apiVersion: v1 kind: PersistentVolumeClaim metadata: name: docker-registry-pv-claim namespace: docker-registry spec: accessModes: - ReadWriteOnce volumeMode: Filesystem resources: requests: storage: 100Gi storageClassName: csi-cinder-classic --- apiVersion: apps/v1 kind: Deployment metadata: name: docker-registry labels: app: docker-registry spec: replicas: 1 selector: matchLabels: app: docker-registry template: metadata: labels: app: docker-registry spec: containers: - name: docker-registry image: registry ports: - containerPort: 5000 volumeMounts: - name: storage mountPath: /var/lib/registry - name: htpasswd mountPath: /auth readOnly: true env: - name: REGISTRY_AUTH value: htpasswd - name: REGISTRY_AUTH_HTPASSWD_REALM value: Docker Registry - name: REGISTRY_AUTH_HTPASSWD_PATH value: /auth/htpasswd - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" volumes: - name: storage emptyDir: {} # FIXME -make this more permanent later - name: htpasswd secret: secretName: docker-registry-htpasswd --- apiVersion: v1 kind: Service metadata: name: docker-registry-service spec: selector: app: docker-registry ports: - protocol: TCP port: 5000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-issuer kubernetes.io/ingress.class: traefik name: docker-registry spec: rules: - host: swaous.asuscomm.com http: paths: - path: /v2 pathType: Prefix backend: service: name: docker-registry-service port: number: 5000 tls: - hosts: - swaous.asuscomm.com secretName: swaous-tls --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-issuer kubernetes.io/ingress.class: traefik name: docker-registry-otherendpoint spec: rules: - host: docker.clarkeis.com http: paths: - path: / pathType: Prefix backend: service: name: docker-registry-service port: number: 5000 tls: - hosts: - docker.clarkeis.com secretName: docker-clarkeis-tls