--- apiVersion: v1 kind: ConfigMap metadata: name: registry-config-cm data: registry-config.yml: | version: 0.1 log: fileds: service: registry storage: cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] auth: htpasswd: realm: basic-realm path: /auth/htpasswd health: storagedriver: enabled: true interval: 10s threshold: 3 --- apiVersion: apps/v1 kind: Deployment metadata: name: registry labels: app: registry spec: replicas: 1 selector: matchLabels: app: registry strategy: type: Recreate template: metadata: labels: app: registry spec: containers: - name: registry image: "registry:latest" imagePullPolicy: IfNotPresent securityContext: privileged: false ports: - name: http containerPort: 5000 protocol: TCP volumeMounts: - name: registry-data mountPath: "/var/lib/registry" - name: registry-config mountPath: "/etc/docker/registry" readOnly: true - name: registry-htpasswd mountPath: "/auth" readOnly: true volumes: - name: registry-data persistentVolumeClaim: claimName: registry-data-pvc - name: registry-config configMap: name: registry-config-cm items: - key: registry-config.yml path: config.yml - name: registry-htpasswd secret: secretName: registry-sec items: - key: HTPASSWD path: htpasswd --- apiVersion: v1 kind: Service metadata: name: registry spec: ports: - port: 5000 selector: app: registry --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: registry-ingress annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/proxy-body-size: 2048m spec: rules: - host: registry.develop.example.com http: paths: - pathType: Prefix path: / backend: service: name: registry port: number: 5000 tls: - secretName: wildcard-develop-tls hosts: - registry.develop.example.com