apiVersion: v1 kind: Namespace metadata: name: container-registry --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: letsencrypt-prod namespace: container-registry spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: florian@nocodelytics.com privateKeySecretRef: name: letsencrypt-prod solvers: - http01: ingress: class: traefik --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: container-registry-server namespace: container-registry spec: secretName: container-registry-server-net-tls issuerRef: name: letsencrypt-prod kind: Issuer commonName: container-registry.nocodelytics.com dnsNames: - container-registry.nocodelytics.com --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: container-registry-server-pvc namespace: container-registry spec: accessModes: - ReadWriteOnce storageClassName: local-path resources: requests: storage: 1Gi --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: letsencrypt-prod namespace: container-registry spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: florian@nocodelytics.com privateKeySecretRef: name: letsencrypt-prod solvers: - http01: ingress: class: traefik --- apiVersion: v1 kind: ConfigMap metadata: name: container-registry-server-config namespace: container-registry data: config.yml: | version: 0.1 log: fields: service: registry storage: cache: blobdescriptor: inmemory s3: region: eu-west-1 bucket: container-registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] --- apiVersion: apps/v1 kind: Deployment metadata: name: container-registry-server namespace: container-registry spec: replicas: 1 selector: matchLabels: ms: container-registry-server template: metadata: labels: ms: container-registry-server spec: containers: - name: container-registry-server image: registry:2 volumeMounts: - name: volv mountPath: /var/lib/registry - name: config-volume mountPath: /etc/docker/registry/config.yml subPath: config.yml - name: secrets-volume mountPath: /auth readOnly: true env: - name: REGISTRY_AUTH value: htpasswd - name: REGISTRY_AUTH_HTPASSWD_REALM value: Registry Realm - name: REGISTRY_AUTH_HTPASSWD_PATH value: /auth/htpasswd - name: REGISTRY_STORAGE_S3_ACCESSKEY valueFrom: secretKeyRef: name: secrets key: AWS_ACCESS_KEY_ID - name: REGISTRY_STORAGE_S3_SECRETKEY valueFrom: secretKeyRef: name: secrets key: AWS_SECRET_ACCESS_KEY resources: limits: memory: "512Mi" cpu: "100m" volumes: - name: volv persistentVolumeClaim: claimName: container-registry-server-pvc - name: config-volume configMap: name: container-registry-server-config - name: secrets-volume secret: secretName: container-registry optional: false --- apiVersion: v1 kind: Service metadata: name: container-registry-server namespace: container-registry spec: type: NodePort selector: ms: container-registry-server ports: - port: 5000 targetPort: 5000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: container-registry-nginx-ingress namespace: container-registry annotations: kubernetes.io/ingress.class: "traefik" cert-manager.io/issuer: letsencrypt-prod traefik.ingress.kubernetes.io/redirect-entry-point: https cert-manager.io/acme-challenge-type: http01 spec: rules: - host: container-registry.nocodelytics.com http: paths: - path: / pathType: Prefix backend: service: name: ssl-redirect port: name: use-annotation - path: / pathType: Prefix backend: service: name: container-registry-server port: number: 5000 tls: - hosts: - container-registry.nocodelytics.com secretName: container-registry-server-net-tls