Skip to content

Instantly share code, notes, and snippets.

@relyt0925
Created April 26, 2021 03:59
Show Gist options
  • Save relyt0925/d7a03b86820d1ee9e90218b186e7f92e to your computer and use it in GitHub Desktop.
Save relyt0925/d7a03b86820d1ee9e90218b186e7f92e to your computer and use it in GitHub Desktop.
apiVersion: v1
kind: ConfigMap
metadata:
name: registry-configurator
data:
configure.sh: |
#!/usr/bin/env bash
set -x
#NOTE: based off ubi-minimal can be changed
microdnf install util-linux -y
cp /scripts/ca.crt /ca-directory/ca.crt
chmod 0644 /ca-directory/ca.crt
nsenter -t 1 -m -u -i -n -p -- update-ca-certificates
if ! grep "CUSTOMER_DNS_RESOVERS_ADDITION" /host-etc-systemd-dir/resolved.conf; then
if ! [[ -f /host-etc-systemd-dir/resolved.conf.initial ]]; then
cp /host-etc-systemd-dir/resolved.conf /host-etc-systemd-dir/resolved.conf.initial
fi
cat /host-etc-systemd-dir/resolved.conf.initial /scripts/resolved.conf > /host-etc-systemd-dir/resolved.conf
fi
nsenter -t 1 -m -u -i -n -p -- systemctl restart systemd-resolved
nsenter -t 1 -m -u -i -n -p -- systemctl restart containerd
resolved.conf: |
#CUSTOMER_DNS_RESOVERS_ADDITION
[Resolve]
DNS=`DNS_SERVICE_IP(kubectl get service -n kube-system kube-dns -o jsonpath='{.spec.clusterIP}')`
Domains=~`SUBDOMAIN_TO_BE_FORWARDED_TO_ON_PREM_RESOLVERS (aka registry.myonpremdomain.com)`
ca.crt: |
-----BEGIN CERTIFICATE-----
`CA_CERTS_THAT_ISSUED_ARTIFACTORY_CERTS`
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
`ADDITIONAL_CA_CERTS_THAT_ISSUED_ARTIFACTORY_CERTS`
-----END CERTIFICATE-----
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: private-registry-configurator
name: private-registry-configurator
spec:
selector:
matchLabels:
app: private-registry-configurator
template:
metadata:
labels:
app: private-registry-configurator
spec:
tolerations:
- operator: "Exists"
hostPID: true
initContainers:
- name: configure-registry
image: "registry.access.redhat.com/ubi8/ubi-minimal:8.3"
command: ['/bin/bash', '-c', 'mkdir /cache && cp /scripts/configure.sh /cache && chmod +x /cache/configure.sh && /bin/bash /cache/configure.sh']
securityContext:
privileged: true
volumeMounts:
- mountPath: /scripts
name: script-config
- mountPath: /host-etc-systemd-dir
name: etc-systemd-dir
- mountPath: /ca-directory
name: ca-directory
containers:
- name: pause
image: registry.ng.bluemix.net/armada-master/pause:3.2
volumes:
- name: ca-directory
hostPath:
# directory location on host
path: /usr/local/share/ca-certificates/`CA_CERTS_UNIQUE_IDENTIFIER (example registry.myonpremdomain.com)`
type: DirectoryOrCreate
- name: etc-systemd-dir
hostPath:
path: /etc/systemd
- name: script-config
configMap:
name: registry-configurator
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment