added regisrtry example

Author: paynejacob

examples/registry/manifest.yaml

@@ -0,0 +1,31 @@
+name: registry
+description: |
+  An authenticated docker registry running in Digitalocean.
+variables:
+  digitalocean_token:
+    sensitive: true
+    type: string
+    optional: false
+    description: "A Digitalocean API token with write permission. https://docs.digitalocean.com/reference/api/create-personal-access-token/"
+  digitalocean_domain:
+    sensitive: true
+    type: string
+    optional: false
+    description: "The domain to use for the registry host."
+  registry_host:
+    type: string
+    readOnly: true
+    description: "host the configured registry can be accessed at"
+  username:
+    type: string
+    readOnly: true
+    description: "username for registry authentication"
+  password:
+    type: string
+    readOnly: true
+    description: "password for registry authentication"
+commands:
+  - module: main
+  - command: /opt/corral/install.sh
+    node_pools:
+      - registry

examples/registry/overlay/etc/docker/registry/config.yml

@@ -0,0 +1,32 @@
+version: 0.1
+log:
+  accesslog:
+    disabled: true
+  level: info
+  formatter: text
+  fields:
+    service: registry
+    environment: staging
+storage:
+  filesystem:
+    rootdirectory: /var/lib/registry
+    maxthreads: 100
+  delete:
+    enabled: false
+  redirect:
+    disable: false
+auth:
+  htpasswd:
+    realm: basic-realm
+    path: /etc/docker/registry/htpasswd
+http:
+  addr: 0.0.0.0:443
+  host: https://HOSTNAME
+  tls:
+    certificate: /etc/docker/registry/ssl/registry.crt
+    key: /etc/docker/registry/ssl/registry.key
+  headers:
+    X-Content-Type-Options: [nosniff]
+  http2:
+    disabled: false
+

examples/registry/overlay/etc/docker/registry/ssl/.gitkeep

@@ -0,0 +1,13 @@
+[Unit]
+Description=Docker Registry
+After=network.target
+StartLimitIntervalSec=0
+[Service]
+Type=simple
+Restart=always
+RestartSec=1
+User=root
+ExecStart=/usr/local/bin/registry serve /etc/docker/registry/config.yml
+
+[Install]
+WantedBy=multi-user.target

examples/registry/overlay/etc/systemd/system/registry.service

@@ -0,0 +1,9 @@
+variable "corral_name" {} // name of the corral being created
+variable "corral_user_id" {} // how the user is identified (usually github username)
+variable "corral_user_public_key" {} // the users public key
+variable "corral_public_key" {} // The corrals public key.  This should be installed on every node.
+variable "corral_private_key" {} // The corrals private key.
+
+// Package
+variable "digitalocean_token" {}
+variable "digitalocean_domain" {}

examples/registry/overlay/usr/local/bin/registry

@@ -0,0 +1,43 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+}
+
+provider "random" {}
+provider "digitalocean" {
+  token = var.digitalocean_token
+}
+
+// it is best practice to distinguish an environment with a random id to avoid collisions
+resource "random_id" "registry_id" {
+  byte_length       = 6
+}
+
+// we will use the corral public key to get access to nodes to provision them later
+resource "digitalocean_ssh_key" "corral_key" {
+  name       = "${var.corral_user_id}-${random_id.registry_id.hex}"
+  public_key = var.corral_public_key
+}
+
+resource "digitalocean_droplet" "registry" {
+  count = 1
+
+  name = "${var.corral_user_id}-${random_id.registry_id.hex}-registry"
+  image    = "ubuntu-20-04-x64"
+  region   = "sfo3"
+  size     = "s-1vcpu-2gb"
+  tags = [var.corral_user_id, random_id.registry_id.hex] // when possible resources should be marked with the associated corral
+  ssh_keys = [digitalocean_ssh_key.corral_key.id]
+}
+
+resource "digitalocean_record" "registry" {
+  domain = var.digitalocean_domain
+  name   = random_id.registry_id.hex
+  type   = "A"
+  value  = digitalocean_droplet.registry[0].ipv4_address
+}

examples/registry/terraform/main/corral.tf

@@ -0,0 +1,15 @@
+output "corral_node_pools" {
+  value = {
+    registry = [
+    for droplet in digitalocean_droplet.registry : {
+      name = droplet.name // unique name of node
+      user = "root" // ssh username
+      address = droplet.ipv4_address // address of ssh host
+    }
+    ]
+  }
+}
+
+output "registry_host" {
+  value = join(".", [digitalocean_record.registry.name, digitalocean_record.registry.domain])
+}