Quayio-pull-through-cache configs on new cluster (openshift#58618)

clusters/master/apps/quayio-pull-through-cache/machineset/quayio-cache-worker-amd64.yaml

@@ -21,7 +21,7 @@ spec:
     spec:
       metadata:
         labels:
-          ci-workload: quayio-cache
+          cache-workload: quayio-cache
       providerSpec:
         value:
           ami:
@@ -40,7 +40,7 @@ spec:
           deviceIndex: 0
           iamInstanceProfile:
             id: master-64cvr-worker-profile
-          instanceType: m6a.4xlarge
+          instanceType: m6a.2xlarge
           kind: AWSMachineProviderConfig
           metadata:
             creationTimestamp: null
@@ -76,8 +76,8 @@ metadata:
   name: master-64cvr-quayio-cache-worker-amd64-us-east-1a
   namespace: openshift-machine-api
 spec:
-  maxReplicas: 2
-  minReplicas: 1
+  maxReplicas: 3
+  minReplicas: 0
   scaleTargetRef:
     apiVersion: machine.openshift.io/v1beta1
     kind: MachineSet

clusters/master/apps/quayio-pull-through-cache/quayio-pull-through-cache-gcs.yaml

@@ -0,0 +1,133 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: quayio-pull-through-cache-gcp
+  namespace: ci
+data:
+  config.yml: |-
+    version: 0.1
+    log:
+      fields:
+        service: registry
+    storage:
+      s3:
+        bucket: quayio-pull-through-cache
+        encrypt: true
+        region: us-east-1
+        rootdirectory: /quay.io
+    http:
+      addr: :5000
+      headers:
+        X-Content-Type-Options: [nosniff]
+    health:
+      storagedriver:
+        enabled: true
+        interval: 10s
+        threshold: 3
+    auth:
+      htpasswd:
+        realm: quay-realm
+        path: /tmp/htpasswd
+    proxy:
+      remoteurl: https://quay.io
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: quayio-pull-through-cache-gcs
+  namespace: ci
+spec:
+  to:
+    kind: Service
+    name: quayio-pull-through-cache-gcs
+  tls:
+    termination: Edge
+    insecureEdgeTerminationPolicy: Redirect
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: quayio-pull-through-cache-gcs
+  namespace: ci
+spec:
+  selector:
+    app: quayio-pull-through-cache-gcs
+  ports:
+  - port: 5000
+    targetPort: 5000
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: quayio-pull-through-cache-gcs
+  namespace: ci
+  labels:
+    app: quayio-pull-through-cache-gcs
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: quayio-pull-through-cache-gcs
+  template:
+    metadata:
+      labels:
+        app: quayio-pull-through-cache-gcs
+    spec:
+      tolerations:
+      - key: "node-role.kubernetes.io/quayio-cache-worker"
+        operator: "Equal"
+        value: "quayio-cache-worker"
+        effect: "NoSchedule"
+      nodeSelector:
+        cache-workload: quayio-cache
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoreDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app: quayio-pull-through-cache-gcs
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+      - name: quayio-cache
+        image: registry.ci.openshift.org/ci/docker-registry:tp-2.8.2-gcs
+        command:
+        - /tp-entrypoint.sh
+        env:
+        - name: REGISTRY_STORAGE_S3_ACCESSKEY
+          valueFrom:
+            secretKeyRef:
+              name: quayio-pull-through-cache-r2-credentials
+              key: R2_ACCESS_KEY_ID
+        - name: REGISTRY_STORAGE_S3_SECRETKEY
+          valueFrom:
+            secretKeyRef:
+              name: quayio-pull-through-cache-r2-credentials
+              key: R2_SECRET_ACCESS_KEY
+        - name: REGISTRY_STORAGE_S3_REGIONENDPOINT
+          valueFrom:
+            secretKeyRef:
+              name: quayio-pull-through-cache-r2-credentials
+              key: R2_SECRET_REGIONENDPOINT
+        ports:
+          - name: http
+            containerPort: 5000
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "500m"
+          limits:
+            memory: "2Gi"
+            cpu: "1000m"
+        volumeMounts:
+        - mountPath: /etc/quay-io-pull-credentials
+          name: quay-io-pull-credentials
+        - mountPath: /etc/docker-registry
+          name: config
+      volumes:
+      - name: config
+        configMap:
+          name: quayio-pull-through-cache-gcp
+      - name: quay-io-pull-credentials
+        secret:
+          secretName: quay-io-pull-credentials

clusters/master/apps/quayio-pull-through-cache/quayio-pull-through-cache-us-east-1.yaml

@@ -0,0 +1,133 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: quayio-pull-through-cache-us-east-1
+  namespace: ci
+data:
+  config.yml: |-
+    version: 0.1
+    log:
+      fields:
+        service: registry
+    storage:
+      s3:
+        bucket: quayio-pull-through-cache
+        encrypt: true
+        region: us-east-1
+        rootdirectory: /quay.io
+    http:
+      addr: :5000
+      headers:
+        X-Content-Type-Options: [nosniff]
+    health:
+      storagedriver:
+        enabled: true
+        interval: 10s
+        threshold: 3
+    auth:
+      htpasswd:
+        realm: quay-realm
+        path: /tmp/htpasswd
+    proxy:
+      remoteurl: https://quay.io
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: quayio-pull-through-cache-us-east-1
+  namespace: ci
+spec:
+  to:
+    kind: Service
+    name: quayio-pull-through-cache-us-east-1
+  tls:
+    termination: Edge
+    insecureEdgeTerminationPolicy: Redirect
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: quayio-pull-through-cache-us-east-1
+  namespace: ci
+spec:
+  selector:
+    app: quayio-pull-through-cache-us-east-1
+  ports:
+  - port: 5000
+    targetPort: 5000
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: quayio-pull-through-cache-us-east-1
+  namespace: ci
+  labels:
+    app: quayio-pull-through-cache-us-east-1
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: quayio-pull-through-cache-us-east-1
+  template:
+    metadata:
+      labels:
+        app: quayio-pull-through-cache-us-east-1
+    spec:
+      tolerations:
+      - key: "node-role.kubernetes.io/quayio-cache-worker"
+        operator: "Equal"
+        value: "quayio-cache-worker"
+        effect: "NoSchedule"
+      nodeSelector:
+        cache-workload: quayio-cache
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoreDuringExecution:
+          - labeSelector:
+              matchLabels:
+                app: quayio-pull-through-cache-us-east-1
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+      - name: quayio-cache
+        image: registry.ci.openshift.org/ci/docker-registry:tp-2.8.1
+        command:
+        - /tp-entrypoint.sh
+        env:
+        - name: REGISTRY_STORAGE_S3_ACCESSKEY
+          valueFrom:
+            secretKeyRef:
+              name: quayio-pull-through-cache-r2-credentials
+              key: R2_ACCESS_KEY_ID
+        - name: REGISTRY_STORAGE_S3_SECRETKEY
+          valueFrom:
+            secretKeyRef:
+              name: quayio-pull-through-cache-r2-credentials
+              key: R2_SECRET_ACCESS_KEY
+        - name: REGISTRY_STORAGE_S3_REGIONENDPOINT
+          valueFrom:
+            secretKeyRef:
+              name: quayio-pull-through-cache-r2-credentials
+              key: R2_SECRET_REGIONENDPOINT
+        ports:
+          - name: http
+            containerPort: 5000
+        volumeMounts:
+        - mountPath: /etc/quay-io-pull-credentials
+          name: quay-io-pull-credentials
+        - mountPath: /etc/docker-registry
+          name: config
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "500m"
+          limits:
+            memory: "2Gi"
+            cpu: "1000m"
+      volumes:
+      - name: config
+        configMap:
+          name: quayio-pull-through-cache-us-east-1
+      - name: quay-io-pull-credentials
+        secret:
+          secretName: quay-io-pull-credentials