apiVersion: v1
kind: ConfigMap
metadata:
  name: gitlab-registry
  namespace: public-service
  labels:
    app: gitlab
    component: registry
data:
  configure: |-
    if [ -e /config/accesskey ] ; then
      sed -e 's@ACCESS_KEY@'"$(cat /config/accesskey)"'@' -e 's@SECRET_KEY@'"$(cat /config/secretkey)"'@' /config/config.yml > /registry/config.yml
    else
      cp -v -r -L /config/config.yml  /registry/config.yml
    fi

    sed -i -e 's@HTTP_SECRET@'"$(cat /config/httpSecret)"'@' /registry/config.yml

    if [ -d /config/notifications ]; then
      for i in /config/notifications/*; do
        filename=$(basename $i);
        sed -i -e 's@'"${filename}"'@'"$(cat $i)"'@' /registry/config.yml;
      done
    fi

    if [ -d /config/storage ]; then

      mkdir -p /registry/storage
      cp -v -r -L /config/storage/* /registry/storage/

      echo '' >> /registry/storage/config

      if ! $(egrep -A1 '^delete:\s*$' /registry/storage/config | egrep -q '\s{2,4}enabled:') ; then
        echo 'delete:' >> /registry/storage/config
        echo '  enabled: true' >> /registry/storage/config
      fi

      sed -i 's/^/  /' /registry/storage/config

      sed -i '/storage:/ r /registry/storage/config' /registry/config.yml

      rm /registry/storage/config
    fi

    cat /config/certificate.crt > /registry/certificate.crt

    if [ -f /config/profiling-key.json ]; then
      cp /config/profiling-key.json /registry/profiling-key.json
    fi
    
  config.yml: |
    version: 0.1
    log:
      fields:
        service: registry
      level: warn
    http:
      debug:
        addr: ':5001'
        prometheus:
          enabled: false
          path: /metrics
      draintimeout: 0
      headers:
        X-Content-Type-Options: [nosniff]
      addr: :5000
      secret: "HTTP_SECRET"
      relativeurls: false
    health:
      storagedriver:
        enabled: false
        interval: 10s
        threshold: 3
    auth:
      token:
        realm: http://gitlab.lzxlinux.com/jwt/auth
        service: container_registry
        issuer: "gitlab-issuer"
        rootcertbundle: /etc/docker/registry/certificate.crt
        autoredirect: false
    compatibility:
      schema1:
        enabled: false
    validation:
      disabled: true
    
    profiling:
    storage:
      maintenance:
        readonly:
          enabled: false
      s3:
        accesskey: "ACCESS_KEY"
        secretkey: "SECRET_KEY"
        region: us-east-1
        regionendpoint: http://gitlab-minio-svc:9000
        bucket: registry
        secure: true
        v4auth: true
        rootdirectory: /
      cache:
        blobdescriptor: 'inmemory'
      delete:
        enabled: true
      redirect:
        disable: true