--- # Source: docker-registry/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: docker-registry labels: app.kubernetes.io/name: docker-registry spec: selector: matchLabels: app.kubernetes.io/name: docker-registry replicas: 1 revisionHistoryLimit: 3 strategy: type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: docker-registry annotations: spec: securityContext: fsGroup: 1000 runAsUser: 1000 containers: - name: docker-registry image: "registry:2.8.1" imagePullPolicy: IfNotPresent command: - /bin/registry - serve - /etc/docker/registry/config.yml ports: - containerPort: 5000 livenessProbe: httpGet: path: / port: 5000 readinessProbe: httpGet: path: / port: 5000 resources: {} env: - name: REGISTRY_HTTP_SECRET valueFrom: secretKeyRef: name: docker-registry-secret key: haSharedSecret - name: REGISTRY_AUTH value: "htpasswd" - name: REGISTRY_AUTH_HTPASSWD_REALM value: "Registry Realm" - name: REGISTRY_AUTH_HTPASSWD_PATH value: "/auth/htpasswd" - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY value: "/var/lib/registry" # - name: REGISTRY_PROXY_REMOTEURL # value: https://registry-1.docker.io # - name: REGISTRY_PROXY_USERNAME # valueFrom: # secretKeyRef: # name: docker-registry-secret # key: proxyUsername # - name: REGISTRY_PROXY_PASSWORD # valueFrom: # secretKeyRef: # name: docker-registry-secret # key: proxyPassword volumeMounts: - name: config mountPath: /etc/docker/registry readOnly: true - name: auth mountPath: /auth readOnly: true - name: data mountPath: /var/lib/registry/ volumes: - name: config configMap: name: docker-registry-config - name: auth secret: secretName: docker-registry-secret items: - key: htpasswd path: htpasswd - name: data persistentVolumeClaim: claimName: docker-registry