feat(storage): add azure support

plaffitt · plaffitt · commit 7d53929653ab · 2024-10-30T16:23:19.000+01:00
diff --git a/docs/high-availability.md b/docs/high-availability.md
@@ -16,6 +16,7 @@ The registry supports various storage solutions, some of which enable high avail
 | MinIO         |      Yes      | `minio.enabled=true`                |
 | S3-compatible |      Yes      | `registry.persistence.s3=...`       |
 | GCS           |      Yes      | `registry.persistence.gcs=...`      |
+| Azure         |      Yes      | `registry.persistence.azure=...`    |
 
 HA-compatible backends uses a deployment whereas other backends relies on a statefulset.
 
@@ -95,6 +96,28 @@ kubectl create secret generic secret-name \
         --from-literal=credentials.json=${GCS_KEY}
 ```
 
+### Azure
+
+Microsoft Azure can also be used as a storage backend for the registry. Here is an example of values to use Azure:
+
+```yaml
+registry:
+  persistence:
+    azureExistingSecret: secret-name
+    azure:
+      container: registry
+```
+
+Please refer to the [Docker registry documentation](https://distribution.github.io/distribution/about/configuration/) for more details.
+
+Note that you will need to create a Secret holding the associated service account secret:
+
+```
+kubectl create secret generic secret-name \
+        --from-literal=accountname=${ACCOUNTNAME} \
+        --from-literal=accountkey=${ACCOUNTKEY}
+```
+
 ## MinIO
 
 The kuik Helm chart has an optional dependency on the [bitnami MinIO chart](https://artifacthub.io/packages/helm/bitnami/minio). The subchart can be enabled by setting `minio.enabled` to `true`, and it can be configured by passing values under the `minio.*` path; for instance, with the following values YAML:
@@ -126,4 +149,3 @@ kubectl create secret generic minio-root-auth \
 It is NOT necessary to set `registry.persistence.enabled` to `true` to enable persistence through MinIO.
 
 It is NOT necessary to configure the S3 endpoint when using this solution as it will be configured automatically by the chart.
-
diff --git a/helm/kube-image-keeper/templates/_helpers.tpl b/helm/kube-image-keeper/templates/_helpers.tpl
@@ -110,5 +110,5 @@ Create the name of the service account to use
 {{- end }}
 
 {{- define "kube-image-keeper.registry-stateless-mode" -}}
-{{- ternary "true" "false" (or .Values.minio.enabled (not (empty .Values.registry.persistence.s3)) (not (empty .Values.registry.persistence.gcs))) }}
+{{- ternary "true" "false" (or .Values.minio.enabled (not (empty .Values.registry.persistence.s3)) (not (empty .Values.registry.persistence.gcs)) (not (empty .Values.registry.persistence.azure))) }}
 {{- end }}
diff --git a/helm/kube-image-keeper/templates/registry-deployment.yaml b/helm/kube-image-keeper/templates/registry-deployment.yaml
@@ -48,16 +48,20 @@ spec:
                   key: secret
             - name: REGISTRY_STORAGE_DELETE_ENABLED
               value: "true"
-            {{- if (not (empty .Values.registry.persistence.s3))}}
+            {{- if (not (empty .Values.registry.persistence.s3)) }}
             - name: REGISTRY_STORAGE
               value: s3
             {{- end}}
-            {{- if (not (empty .Values.registry.persistence.gcs))}}
+            {{- if (not (empty .Values.registry.persistence.gcs)) }}
             - name: REGISTRY_STORAGE
               value: gcs
             - name: REGISTRY_STORAGE_GCS_KEYFILE
               value: "/etc/registry/keys/credentials.json"
             {{- end}}
+            {{- if (not (empty .Values.registry.persistence.azure)) }}
+            - name: REGISTRY_STORAGE
+              value: azure
+            {{- end}}
             {{- if .Values.registry.serviceMonitor.create }}
             - name: REGISTRY_HTTP_DEBUG_ADDR
               value: 0.0.0.0:5001
@@ -78,10 +82,14 @@ spec:
             - name: {{ printf "%s_%s" "REGISTRY_STORAGE_S3" ($k | upper) }}
               value: {{ $v | quote }}
             {{- end }}
-            {{- range $k, $v := omit .Values.registry.persistence.gcs }}
+            {{- range $k, $v := .Values.registry.persistence.gcs }}
             - name: {{ printf "%s_%s" "REGISTRY_STORAGE_GCS" ($k | upper) }}
               value: {{ $v | quote }}
             {{- end }}
+            {{- range $k, $v := omit .Values.registry.persistence.azure "accountname" "accountkey" }}
+            - name: {{ printf "%s_%s" "REGISTRY_STORAGE_AZURE" ($k | upper) }}
+              value: {{ $v | quote }}
+            {{- end }}
             {{- if .Values.registry.persistence.disableS3Redirections }}
             - name: REGISTRY_STORAGE_REDIRECT_DISABLE
               value: "true"
@@ -100,6 +108,19 @@ spec:
                   name: {{ $s3KeysSecretName }}
                   key: secretKey
             {{- end }}
+            {{- if (not (empty .Values.registry.persistence.azureExistingSecret)) }}
+            {{ $azureKeysSecretName := .Values.registry.persistence.azureExistingSecret | default "kube-image-keeper-s3-registry-keys" }}
+            - name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $azureKeysSecretName }}
+                  key: accountname
+            - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $azureKeysSecretName }}
+                  key: accountkey
+            {{- end }}
             {{- range .Values.registry.env }}
             - name: {{ .name }}
               value: {{ .value | quote }}
diff --git a/helm/kube-image-keeper/values.yaml b/helm/kube-image-keeper/values.yaml
@@ -220,7 +220,7 @@ registry:
     storageClass: null
     # -- Registry persistent volume size
     size: 20Gi
-    # -- External S3 configuration (needed only if you don't enable minio) (see https://github.com/docker/docs/blob/main/registry/storage-drivers/s3.md)
+    # -- External S3 configuration (needed only if you don't enable minio) (see https://github.com/distribution/distribution/blob/main/docs/content/storage-drivers/s3.md)
     s3: {}
     s3ExistingSecret: ""
     # -- Disable blobs redirection to S3 bucket (useful if your S3 instance is not accessible from kubelet)
@@ -229,6 +229,9 @@ registry:
     gcs: {}
     # use service account secret in JSON format
     gcsExistingSecret: ""
+    # -- Azure configuration (see https://github.com/distribution/distribution/blob/main/docs/content/storage-drivers/azure.md)
+    azure: {}
+    azureExistingSecret: ""
   garbageCollection:
     # -- Garbage collector cron schedule. Use standard crontab format.
     schedule: "0 0 * * 0"
