registry.

deployments/j7s-os-app.yaml

@@ -1,51 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: j7s-os-app-deployment
-  labels:
-    app: j7s-os-app
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: j7s-os-app
-  template:
-    metadata:
-      labels:
-        app: j7s-os-app
-    spec:
-      containers:
-      - name: j7s-os-app
-        image: 192.168.1.128:8443/j7s-os-deploy:latest
-        ports:
-          - containerPort: 8080
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: j7s-os-app-service
-spec:
-  selector:
-    app: j7s-os-app
-  ports:
-    - protocol: TCP
-      targetPort: 8080
-      port: 3001
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: j7s-os-app-ingress
-spec:
-  rules:
-  - host: j7s-os.internal.jpace121.net
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: j7s-os-app-service
-            port:
-              number: 3001

deployments/kanboard-deployment.yaml

@@ -51,7 +51,7 @@ spec:
               name: kanboard-cookie
               key: cookie-secret
       - name: kanboard-app
-        image: 192.168.1.128:8443/kanboard:latest
+        image: 192.168.1.149:8443/kanboard:latest
         ports:
         - containerPort: 80
         - containerPort: 443

deployments/squid.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
       - name: squid
-        image: 192.168.1.128:8443/squid:0.3
+        image: 192.168.1.149:8443/squid:0.3
         volumeMounts:
           - mountPath: /var/spool/squid
             name: squid-volume

jobs/test-trigger-check.yaml

@@ -11,7 +11,7 @@ spec:
     spec:
       containers:
       - name: test-trigger-check
-        image: 192.168.1.128:8443/curl:latest
+        image: 192.168.1.149:8443/curl:latest
         command: ["bash"]
         args:
           - "-c"

namespaces/nfs-subdir-external-provisioner.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nfs-subdir-external-provisioner

notes.md

@@ -25,7 +25,7 @@ kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers
 kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
 ```
 Set up local registry on master.
-(I didn't document this process.)
+(See below.)
 
 Tell k3s about it:
 ```sudo vim /etc/rancher/k3s/registries.yaml```
@@ -69,6 +69,79 @@ Port forward locally:
 kubectl port-forward -n tekton-pipelines service/tekton-dashboard 9097:9097
 ```
 
+# Local Registry
+I could have done a much better job of documenting this.
+```
+mkdir registry/
+cd registry/
+mkdir certs auth data
+cd certs/
+openssl genrsa 1024 > domain.key
+chmod 400 domain.key
+vim san.cnf
+```
+san.cf
+```
+[req]                    
+default_bits  = 2048         
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+x509_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+countryName = US
+stateOrProvinceName = PA
+localityName = Pittsburgh
+organizationName = j7s k3s CA
+commonName = j7s k3s CA
+
+[req_ext]
+subjectAltName = @alt_names
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+IP.1 = 10.100.100.5
+IP.2 = 192.168.1.128
+```
+```
+openssl req -new -x509 -nodes -days 36500 -key domain.key -out domain.crt -config san.cnf
+ls
+cd ..
+ls
+cd auth/
+podman run   --entrypoint htpasswd   docker.io/library/httpd:2 -Bbn k3s password > htpasswd
+cd ..
+vim run.sh
+```
+
+run.sh
+```
+#!/usr/bin/env bash
+podman run -d \
+        --restart=always \
+        --name registry \
+        -v `pwd`/auth:/auth \
+        -v `pwd`/certs:/certs \
+        -v `pwd`/data:/var/lib/registry \
+        -e REGISTRY_AUTH=htpasswd \
+        -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \
+        -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
+        -e REGISTRY_HTTP_ADDR=0.0.0.0:8443 \
+        -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
+        -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
+        -e REGISTRY_STORAGE_DELETE_ENABLED=true \
+        -p 8443:8443 \
+        registry:latest
+```
+
+```
+sudo firewall-cmd --permanent --add-port=8443/tcp
+sudo firewall-cmd --reload
+```
+
 # NFS
 
 Server: CentOS 9
@@ -107,7 +180,8 @@ sudo apt install nfs-common
 Install to the cluster:
 ```
 helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
-helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
+helm install --namespace nfs-subdir-external-provisioner nfs-subdir-external-provisioner \
+  nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
   --set nfs.server=192.168.1.149 \
   --set nfs.path=/srv/nfs
 ```

pipelines/j7s-os-pipeline.yaml

@@ -60,7 +60,7 @@ spec:
     - name: image
       value: j7s-os-deploy
     - name: registry
-      value: 192.168.1.128:8443
+      value: 192.168.1.149:8443
     - name: version
       value: $(tasks.image-build.results.version-string)
     taskRef:
@@ -72,7 +72,7 @@ spec:
       workspace: git-credentials
     params:
     - name: image
-      value: 192.168.1.128:8443/j7s-os-deploy
+      value: 192.168.1.149:8443/j7s-os-deploy
     - name: version
       value: $(tasks.image-build.results.version-string)
     taskRef:

tasks/j7s-ansible-build.yaml

@@ -11,7 +11,7 @@ spec:
   - name: deploy
   - name: ansible-file-path
   steps:
-  - image: 192.168.1.128:8443/ansible-podman:latest
+  - image: 192.168.1.149:8443/ansible-podman:latest
     securityContext:
       privileged: true
     script: |

tasks/j7s-git-clone.yaml

@@ -11,7 +11,7 @@ spec:
   - name: url
   - name: branch
   steps:
-  - image: 192.168.1.128:8443/gitssh:latest
+  - image: 192.168.1.149:8443/gitssh:latest
     script: |
       set -x
       cp -r $(workspaces.ssh-directory.path) ~/.ssh

tasks/j7s-onedev-file-bug.yaml

@@ -11,7 +11,7 @@ spec:
   - name: run-name
   - name: status
   steps:
-  - image: 192.168.1.128:8443/curl:latest
+  - image: 192.168.1.149:8443/curl:latest
     script: |
       #!/usr/bin/env bash
       set -e

tasks/j7s-onedev-pr-review.yaml

@@ -11,7 +11,7 @@ spec:
   - name: run-name
   - name: status
   steps:
-  - image: 192.168.1.128:8443/curl:latest
+  - image: 192.168.1.149:8443/curl:latest
     script: |
       #!/usr/bin/env bash
       set -e

tasks/j7s-os-image-build.yaml

@@ -11,7 +11,7 @@ spec:
   results:
   - name: version-string
   steps:
-  - image: 192.168.1.128:8443/j7s-image-build:latest
+  - image: 192.168.1.149:8443/j7s-image-build:latest
     securityContext:
       privileged: true
     script: |

tasks/j7s-os-k8s-deploy.yaml

@@ -13,7 +13,7 @@ spec:
     - name: ssh-directory
   steps:
     - name: update-with-flux
-      image: 192.168.1.128:8443/gitssh:latest
+      image: 192.168.1.149:8443/gitssh:latest
       script: |
         #!/usr/bin/env bash
         set -x