--- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: registry-storage namespace: ops spec: storageClassName: zfs-fast accessModes: - ReadWriteOnce resources: requests: storage: 10Gi --- apiVersion: v1 kind: Service metadata: name: registry namespace: ops spec: ports: - name: web port: 5000 protocol: TCP selector: app: registry --- apiVersion: apps/v1 kind: Deployment metadata: name: registry namespace: ops labels: app: registry spec: selector: matchLabels: app: registry replicas: 1 minReadySeconds: 5 template: metadata: labels: app: registry annotations: spec: containers: - name: registry image: registry:2 ports: - containerPort: 5000 livenessProbe: httpGet: path: / port: 5000 readinessProbe: httpGet: path: / port: 5000 resources: env: - name: REGISTRY_HTTP_SECRET valueFrom: secretKeyRef: name: registry key: REGISTRY_HTTP_SECRET volumeMounts: - name: registry-storage mountPath: /var/lib/registry - name: registry-auth mountPath: /auth readOnly: true - name: registry-config mountPath: "/etc/docker/registry" volumes: - name: registry-auth secret: secretName: registry items: - key: REGISTRY_AUTH path: htpasswd - name: registry-config configMap: name: registry - name: registry-storage persistentVolumeClaim: claimName: registry-storage --- apiVersion: v1 kind: ConfigMap metadata: name: registry namespace: ops data: config.yml: | version: 0.1 log: fields: service: registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] auth: htpasswd: realm: registry path: /auth/htpasswd storage: filesystem: rootdirectory: /var/lib/registry delete: enabled: true health: storagedriver: enabled: true interval: 10s threshold: 3