k8x/env/registry.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: registry-config-cm
data:
  registry-config.yml: |
    version: 0.1
    log:
      fileds:
        service: registry
    storage:
      cache:
        blobdescriptor: inmemory
      filesystem:
        rootdirectory: /var/lib/registry
    http:
      addr: :5000
      headers:
        X-Content-Type-Options: [nosniff]
    auth:
      htpasswd:
        realm: basic-realm
        path: /auth/htpasswd
    health:
      storagedriver:
        enabled: true
        interval: 10s
        threshold: 3
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry
  labels:
    app: registry
spec:
  replicas: 1
  selector:
    matchLabels:
      app: registry
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: registry
    spec:
      containers:
      - name: registry
        image: "registry:latest"
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: false
        ports:
        - name: http 
          containerPort: 5000
          protocol: TCP
        volumeMounts:
        - name: registry-data
          mountPath: "/var/lib/registry"
        - name: registry-config
          mountPath: "/etc/docker/registry"
          readOnly: true
        - name: registry-htpasswd
          mountPath: "/auth"
          readOnly: true
      volumes:
      - name: registry-data
        persistentVolumeClaim:
          claimName: registry-data-pvc
      - name: registry-config
        configMap:
          name: registry-config-cm
          items:
            - key: registry-config.yml
              path: config.yml
      - name: registry-htpasswd
        secret:
          secretName: registry-sec
          items:
          - key: HTPASSWD
            path: htpasswd
---
apiVersion: v1
kind: Service
metadata:
  name: registry
spec:
  ports:
  - port: 5000
  selector:
    app: registry
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: registry-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: 2048m
spec:
  rules:
  - host: registry.develop.example.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: registry
            port:
              number: 5000
  tls:
  - secretName: wildcard-develop-tls
    hosts:
    - registry.develop.example.com
import from rtg 2024-05-17 21:45:52 -04:00			`---`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: registry-config-cm`
			`data:`
			`registry-config.yml: \|`
			`version: 0.1`
			`log:`
			`fileds:`
			`service: registry`
			`storage:`
			`cache:`
			`blobdescriptor: inmemory`
			`filesystem:`
			`rootdirectory: /var/lib/registry`
			`http:`
			`addr: :5000`
			`headers:`
			`X-Content-Type-Options: [nosniff]`
			`auth:`
			`htpasswd:`
			`realm: basic-realm`
			`path: /auth/htpasswd`
			`health:`
			`storagedriver:`
			`enabled: true`
			`interval: 10s`
			`threshold: 3`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: registry`
			`labels:`
			`app: registry`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: registry`
			`strategy:`
			`type: Recreate`
			`template:`
			`metadata:`
			`labels:`
			`app: registry`
			`spec:`
			`containers:`
			`- name: registry`
			`image: "registry:latest"`
			`imagePullPolicy: IfNotPresent`
			`securityContext:`
			`privileged: false`
			`ports:`
			`- name: http`
			`containerPort: 5000`
			`protocol: TCP`
			`volumeMounts:`
			`- name: registry-data`
			`mountPath: "/var/lib/registry"`
			`- name: registry-config`
			`mountPath: "/etc/docker/registry"`
			`readOnly: true`
			`- name: registry-htpasswd`
			`mountPath: "/auth"`
			`readOnly: true`
			`volumes:`
			`- name: registry-data`
			`persistentVolumeClaim:`
			`claimName: registry-data-pvc`
			`- name: registry-config`
			`configMap:`
			`name: registry-config-cm`
			`items:`
			`- key: registry-config.yml`
			`path: config.yml`
			`- name: registry-htpasswd`
			`secret:`
			`secretName: registry-sec`
			`items:`
			`- key: HTPASSWD`
			`path: htpasswd`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: registry`
			`spec:`
			`ports:`
			`- port: 5000`
			`selector:`
			`app: registry`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: registry-ingress`
			`annotations:`
			`kubernetes.io/ingress.class: nginx`
			`nginx.ingress.kubernetes.io/proxy-body-size: 2048m`
			`spec:`
			`rules:`
			`- host: registry.develop.example.com`
			`http:`
			`paths:`
			`- pathType: Prefix`
			`path: /`
			`backend:`
			`service:`
			`name: registry`
			`port:`
			`number: 5000`
			`tls:`
			`- secretName: wildcard-develop-tls`
			`hosts:`
			`- registry.develop.example.com`