SUS-522 Added spegel version 0.0.26

packs/spegel-0.0.26/README.md

@@ -0,0 +1,39 @@
+# Description
+Spegel, mirror in Swedish, is a stateless cluster local OCI registry mirror.
+Spegel is for you if you are looking to do any of the following:
+* Locally cache images from external registries with no explicit configuration.
+* Avoid cluster failure during external registry downtime.
+* Improve image pull speed and pod startup time by pulling images from the local cache first.
+* Avoid rate-limiting when pulling images from external registries (e.g. Docker Hub).
+* Decrease egressing traffic outside of the clusters network.
+* Increase image pull efficiency in edge node deployments.
+
+# Kubernetes versions supported:
+Above 1.21
+
+# Constraints:
+Currently, Spegel only works with Containerd, in the future other container runtime interfaces may be supported. Spegel relies on [Containerd registry mirroring](https://github.com/containerd/containerd/blob/main/docs/hosts.md#cri) to route requests to the correct destination. This requires Containerd to be properly configured, if it is not Spegel will exit. First of all the registry config path needs to be set, this is not done by default in Containerd. Second of all discarding unpacked layers cannot be enabled. Some Kubernetes flavors come with this setting out of the box, while others do not. Spegel is not able to write this configuration for you as it requires a restart of Containerd to take effect.
+
+```
+version = 2
+
+imports = ["/etc/containerd/conf.d/*.toml"]
+
+[plugins]
+  [plugins."io.containerd.grpc.v1.cri"]
+    sandbox_image = "registry.k8s.io/pause:3.9"
+  [plugins."io.containerd.grpc.v1.cri".containerd]
+   discard_unpacked_layers = false
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+    runtime_type = "io.containerd.runc.v2"
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+    SystemdCgroup = true
+  [plugins."io.containerd.grpc.v1.cri".registry]
+    config_path = "/etc/containerd/certs.d"
+```
+
+# Cloud types supported:
+Everything except GKE
+
+# References:
+  - https://github.com/spegel-org/spegel

packs/spegel-0.0.26/pack.json

@@ -0,0 +1,14 @@
+{
+  "addonType":"registry",
+  "annotations": {},
+  "cloudTypes": [
+    "all"
+  ],
+  "displayName": "Spegel",
+  "charts": [
+    "charts/spegel-0.0.26.tgz"
+  ],
+  "layer": "addon",
+  "name": "spegel",
+  "version": "0.0.26"
+}

packs/spegel-0.0.26/values.yaml

@@ -0,0 +1,156 @@
+pack:
+  content:
+    images:
+      - image: ghcr.io/spegel-org/spegel:v0.0.26
+    charts:
+      - repo: oci://ghcr.io/spegel-org/helm-charts/spegel
+        name: spegel 
+        version: v0.0.26
+  namespace: spegel-system
+  namespaceLabels:
+    "spegel-system": "pod-security.kubernetes.io/enforce=privileged,pod-security.kubernetes.io/enforce-version=v{{ .spectro.system.kubernetes.version | substr 0 4 }}"
+
+charts:
+  spegel:
+    spegel:
+      # -- Registries for which mirror configuration will be created.
+      registries:
+        - https://docker.io
+        - https://ghcr.io
+        - https://quay.io
+        - https://mcr.microsoft.com
+        - https://public.ecr.aws
+        - https://gcr.io
+        - https://registry.k8s.io
+        - https://k8s.gcr.io
+        - https://lscr.io
+      # -- Additional target mirror registries other than Spegel.
+      additionalMirrorRegistries: []
+      # -- Max ammount of mirrors to attempt.
+      mirrorResolveRetries: 3
+      # -- Max duration spent finding a mirror.
+      mirrorResolveTimeout: "5s"
+      # -- Path to Containerd socket.
+      containerdSock: "/run/containerd/containerd.sock"
+      # -- Containerd namespace where images are stored.
+      containerdNamespace: "k8s.io"
+      # -- Path to Containerd mirror configuration.
+      containerdRegistryConfigPath: "/etc/containerd/certs.d"
+      # -- If true Spegel will add mirror configuration to the node.
+      containerdMirrorAdd: true
+      # -- Path to Kubeconfig credentials, should only be set if Spegel is run in an environment without RBAC.
+      kubeconfigPath: ""
+      # -- When true Spegel will resolve tags to digests.
+      resolveTags: true
+      # -- When true latest tags will be resolved to digests.
+      resolveLatestTag: true
+      # -- Maximum write speed per request when serving blob layers. Should be an integer followed by unit Bps, KBps, MBps, GBps, or TBps.
+      blobSpeed: ""
+
+    image:
+      # -- Image repository.
+      repository: ghcr.io/spegel-org/spegel
+      # -- Image Pull Policy.
+      pullPolicy: IfNotPresent
+      # -- Overrides the image tag whose default is the chart appVersion.
+      tag: ""
+      # -- Image digest.
+      digest: ""
+
+    # -- Image Pull Secrets
+    imagePullSecrets: []
+    # -- Overrides the name of the chart.
+    nameOverride: ""
+    # -- Overrides the full name of the chart.
+    fullnameOverride: ""
+    # -- Overrides the namespace where spegel resources are installed.
+    namespaceOverride: ""
+
+    serviceAccount:
+      # -- Annotations to add to the service account
+      annotations: {}
+      # -- The name of the service account to use.
+      # If not set and create is true, a name is generated using the fullname template.
+      name: ""
+
+    # -- Annotations to add to the pod.
+    podAnnotations: {}
+
+    # -- Security context for the pod.
+    podSecurityContext: {}
+      # fsGroup: 2000
+
+    # -- Security context for the Spegel container.
+    securityContext: {}
+      # capabilities:
+      #   drop:
+      #   - ALL
+      # readOnlyRootFilesystem: true
+      # runAsNonRoot: true
+      # runAsUser: 1000
+
+    service:
+      registry:
+        # -- Port to expose the registry via the service.
+        port: 5000
+        # -- Node port to expose the registry via the service.
+        nodePort: 30021
+        # -- Local host port to expose the registry.
+        hostPort: 30020
+        # -- If true adds topology aware hints annotation to node port service.
+        topologyAwareHintsEnabled: true
+      router:
+        # -- Port to expose the router via the service.
+        port: 5001
+      metrics:
+        # -- Port to expose the metrics via the service.
+        port: 9090
+
+    # -- Resource requests and limits for the Spegel container.
+    resources: {}
+      # We usually recommend not to specify default resources and to leave this as a conscious
+      # choice for the user. This also increases chances charts run on environments with little
+      # resources, such as Minikube. If you do want to specify resources, uncomment the following
+      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+      # limits:
+      #   cpu: 100m
+      #   memory: 128Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+
+    # -- Node selector for pod assignment.
+    nodeSelector:
+      kubernetes.io/os: linux
+
+    # -- An update strategy to replace existing pods with new pods.
+    updateStrategy: {}
+      # type: RollingUpdate
+      # rollingUpdate:
+      #   maxSurge: 0
+      #   maxUnavailable: 1
+
+    # -- Tolerations for pod assignment.
+    tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+      - effect: NoSchedule
+        operator: Exists
+
+    # -- Affinity settings for pod assignment.
+    affinity: {}
+
+    serviceMonitor:
+      # -- If true creates a Prometheus Service Monitor.
+      enabled: false
+      # -- Prometheus scrape interval.
+      interval: 60s
+      # -- Prometheus scrape interval timeout.
+      scrapeTimeout: 30s
+      # -- Service monitor specific labels for prometheus to discover servicemonitor.
+      labels: {}
+
+    # -- Priority class name to use for the pod.
+    priorityClassName: system-node-critical