infrastructure/sysadmin/00-container-registry.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: container-registry-server-config
  namespace: sysadmin
data:
  config.yml: |
    version: 0.1
    log:
      fields:
        service: registry
    storage:
      cache:
        blobdescriptor: inmemory
      s3:
        region: eu
        bucket: container-registry
        regionendpoint: https://eu2.contabostorage.com
    http:
      addr: :5000
      headers:
        X-Content-Type-Options: [nosniff]
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: container-registry-server
  namespace: sysadmin
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      name: container-registry-server
  template:
    metadata:
      labels:
        name: container-registry-server
    spec:
      containers:
        - name: container-registry-server
          image: registry:2
          volumeMounts:
            - name: config-volume
              mountPath: /etc/docker/registry/config.yml
              subPath: config.yml
            - name: secrets-volume
              mountPath: /auth
              readOnly: true
          env:
            - name: REGISTRY_AUTH
              value: htpasswd
            - name: REGISTRY_AUTH_HTPASSWD_REALM
              value: Registry Realm
            - name: REGISTRY_AUTH_HTPASSWD_PATH
              value: /auth/docker-container-registry
            - name: REGISTRY_HTTP_SECRET
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: HTTP_SECRET
            - name: REGISTRY_STORAGE_S3_ACCESSKEY
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: AWS_ACCESS_KEY_ID
            - name: REGISTRY_STORAGE_S3_SECRETKEY
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: AWS_SECRET_ACCESS_KEY
      volumes:
        - name: config-volume
          configMap:
            name: container-registry-server-config
        - name: secrets-volume
          secret:
            secretName: container-registry
            optional: false
---
apiVersion: v1
kind: Service
metadata:
  name: container-registry-server
  namespace: sysadmin
spec:
  type: NodePort
  selector:
    name: container-registry-server
  ports:
    - port: 5000
      nodePort: 30007
      targetPort: 5000
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: container-registry-server
  namespace: sysadmin
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`container-registry.nocodelytics.com`)
      kind: Rule
      services:
        - name: container-registry-server
          port: 5000
      middlewares:
        - name: websocket-middleware
          namespace: default
        - name: https-redirect
          namespace: default
  tls:
    certResolver: letsencrypt
    domains:
      - main: container-registry.nocodelytics.com
wip nats 2022-12-09 17:12:09 +01:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: container-registry-server-config`
wip 2023-12-01 18:14:07 +01:00			`namespace: sysadmin`
wip nats 2022-12-09 17:12:09 +01:00			`data:`
			`config.yml: \|`
			`version: 0.1`
			`log:`
			`fields:`
			`service: registry`
			`storage:`
			`cache:`
			`blobdescriptor: inmemory`
			`s3:`
wip 2023-12-01 18:14:07 +01:00			`region: eu`
wip nats 2022-12-09 17:12:09 +01:00			`bucket: container-registry`
wip 2023-12-01 18:14:07 +01:00			`regionendpoint: https://eu2.contabostorage.com`
wip nats 2022-12-09 17:12:09 +01:00			`http:`
			`addr: :5000`
			`headers:`
			`X-Content-Type-Options: [nosniff]`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: container-registry-server`
wip 2023-12-01 18:14:07 +01:00			`namespace: sysadmin`
wip nats 2022-12-09 17:12:09 +01:00			`spec:`
			`replicas: 1`
checkpoint 2023-12-08 18:12:01 +01:00			`strategy:`
			`type: Recreate`
wip nats 2022-12-09 17:12:09 +01:00			`selector:`
			`matchLabels:`
checkpoint 2023-12-08 18:12:01 +01:00			`name: container-registry-server`
wip nats 2022-12-09 17:12:09 +01:00			`template:`
			`metadata:`
			`labels:`
checkpoint 2023-12-08 18:12:01 +01:00			`name: container-registry-server`
wip nats 2022-12-09 17:12:09 +01:00			`spec:`
			`containers:`
			`- name: container-registry-server`
			`image: registry:2`
			`volumeMounts:`
			`- name: config-volume`
			`mountPath: /etc/docker/registry/config.yml`
			`subPath: config.yml`
			`- name: secrets-volume`
			`mountPath: /auth`
			`readOnly: true`
			`env:`
			`- name: REGISTRY_AUTH`
			`value: htpasswd`
			`- name: REGISTRY_AUTH_HTPASSWD_REALM`
			`value: Registry Realm`
			`- name: REGISTRY_AUTH_HTPASSWD_PATH`
checkpoint 2023-12-08 18:12:01 +01:00			`value: /auth/docker-container-registry`
			`- name: REGISTRY_HTTP_SECRET`
			`valueFrom:`
			`secretKeyRef:`
			`name: secrets`
			`key: HTTP_SECRET`
wip nats 2022-12-09 17:12:09 +01:00			`- name: REGISTRY_STORAGE_S3_ACCESSKEY`
			`valueFrom:`
			`secretKeyRef:`
			`name: secrets`
			`key: AWS_ACCESS_KEY_ID`
			`- name: REGISTRY_STORAGE_S3_SECRETKEY`
			`valueFrom:`
			`secretKeyRef:`
			`name: secrets`
			`key: AWS_SECRET_ACCESS_KEY`
			`volumes:`
			`- name: config-volume`
			`configMap:`
			`name: container-registry-server-config`
			`- name: secrets-volume`
			`secret:`
			`secretName: container-registry`
			`optional: false`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: container-registry-server`
wip 2023-12-01 18:14:07 +01:00			`namespace: sysadmin`
wip nats 2022-12-09 17:12:09 +01:00			`spec:`
			`type: NodePort`
			`selector:`
checkpoint 2023-12-08 18:12:01 +01:00			`name: container-registry-server`
wip nats 2022-12-09 17:12:09 +01:00			`ports:`
			`- port: 5000`
working system 2023-12-11 17:14:11 +01:00			`nodePort: 30007`
wip nats 2022-12-09 17:12:09 +01:00			`targetPort: 5000`
			`---`
checkpoint 2023-12-08 18:12:01 +01:00			`apiVersion: traefik.containo.us/v1alpha1`
			`kind: IngressRoute`
wip nats 2022-12-09 17:12:09 +01:00			`metadata:`
checkpoint 2023-12-08 18:12:01 +01:00			`name: container-registry-server`
wip 2023-12-01 18:14:07 +01:00			`namespace: sysadmin`
wip nats 2022-12-09 17:12:09 +01:00			`spec:`
checkpoint 2023-12-08 18:12:01 +01:00			`entryPoints:`
			`- websecure`
			`routes:`
working system 2023-12-11 17:14:11 +01:00			- match: Host(`container-registry.nocodelytics.com`)
checkpoint 2023-12-08 18:12:01 +01:00			`kind: Rule`
			`services:`
			`- name: container-registry-server`
			`port: 5000`
			`middlewares:`
			`- name: websocket-middleware`
			`namespace: default`
			`- name: https-redirect`
			`namespace: default`
working system 2023-12-11 17:14:11 +01:00			`tls:`
			`certResolver: letsencrypt`
			`domains:`
			`- main: container-registry.nocodelytics.com`