dexhorthy/plain-registry.yaml

## plain-registry.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: registry
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: registry
  namespace: registry
  labels:
    app: registry
data:
  config.yml: |-
    auth:
      htpasswd:
        realm: basic-realm
        path: /auth/htpasswd
    health:
      storagedriver:
        enabled: true
        interval: 10s
        threshold: 3
    http:
      addr: :5000
      headers:
        X-Content-Type-Options:
        - nosniff
    log:
      fields:
        service: registry
    storage:
      cache:
        blobdescriptor: inmemory
    version: 0.1
---
apiVersion: v1
kind: Secret
metadata:
  name: registry-htpasswd
  namespace: registry
stringData:
  # set password to kots:kots
  htpasswd: kots:$2y$07$127vQeKC4wmHR9wSbe0meuJVaMhPTDwtaRRV8KlKYoHQyVCx6V5JK
---
apiVersion: v1
kind: Service
metadata:
  name: registry
  namespace: registry
  labels:
    app: registry
spec:
  type: NodePort
  ports:
    - port: 5000
      protocol: TCP
      name: registry
      targetPort: 5000
      nodePort: 32000
  selector:
    app: registry
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: registry
  namespace: registry
  labels:
    app: registry
spec:
  selector:
    matchLabels:
      app: registry
  replicas: 1
  serviceName: registry
  template:
    metadata:
      labels:
        app: registry
      annotations:
    spec:
      securityContext:
        fsGroup: 1000
        runAsUser: 1000
      containers:
        - name: registry
          image: "registry:2.7.1"
          imagePullPolicy: IfNotPresent
          command:
          - /bin/registry
          - serve
          - /etc/docker/registry/config.yml
          ports:
            - containerPort: 5000
          livenessProbe:
            httpGet:
              path: /
              port: 5000
          readinessProbe:
            httpGet:
              path: /
              port: 5000
          resources:
            {}
          env:
            - name: REGISTRY_HTTP_SECRET
              value: "password"
            - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
              value: "/var/lib/registry"
          volumeMounts:
            - name: registry-data
              mountPath: /var/lib/registry/
            - name: "registry-config"
              mountPath: "/etc/docker/registry"
            - mountPath: /auth
              name: registry-htpasswd
      volumes:
        - name: registry-data
          persistentVolumeClaim:
            claimName: registry-data
        - name: registry-config
          configMap:
            name: registry
        - name: registry-htpasswd
          secret:
            defaultMode: 420
            secretName: registry-htpasswd
  volumeClaimTemplates:
  - metadata:
      name: registry-data
    spec:
      accessModes:
      - "ReadWriteOnce"
      resources:
        requests:
          storage: 5Gi
	apiVersion: v1
	kind: Namespace
	metadata:
	name: registry
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: registry
	namespace: registry
	labels:
	app: registry
	data:
	config.yml: \|-
	auth:
	htpasswd:
	realm: basic-realm
	path: /auth/htpasswd
	health:
	storagedriver:
	enabled: true
	interval: 10s
	threshold: 3
	http:
	addr: :5000
	headers:
	X-Content-Type-Options:
	- nosniff
	log:
	fields:
	service: registry
	storage:
	cache:
	blobdescriptor: inmemory
	version: 0.1
	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: registry-htpasswd
	namespace: registry
	stringData:
	# set password to kots:kots
	htpasswd: kots:$2y$07$127vQeKC4wmHR9wSbe0meuJVaMhPTDwtaRRV8KlKYoHQyVCx6V5JK
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: registry
	namespace: registry
	labels:
	app: registry
	spec:
	type: NodePort
	ports:
	- port: 5000
	protocol: TCP
	name: registry
	targetPort: 5000
	nodePort: 32000
	selector:
	app: registry
	---
	apiVersion: apps/v1
	kind: StatefulSet
	metadata:
	name: registry
	namespace: registry
	labels:
	app: registry
	spec:
	selector:
	matchLabels:
	app: registry
	replicas: 1
	serviceName: registry
	template:
	metadata:
	labels:
	app: registry
	annotations:
	spec:
	securityContext:
	fsGroup: 1000
	runAsUser: 1000
	containers:
	- name: registry
	image: "registry:2.7.1"
	imagePullPolicy: IfNotPresent
	command:
	- /bin/registry
	- serve
	- /etc/docker/registry/config.yml
	ports:
	- containerPort: 5000
	livenessProbe:
	httpGet:
	path: /
	port: 5000
	readinessProbe:
	httpGet:
	path: /
	port: 5000
	resources:
	{}
	env:
	- name: REGISTRY_HTTP_SECRET
	value: "password"
	- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
	value: "/var/lib/registry"
	volumeMounts:
	- name: registry-data
	mountPath: /var/lib/registry/
	- name: "registry-config"
	mountPath: "/etc/docker/registry"
	- mountPath: /auth
	name: registry-htpasswd
	volumes:
	- name: registry-data
	persistentVolumeClaim:
	claimName: registry-data
	- name: registry-config
	configMap:
	name: registry
	- name: registry-htpasswd
	secret:
	defaultMode: 420
	secretName: registry-htpasswd
	volumeClaimTemplates:
	- metadata:
	name: registry-data
	spec:
	accessModes:
	- "ReadWriteOnce"
	resources:
	requests:
	storage: 5Gi