jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/schemas/infrastructure/oci-registry.ncl

222 lines
5.5 KiB
Plaintext
Raw Normal View History

chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/
2026-01-08 09:55:37 +00:00
# Infrastructure - OCI Registry Schema
# Defines type-safe OCI Registry configuration for Zot, Distribution, and Harbor
# Validates access policies, storage configuration, and TLS settings
{
# Supported registry backends
RegistryBackend = [| 'Zot, 'Distribution, 'Harbor |],
# TLS configuration
TLSConfig = {
enabled | Bool | default = false,
cert_path | String | optional,
key_path | String | optional,
},
# Authentication configuration
AuthConfig = {
method | [| 'none, 'basic, 'bearer, 'oidc |] | default = 'none,
htpasswd_path | String | optional,
issuer | String | optional,
client_id | String | optional,
},
# Storage configuration
StorageConfig = {
path | String,
backend | [| 'filesystem, 's3', 'azure' |] | default = 'filesystem,
dedupe | Bool | default = true,
gc_enabled | Bool | default = true,
gc_interval | String | default = "24h",
},
# Registry metrics configuration
MetricsConfig = {
enabled | Bool | default = true,
listen_address | String | default = ":5001",
prometheus_path | String | default = "/metrics",
},
# Access control policy for namespaces
AccessPolicy = {
namespace | String,
public | Bool | default = false,
users | Array String | default = [],
actions | Array ([| 'read, 'create, 'update, 'delete |]) | default = ['read'],
},
# Webhook notification
Webhook = {
url | String,
events | Array ([| 'pull, 'push, 'delete |]) | default = ['push'],
},
# Zot-specific configuration
ZotConfig = {
storage | StorageConfig,
http = {
address | String | default = "0.0.0.0",
port | Number | default = 5000 | {
predicate = fun n => n > 0 && n < 65536,
},
},
tls | TLSConfig | default = {enabled = false},
auth | AuthConfig | default = {method = 'none'},
metrics | MetricsConfig | default = {
enabled = true,
listen_address = ":5001",
prometheus_path = "/metrics",
},
access_control | Array AccessPolicy | default = [],
webhooks | Array Webhook | default = [],
},
# Docker Distribution-specific configuration
DistributionConfig = {
storage | StorageConfig,
http = {
address | String | default = "0.0.0.0",
port | Number | default = 5000,
tls | TLSConfig | default = {enabled = false},
},
auth | AuthConfig | default = {method = 'basic'},
notifications | Array Webhook | default = [],
},
# Harbor-specific configuration
HarborConfig = {
storage | StorageConfig,
database = {
host | String | default = "postgres",
port | Number | default = 5432,
name | String | default = "harbor",
username | String | doc "Database user",
},
http = {
address | String | default = "0.0.0.0",
port | Number | default = 80,
},
https = {
enabled | Bool | default = true,
port | Number | default = 443,
cert_path | String | optional,
key_path | String | optional,
},
admin = {
username | String | default = "admin",
password | String | doc "Admin password (should use secrets)",
},
projects | Array {
name | String,
public | Bool | default = false,
storage_quota | Number | optional,
} | default = [],
},
# Complete OCI Registry configuration
RegistryConfig = {
backend | RegistryBackend | default = 'Zot,
zot | ZotConfig | optional,
distribution | DistributionConfig | optional,
harbor | HarborConfig | optional,
},
# Common registry presets by mode
soloRegistryPreset = {
backend = 'Zot',
zot = {
storage = {
path = "/tmp/zot-storage",
backend = 'filesystem',
dedupe = true,
gc_enabled = true,
gc_interval = "24h",
},
http = {
address = "0.0.0.0",
port = 5000,
},
tls = {
enabled = false,
},
auth = {
method = 'none',
},
metrics = {
enabled = true,
listen_address = ":5001",
prometheus_path = "/metrics",
},
access_control = [],
webhooks = [],
},
},
multiuserRegistryPreset = {
backend = 'Zot',
zot = {
storage = {
path = "/var/lib/zot-storage",
backend = 'filesystem',
dedupe = true,
gc_enabled = true,
gc_interval = "12h",
},
http = {
address = "0.0.0.0",
port = 5000,
},
tls = {
enabled = true,
cert_path = "/etc/zot/tls/cert.pem",
key_path = "/etc/zot/tls/key.pem",
},
auth = {
method = 'basic',
htpasswd_path = "/etc/zot/auth/htpasswd",
},
metrics = {
enabled = true,
listen_address = ":5001",
prometheus_path = "/metrics",
},
access_control = [],
webhooks = [],
},
},
enterpriseRegistryPreset = {
backend = 'Harbor',
harbor = {
storage = {
path = "/var/lib/harbor-storage",
backend = 's3',
dedupe = true,
gc_enabled = true,
gc_interval = "6h",
},
database = {
host = "postgres",
port = 5432,
name = "harbor",
username = "harbor",
},
http = {
address = "0.0.0.0",
port = 80,
},
https = {
enabled = true,
port = 443,
cert_path = "/etc/harbor/tls/cert.pem",
key_path = "/etc/harbor/tls/key.pem",
},
admin = {
username = "admin",
password = "changeme",
},
projects = [],
},
},
}
Reference in New Issue Copy Permalink