cloudogu
diff --git a/‎applications/argocd/petclinic/helm/Jenkinsfile.ftl
Lines changed: 11 additions & 22 deletions b/‎applications/argocd/petclinic/helm/Jenkinsfile.ftl
Lines changed: 11 additions & 22 deletions
diff --git a/‎applications/argocd/petclinic/plain-k8s/Jenkinsfile.ftl
Lines changed: 18 additions & 28 deletions b/‎applications/argocd/petclinic/plain-k8s/Jenkinsfile.ftl
Lines changed: 18 additions & 28 deletions
diff --git a/‎docs/configuration.schema.json
Lines changed: 6 additions & 22 deletions b/‎docs/configuration.schema.json
Lines changed: 6 additions & 22 deletions
diff --git a/‎docs/developers.md
Lines changed: 30 additions & 31 deletions b/‎docs/developers.md
Lines changed: 30 additions & 31 deletions
diff --git a/‎exercises/petclinic-helm/Jenkinsfile.ftl
Lines changed: 12 additions & 24 deletions b/‎exercises/petclinic-helm/Jenkinsfile.ftl
Lines changed: 12 additions & 24 deletions
@@ -4,16 +4,14 @@ String getApplication() { "spring-petclinic-helm" }
 String getScmManagerCredentials() { 'scmm-user' }
 String getConfigRepositoryPRBaseUrl() { env.SCMM_URL }
 String getConfigRepositoryPRRepo() { '${namePrefix}argocd/example-apps' }
-<#if registry.twoRegistries>
-String getDockerRegistryPullBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PULL_URL }
-String getDockerRegistryPullCredentials() { 'registry-pull-user' }
-String getDockerRegistryPushBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PUSH_URL }
-String getDockerRegistryPushPath() { env.${namePrefixForEnvVars}REGISTRY_PUSH_PATH }
-String getDockerRegistryPushCredentials() { 'registry-push-user' }
-<#else>
+
 String getDockerRegistryBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_URL }
 String getDockerRegistryPath() { env.${namePrefixForEnvVars}REGISTRY_PATH }
 String getDockerRegistryCredentials() { 'registry-user' }
+
+<#if registry.twoRegistries>
+String getDockerRegistryProxyBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PROXY_URL }
+String getDockerRegistryProxyCredentials() { 'registry-proxy-user' }
 </#if>
 
 <#noparse>
@@ -66,33 +64,24 @@ node {
         stage('Docker') {
             String imageTag = createImageTag()
 </#noparse>
-<#if registry.twoRegistries>
-<#noparse>
-            String pathPrefix = !dockerRegistryPushPath?.trim() ? "" : "${dockerRegistryPushPath}/"
-            imageName = "${dockerRegistryPushBaseUrl}/${pathPrefix}${application}:${imageTag}"
-            docker.withRegistry("http://${dockerRegistryPullBaseUrl}", dockerRegistryPullCredentials) {
-                image = docker.build(imageName, '.')
-            }
-</#noparse>
-<#else>
 <#noparse>
             String pathPrefix = !dockerRegistryPath?.trim() ? "" : "${dockerRegistryPath}/"
             imageName = "${dockerRegistryBaseUrl}/${pathPrefix}${application}:${imageTag}"
-            image = docker.build(imageName, '.')
 </#noparse>
-</#if>
-
-            if (isBuildSuccessful()) {
 <#if registry.twoRegistries>
 <#noparse>
-                docker.withRegistry("http://${dockerRegistryPushBaseUrl}", dockerRegistryPushCredentials) {
+            docker.withRegistry("http://${dockerRegistryProxyBaseUrl}", dockerRegistryProxyCredentials) {
+                image = docker.build(imageName, '.')
+            }
 </#noparse>
 <#else>
 <#noparse>
-                docker.withRegistry("http://${dockerRegistryBaseUrl}", dockerRegistryCredentials) {
+            image = docker.build(imageName, '.')
 </#noparse>
 </#if>
 <#noparse>
+            if (isBuildSuccessful()) {
+                docker.withRegistry("http://${dockerRegistryBaseUrl}", dockerRegistryCredentials) {
                     image.push()
                 }
             } else {
 
@@ -4,17 +4,16 @@ String getApplication() { 'spring-petclinic-plain' }
 String getConfigRepositoryPRRepo() { '${namePrefix}argocd/example-apps' }
 String getScmManagerCredentials() { 'scmm-user' }
 String getConfigRepositoryPRBaseUrl() { env.SCMM_URL }
-<#if registry.twoRegistries>
-String getDockerRegistryPullBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PULL_URL }
-String getDockerRegistryPullCredentials() { 'registry-pull-user' }
-String getDockerRegistryPushBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PUSH_URL }
-String getDockerRegistryPushPath() { env.${namePrefixForEnvVars}REGISTRY_PUSH_PATH }
-String getDockerRegistryPushCredentials() { 'registry-push-user' }
-<#else>
+
 String getDockerRegistryBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_URL }
 String getDockerRegistryPath() { env.${namePrefixForEnvVars}REGISTRY_PATH }
 String getDockerRegistryCredentials() { 'registry-user' }
+
+<#if registry.twoRegistries>
+String getDockerRegistryProxyBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PROXY_URL }
+String getDockerRegistryProxyCredentials() { 'registry-proxy-user' }
 </#if>
+
 <#noparse>
 String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/3rd-party-dependencies/ces-build-lib" }
 String getCesBuildLibVersion() { '2.2.0' }
@@ -57,33 +56,24 @@ node {
         stage('Docker') {
             String imageTag = createImageTag()
 </#noparse>
-<#if registry.twoRegistries>
-<#noparse>
-            String pathPrefix = !dockerRegistryPushPath?.trim() ? "" : "${dockerRegistryPushPath}/"
-            imageName = "${dockerRegistryPushBaseUrl}/${pathPrefix}${application}:${imageTag}"
-            docker.withRegistry("http://${dockerRegistryPullBaseUrl}", dockerRegistryPullCredentials) {
-                image = docker.build(imageName, '.')
-            }
-</#noparse>
-<#else>
 <#noparse>
             String pathPrefix = !dockerRegistryPath?.trim() ? "" : "${dockerRegistryPath}/"
-                imageName = "${dockerRegistryBaseUrl}/${pathPrefix}${application}:${imageTag}"
-                image = docker.build(imageName, '.')
+            imageName = "${dockerRegistryBaseUrl}/${pathPrefix}${application}:${imageTag}"
 </#noparse>
-</#if>
-
-            if (isBuildSuccessful()) {
 <#if registry.twoRegistries>
 <#noparse>
-                        docker.withRegistry("http://${dockerRegistryPushBaseUrl}", dockerRegistryPushCredentials) {
+            docker.withRegistry("http://${dockerRegistryProxyBaseUrl}", dockerRegistryProxyCredentials) {
+                image = docker.build(imageName, '.')
+            }
 </#noparse>
 <#else>
 <#noparse>
-                docker.withRegistry("http://${dockerRegistryBaseUrl}", dockerRegistryCredentials) {
+            image = docker.build(imageName, '.')
 </#noparse>
 </#if>
 <#noparse>
+            if (isBuildSuccessful()) {
+                docker.withRegistry("http://${dockerRegistryBaseUrl}", dockerRegistryCredentials) {
                     image.push()
                 }
             } else {
@@ -136,7 +126,7 @@ node {
                 ]
 <#noparse>
                 addSpecificGitOpsConfig(gitopsConfig)
-                
+
                 deployViaGitops(gitopsConfig)
             } else {
                 echo 'Skipping deploy, because build not successful or not on main branch'
@@ -157,9 +147,9 @@ void addSpecificGitOpsConfig(gitopsConfig) {
         cesBuildLibRepo: cesBuildLibRepo,
         cesBuildLibVersion: cesBuildLibVersion,
         cesBuildLibCredentialsId: scmManagerCredentials,
-        
-        
-        // The GitOps playground provides parameters for overwriting the build images used by gitops-build-lib, so 
+
+
+        // The GitOps playground provides parameters for overwriting the build images used by gitops-build-lib, so
         // it also works in an offline context.
         // Those parameters overwrite the following parameters.
         // If you can access the internet, you can rely on the defaults, which load the images from public registries.
@@ -193,7 +183,7 @@ def loadLibraries() {
     // @Library(["github.com/cloudogu/ces-build-lib@${cesBuildLibVersion}", "github.com/cloudogu/gitops-build-lib@${gitOpsBuildLibRepo}"]) _
     //import com.cloudogu.ces.cesbuildlib.*
     //import com.cloudogu.ces.gitopsbuildlib.*
-    
+
     cesBuildLib = library(identifier: "ces-build-lib@${cesBuildLibVersion}",
             retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo, credentialsId: scmManagerCredentials])
     ).com.cloudogu.ces.cesbuildlib
 
@@ -501,33 +501,17 @@
           "type" : "string",
           "description" : "Optional when registry-url is set"
         },
-        "pullPassword" : {
+        "proxyPassword" : {
           "type" : "string",
-          "description" : "Optional when registry-pull-url is set"
+          "description" : "Use with registry-proxy-url, added to Jenkins as credentials."
         },
-        "pullUrl" : {
+        "proxyUrl" : {
           "type" : "string",
-          "description" : "The url of your external pull-registry. Make sure to always use this with registry-push-url"
+          "description" : "The url of your proxy-registry. Used in pipelines to authorize pull base images. Use in conjunction with petclinic base image."
         },
-        "pullUsername" : {
+        "proxyUsername" : {
           "type" : "string",
-          "description" : "Optional when registry-pull-url is set"
-        },
-        "pushPassword" : {
-          "type" : "string",
-          "description" : "Optional when registry-push-url is set"
-        },
-        "pushPath" : {
-          "type" : "string",
-          "description" : "Optional when registry-push-url is set"
-        },
-        "pushUrl" : {
-          "type" : "string",
-          "description" : "The url of your external pull-registry. Make sure to always use this with registry-pull-url"
-        },
-        "pushUsername" : {
-          "type" : "string",
-          "description" : "Optional when registry-push-url is set"
+          "description" : "Use with registry-proxy-url, added to Jenkins as credentials."
         },
         "url" : {
           "type" : "string",
 
@@ -427,27 +427,25 @@ That is, for most helm charts, you'll need to set an individual value.
 
 ## Testing two registries
 
-### Very simple test
+### Basic test
 * Start playground once,
 * then again with these parameters:  
-  `--registry-pull-url=localhost:30000 --registry-push-url=localhost:30000`
+  `--registry-url=localhost:30000 --registry-proxy-url=localhost:30000 --registry-proxy-username=Proxy --registry-proxy-password=Proxy12345`
 * The petclinic pipelines should still run
 
 ### Proper test
 
 * Start cluster:
 ```shell
-# Stop other cluster, if necessary
-# k3d cluster stop gitops-playground
-scripts/init-cluster.sh --cluster-name=two-regs
+scripts/init-cluster.sh
 ```
 * Setup harbor as stated [above](#external-registry-for-development), but with Port `30000`.  
   Wait for harbor to startup: ` kubectl get pod -n harbor`  
   Don't care about crashing harbor `jobservice`
 * Create registries and base image:
 
 ```bash
-operations=("Pull" "Push")
+operations=("Proxy" "Registry")
 
 for operation in "${operations[@]}"; do
 
@@ -460,30 +458,31 @@ for operation in "${operations[@]}"; do
     echo creating user $operation with PW ${operation}12345
     curl -s  --fail 'http://localhost:30000/api/v2.0/users' -X POST -u admin:Harbor12345 -H 'Content-Type: application/json' --data-raw "{\"username\":\"$operation\",\"email\":\"[email protected]\",\"realname\":\"$operation example\",\"password\":\"${operation}12345\",\"comment\":null}"
     
-	echo "Adding member $operation to project $lower_operation; ID=${projectId}"
+    echo "Adding member $operation to project $lower_operation; ID=${projectId}"
 
     curl  --fail "http://localhost:30000/api/v2.0/projects/${projectId}/members" -X POST -u admin:Harbor12345    -H 'Content-Type: application/json' --data-raw "{\"role_id\":4,\"member_user\":{\"username\":\"$operation\"}}"
 done
 
-skopeo copy docker://eclipse-temurin:11-jre-alpine --dest-creds Pull:Pull12345 --dest-tls-verify=false  docker://localhost:30000/pull/eclipse-temurin:11-jre-alpine
+skopeo copy docker://eclipse-temurin:11-jre-alpine --dest-creds Proxy:Proxy12345 --dest-tls-verify=false  docker://localhost:30000/proxy/eclipse-temurin:11-jre-alpine
 ```
 
 * Deploy playground:
 
 ```bash
-docker run --rm -t  -u $(id -u)  \
-    -v ~/.config/k3d/kubeconfig-two-regs.yaml:/home/.kube/config \
-    -v $(pwd)/gitops-playground.yaml:/config/gitops-playground.yaml \
-    --net=host \
-  gitops-playground:dev -x --yes --argocd  --ingress-nginx --base-url=http://localhost  \
-  --registry-push-url=localhost:30000 \
-  --registry-push-path=push \
-  --registry-push-username=Push \
-  --registry-push-password=Push12345 \
-  --registry-pull-url=localhost:30000 \
-  --registry-pull-username=Pull \
-  --registry-pull-password=Pull12345 \
-  --petclinic-image=localhost:30000/pull/eclipse-temurin:11-jre-alpine 
+docker run --rm -t -u $(id -u)  \
+   -v ~/.config/k3d/kubeconfig-gitops-playground.yaml:/home/.kube/config  \
+    --net=host  \
+    gitops-playground:dev \
+    --yes --argocd --ingress-nginx --base-url=http://localhost \
+    --registry-url=localhost:30000 \
+    --registry-path=registry \
+    --registry-username=Registry  \
+    --registry-password=Registry12345 \
+    --registry-proxy-url=localhost:30000 \
+    --registry-proxy-username=Proxy \
+    --registry-proxy-password=Proxy12345 \
+    --petclinic-image=localhost:30000/proxy/eclipse-temurin:11-jre-alpine 
+
 # Or with config file --config-file=/config/gitops-playground.yaml 
 ```
 
@@ -496,8 +495,8 @@ for namespace in "${namespaces[@]}"; do
   kubectl create secret docker-registry regcred \
   -n $namespace \
   --docker-server=localhost:30000 \
-  --docker-username=Push \
-  --docker-password=Push12345
+  --docker-username=Registry\
+  --docker-password=Registry12345
   kubectl patch serviceaccount default -n $namespace -p '{"imagePullSecrets": [{"name": "regcred"}]}'
 done
 ```
@@ -506,15 +505,15 @@ The same using a config file looks like so:
 
 ```yaml
 registry: 
-  pullUrl: localhost:30000
-  pullUsername: Pull
-  pullPassword: Pull12345
-  pushUrl: localhost:30000
-  pushUsername: Push
-  pushPassword: Push12345
-  pushPath: push
+  proxyUrl: localhost:30000
+  proxyUsername: Proxy
+  proxyPassword: Proxy12345
+  registryUrl: localhost:30000
+  registryUsername: Registry
+  registryPassword: Registry12345
+  registryPath: Registry
 images: 
-  petclinic: localhost:30000/pull/eclipse-temurin:11-jre-alpine
+  petclinic: localhost:30000/proxy/eclipse-temurin:11-jre-alpine
 ```
 
 ## Emulate an airgapped environment
 
@@ -4,16 +4,14 @@ String getApplication() { "exercise-spring-petclinic-helm" }
 String getScmManagerCredentials() { 'scmm-user' }
 String getConfigRepositoryPRBaseUrl() { env.SCMM_URL }
 String getConfigRepositoryPRRepo() { '${namePrefix}argocd/example-apps' }
-<#if registry.twoRegistries>
-String getDockerRegistryPullBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PULL_URL }
-String getDockerRegistryPullCredentials() { 'registry-pull-user' }
-String getDockerRegistryPushBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PUSH_URL }
-String getDockerRegistryPushPath() { env.${namePrefixForEnvVars}REGISTRY_PUSH_PATH }
-String getDockerRegistryPushCredentials() { 'registry-push-user' }
-<#else>
+
 String getDockerRegistryBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_URL }
 String getDockerRegistryPath() { env.${namePrefixForEnvVars}REGISTRY_PATH }
 String getDockerRegistryCredentials() { 'registry-user' }
+
+<#if registry.twoRegistries>
+String getDockerRegistryProxyCredentials() { 'registry-proxy-user' }
+String getDockerRegistryProxyBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_PROXY_URL }
 </#if>
 <#noparse>
 String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/3rd-party-dependencies/ces-build-lib/" }
@@ -60,35 +58,25 @@ node {
         stage('Docker') {
             String imageTag = createImageTag()
 </#noparse>
-<#if registry.twoRegistries>
-<#noparse>
-            String pathPrefix = !dockerRegistryPushPath?.trim() ? "" : "${dockerRegistryPushPath}/"
-            imageName = "${dockerRegistryPushBaseUrl}/${pathPrefix}${application}:${imageTag}"
-            docker.withRegistry("http://${dockerRegistryPullBaseUrl}", dockerRegistryPullCredentials) {
-                image = docker.build(imageName, '.')
-            }
-</#noparse>
-<#else>
 <#noparse>
             String pathPrefix = !dockerRegistryPath?.trim() ? "" : "${dockerRegistryPath}/"
             imageName = "${dockerRegistryBaseUrl}/${pathPrefix}${application}:${imageTag}"
-            image = docker.build(imageName, '.')
 </#noparse>
-</#if>
-
-
-                if (isBuildSuccessful()) {
 <#if registry.twoRegistries>
 <#noparse>
-                            docker.withRegistry("http://${dockerRegistryPushBaseUrl}", dockerRegistryPushCredentials) {
+            docker.withRegistry("http://${dockerRegistryProxyBaseUrl}", dockerRegistryProxyCredentials) {
+                image = docker.build(imageName, '.')
+            }
 </#noparse>
 <#else>
 <#noparse>
-                docker.withRegistry("http://${dockerRegistryBaseUrl}", dockerRegistryCredentials) {
+            image = docker.build(imageName, '.')
 </#noparse>
 </#if>
 <#noparse>
-                    image.push()
+                if (isBuildSuccessful()) {
+                    docker.withRegistry("http://${dockerRegistryBaseUrl}", dockerRegistryCredentials) {
+                        image.push()
                 }
             } else {
                 echo 'Skipping docker push, because build not successful'