feat(ci.jenkins.io-agents-2) add a Docker registry mirroring DockerHub (

#6201)

Ref.
jenkins-infra/helpdesk#4321 (comment)

Requires
jenkins-infra/charts-secrets@689f2c7

Tested once manually.

clusters/cijioagents2.yaml

@@ -11,6 +11,8 @@ repositories:
   # https://github.com/jenkins-infra/helm-charts/
   - name: jenkins-infra
     url: https://jenkins-infra.github.io/helm-charts
+  - name: twuni
+    url: https://helm.twun.io
 releases:
   - name: datadog
     namespace: datadog
@@ -28,6 +30,15 @@ releases:
     version: 1.6.2
     values:
       - "../config/artifact-caching-proxy_azure-cijenkinsio-agents-2.yaml"
+  - name: hub-mirror
+    namespace: hub-mirror
+    chart: twuni/docker-registry
+    # TODO: track with updatecli
+    version: v2.2.3
+    values:
+      - "../config/hub-mirror_cijioagents2.yaml"
+    secrets:
+      - "../secrets/config/hub-mirror/secrets.yaml"
   - name: jenkins-agents
     namespace: jenkins-agents
     chart: jenkins-infra/jenkins-kubernetes-agents

config/artifact-caching-proxy_azure-cijenkinsio-agents-2.yaml

@@ -49,7 +49,7 @@ resources:
     # No CPU limit to avoid throttling
     memory: 8192Mi
   requests:
-    cpu: 2
+    cpu: 1.5
     memory: 8192Mi
 
 replicaCount: 2

config/hub-mirror_cijioagents2.yaml

@@ -0,0 +1,58 @@
+# TODO: track with updatecli (from https://reports.jenkins.io/jenkins-infra-data-reports/aws-sponsorship.json)
+nodeSelector:
+  kubernetes.io/arch: arm64
+  jenkins: ci.jenkins.io
+  role: applications
+
+# TODO: track with updatecli (from https://reports.jenkins.io/jenkins-infra-data-reports/aws-sponsorship.json)
+tolerations:
+  - key: "ci.jenkins.io/applications"
+    operator: "Equal"
+    value: "true"
+    effect: "NoSchedule"
+
+resources:
+  limits:
+    # No CPU limit to avoid throttling
+    memory: 4096Mi
+  requests:
+    cpu: 1.5
+    memory: 4096Mi
+
+service:
+  type: LoadBalancer
+  annotations:
+    # Internal LB, with fixed IP in private subnet where EC2 VM agents are running
+    # https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/service/annotations/
+    service.beta.kubernetes.io/aws-load-balancer-type: "internal"
+    service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
+    # We want the LB to directly send requests to the Pod IPs (requires VPC-CNI)
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
+    # TODO: track with updatecli from https://reports.jenkins.io/jenkins-infra-data-reports/aws-sponsorship.json
+    service.beta.kubernetes.io/aws-load-balancer-subnets: "subnet-031fd3566ba47fd32,subnet-0138ee90cd53d58f7,subnet-012e4bea8ebb3a5fb"
+    # TODO: track with updatecli from https://reports.jenkins.io/jenkins-infra-data-reports/aws-sponsorship.json
+    service.beta.kubernetes.io/aws-load-balancer-private-ipv4-addresses: "10.0.131.246,10.0.129.246,10.0.151.246"
+    service.beta.kubernetes.io/aws-load-balancer-ip-address-type: "ipv4"
+    # Misc.
+    service.beta.kubernetes.io/aws-load-balancer-alpn-policy: "HTTP2Preferred"
+
+proxy:
+  enabled: true
+  remoteurl: "https://registry-1.docker.io"
+
+garbageCollect:
+  enabled: true
+
+persistence:
+  enabled: true
+  deleteEnabled: true
+  size: "250Gi"
+  # TODO: track with updatecli (from https://github.com/jenkins-infra/terraform-aws-sponsorship/blob/47a0758f6f414fa12a2e8be54bd66e921f8a942a/eks-cijenkinsio-agents-2.tf#L217)
+  # Same as ACP
+  storageClass: ebs-csi-premium-retain-us-east-2a
+
+# Required as we use a single PVC disk which needs to be unmounted/re-mounted
+updateStrategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxSurge: 0