---
apiVersion: v1
kind: ConfigMap
metadata:
  name: registry-config
data:
  registry-config.yml: |
    version: 0.1
    log:
      fileds:
        service: registry
    storage:
      cache:
        blobdescriptor: inmemory
      filesystem:
        rootdirectory: /var/lib/registry
    http:
      addr: :5000
      headers:
        X-Content-Type-Options: [nosniff]
    auth:
      htpasswd:
        realm: basic-realm
        path: /auth/htpasswd
    health:
      storagedriver:
        enabled: true
        interval: 10s
        threshold: 3
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry
  labels:
    app: registry
spec:
  replicas: 1
  selector:
    matchLabels:
      app: registry
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: registry
    spec:
      containers:
      - name: registry
        image: "registry:latest"
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: false
        ports:
        - name: http 
          containerPort: 5000
          protocol: TCP
        volumeMounts:
        - name: registry-data
          mountPath: "/var/lib/registry"
        - name: registry-config
          mountPath: "/etc/docker/registry"
          readOnly: true
        - name: registry-htpasswd
          mountPath: "/auth"
          readOnly: true
      volumes:
      - name: registry-data
        persistentVolumeClaim:
          claimName: registry-data
      - name: registry-config
        configMap:
          name: registry-config
          items:
            - key: registry-config.yml
              path: config.yml
      - name: registry-htpasswd
        secret:
          secretName: registry-sec
          items:
          - key: HTPASSWD
            path: htpasswd
---
apiVersion: v1
kind: Service
metadata:
  name: registry
spec:
  ports:
  - port: 5000
  selector:
    app: registry