jaigouk/registry-cm.yaml

## registry-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: "{{ template "harbor.fullname" . }}-registry"
  labels:
{{ include "harbor.labels" . | indent 4 }}
data:
  config.yml: |+
    version: 0.1
    log:
      level: info
      fields:
        service: registry
    storage:
      {{- if .Values.registry.objectStorage }}
{{ toYaml .Values.registry.objectStorage | indent 6 }}
      {{- end }}
      cache:
        layerinfo: inmemory
      {{- if not .Values.registry.objectStorage }}
      filesystem:
        rootdirectory: /var/lib/registry
      {{- end }}
      maintenance:
        uploadpurging:
          enabled: false
      delete:
        enabled: true
    http:
      addr: :5000
      # set via environment variable
      # secret: placeholder
      debug:
        addr: localhost:5001
    auth:
      token:
        issuer: harbor-token-issuer
        realm: "https://{{ .Values.externalDomain }}/service/token"
        rootcertbundle: /etc/registry/root.crt
        service: harbor-registry

    notifications:
      endpoints:
        - name: harbor
          disabled: false
          url: http://{{ template "harbor.fullname" . }}-ui/service/notifications
          timeout: 3000ms
          threshold: 5
          backoff: 1s

## registry-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: "{{ template "harbor.fullname" . }}-registry"
  labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
  httpSecret: {{ .Values.registry.httpSecret | b64enc | quote }}
  root.crt: {{ .Values.registry.rootCrt | b64enc | quote }}

## registry-ss.yaml
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
  name: "{{ template "harbor.fullname" . }}-registry"
  labels:
{{ include "harbor.labels" . | indent 4 }}
    component: registry
spec:
  replicas: 1
  serviceName: "{{ template "harbor.fullname" . }}-registry"
  selector:
    matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
      component: registry
  template:
    metadata:
      labels:
{{ include "harbor.labels" . | indent 8 }}
        component: registry
    spec:
      containers:
      - name: registry
        image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}
        imagePullPolicy: {{ .Values.registry.image.pullPolicy }}
        resources:
{{ toYaml .Values.mysql.resources | indent 10 }}
        args: ["serve", "/etc/registry/config.yml"]
        env:
          - name: REGISTRY_HTTP_SECRET
            valueFrom:
              secretKeyRef:
                name: "{{ template "harbor.fullname" . }}-registry"
                key: httpSecret
        ports:
        - containerPort: 5000
        - containerPort: 5001
        volumeMounts:
  {{- if not .Values.registry.objectStorage }}
  {{- if .Values.persistence.enabled }}
        - name: registry-data
          mountPath: /var/lib/registry
  {{- end }}
  {{- end }}
        - name: registry-root-certificate
          mountPath: /etc/registry/root.crt
          subPath: root.crt
        - name: registry-config
          mountPath: /etc/registry/config.yml
          subPath: config.yml
      volumes:
{{- if not .Values.registry.objectStorage }}
{{- if not .Values.persistence.enabled }}
      - name: registry-data
        emptyDir: {}
{{- end }}
{{- end }}
      - name: registry-root-certificate
        secret:
          secretName: "{{ template "harbor.fullname" . }}-registry"
      - name: registry-config
        configMap:
          name: "{{ template "harbor.fullname" . }}-registry"
  {{- if not .Values.registry.objectStorage }}
  {{- if .Values.persistence.enabled }}
  volumeClaimTemplates:
  - metadata:
      name: "registry-data"
      labels:
{{ include "harbor.labels" . | indent 8 }}
    spec:
      accessModes: [{{ .Values.registry.volumes.data.accessMode | quote }}]
      {{- if .Values.registry.volumes.data.storageClass }}
      {{- if (eq "-" .Values.registry.volumes.data.storageClass) }}
      storageClassName: ""
      {{- else }}
      storageClassName: "{{ .Values.registry.volumes.data.storageClass }}"
      {{- end }}
      {{- end }}
      resources:
        requests:
          storage: {{ .Values.registry.volumes.data.size | quote }}
  {{- end -}}
  {{- end -}}

## registry-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: "{{ template "harbor.fullname" . }}-registry"
  labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
  ports:
    - name: repo
      port: 5000
    - name: debug
      port: 5001
  selector:
{{ include "harbor.matchLabels" . | indent 4 }}
    component: registry
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: "{{ template "harbor.fullname" . }}-registry"
	labels:
	{{ include "harbor.labels" . \| indent 4 }}
	data:
	config.yml: \|+
	version: 0.1
	log:
	level: info
	fields:
	service: registry
	storage:
	{{- if .Values.registry.objectStorage }}
	{{ toYaml .Values.registry.objectStorage \| indent 6 }}
	{{- end }}
	cache:
	layerinfo: inmemory
	{{- if not .Values.registry.objectStorage }}
	filesystem:
	rootdirectory: /var/lib/registry
	{{- end }}
	maintenance:
	uploadpurging:
	enabled: false
	delete:
	enabled: true
	http:
	addr: :5000
	# set via environment variable
	# secret: placeholder
	debug:
	addr: localhost:5001
	auth:
	token:
	issuer: harbor-token-issuer
	realm: "https://{{ .Values.externalDomain }}/service/token"
	rootcertbundle: /etc/registry/root.crt
	service: harbor-registry

	notifications:
	endpoints:
	- name: harbor
	disabled: false
	url: http://{{ template "harbor.fullname" . }}-ui/service/notifications
	timeout: 3000ms
	threshold: 5
	backoff: 1s
	apiVersion: v1
	kind: Secret
	metadata:
	name: "{{ template "harbor.fullname" . }}-registry"
	labels:
	{{ include "harbor.labels" . \| indent 4 }}
	type: Opaque
	data:
	httpSecret: {{ .Values.registry.httpSecret \| b64enc \| quote }}
	root.crt: {{ .Values.registry.rootCrt \| b64enc \| quote }}
	apiVersion: apps/v1beta2
	kind: StatefulSet
	metadata:
	name: "{{ template "harbor.fullname" . }}-registry"
	labels:
	{{ include "harbor.labels" . \| indent 4 }}
	component: registry
	spec:
	replicas: 1
	serviceName: "{{ template "harbor.fullname" . }}-registry"
	selector:
	matchLabels:
	{{ include "harbor.matchLabels" . \| indent 6 }}
	component: registry
	template:
	metadata:
	labels:
	{{ include "harbor.labels" . \| indent 8 }}
	component: registry
	spec:
	containers:
	- name: registry
	image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}
	imagePullPolicy: {{ .Values.registry.image.pullPolicy }}
	resources:
	{{ toYaml .Values.mysql.resources \| indent 10 }}
	args: ["serve", "/etc/registry/config.yml"]
	env:
	- name: REGISTRY_HTTP_SECRET
	valueFrom:
	secretKeyRef:
	name: "{{ template "harbor.fullname" . }}-registry"
	key: httpSecret
	ports:
	- containerPort: 5000
	- containerPort: 5001
	volumeMounts:
	{{- if not .Values.registry.objectStorage }}
	{{- if .Values.persistence.enabled }}
	- name: registry-data
	mountPath: /var/lib/registry
	{{- end }}
	{{- end }}
	- name: registry-root-certificate
	mountPath: /etc/registry/root.crt
	subPath: root.crt
	- name: registry-config
	mountPath: /etc/registry/config.yml
	subPath: config.yml
	volumes:
	{{- if not .Values.registry.objectStorage }}
	{{- if not .Values.persistence.enabled }}
	- name: registry-data
	emptyDir: {}
	{{- end }}
	{{- end }}
	- name: registry-root-certificate
	secret:
	secretName: "{{ template "harbor.fullname" . }}-registry"
	- name: registry-config
	configMap:
	name: "{{ template "harbor.fullname" . }}-registry"
	{{- if not .Values.registry.objectStorage }}
	{{- if .Values.persistence.enabled }}
	volumeClaimTemplates:
	- metadata:
	name: "registry-data"
	labels:
	{{ include "harbor.labels" . \| indent 8 }}
	spec:
	accessModes: [{{ .Values.registry.volumes.data.accessMode \| quote }}]
	{{- if .Values.registry.volumes.data.storageClass }}
	{{- if (eq "-" .Values.registry.volumes.data.storageClass) }}
	storageClassName: ""
	{{- else }}
	storageClassName: "{{ .Values.registry.volumes.data.storageClass }}"
	{{- end }}
	{{- end }}
	resources:
	requests:
	storage: {{ .Values.registry.volumes.data.size \| quote }}
	{{- end -}}
	{{- end -}}
	apiVersion: v1
	kind: Service
	metadata:
	name: "{{ template "harbor.fullname" . }}-registry"
	labels:
	{{ include "harbor.labels" . \| indent 4 }}
	spec:
	ports:
	- name: repo
	port: 5000
	- name: debug
	port: 5001
	selector:
	{{ include "harbor.matchLabels" . \| indent 4 }}
	component: registry