apiVersion: v1
kind: ConfigMap
metadata:
  name: container-registry-server-config
  namespace: sysadmin
data:
  config.yml: |
    version: 0.1
    log:
      fields:
        service: registry
    storage:
      cache:
        blobdescriptor: inmemory
      s3:
        region: eu
        bucket: container-registry
        regionendpoint: https://eu2.contabostorage.com
    http:
      addr: :5000
      headers:
        X-Content-Type-Options: [nosniff]
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: container-registry-server
  namespace: sysadmin
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      name: container-registry-server
  template:
    metadata:
      labels:
        name: container-registry-server
    spec:
      containers:
        - name: container-registry-server
          image: registry:2
          volumeMounts:
            - name: config-volume
              mountPath: /etc/docker/registry/config.yml
              subPath: config.yml
            - name: secrets-volume
              mountPath: /auth
              readOnly: true
          env:
            - name: REGISTRY_AUTH
              value: htpasswd
            - name: REGISTRY_AUTH_HTPASSWD_REALM
              value: Registry Realm
            - name: REGISTRY_AUTH_HTPASSWD_PATH
              value: /auth/docker-container-registry
            - name: REGISTRY_HTTP_SECRET
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: HTTP_SECRET
            - name: REGISTRY_STORAGE_S3_ACCESSKEY
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: AWS_ACCESS_KEY_ID
            - name: REGISTRY_STORAGE_S3_SECRETKEY
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: AWS_SECRET_ACCESS_KEY
      volumes:
        - name: config-volume
          configMap:
            name: container-registry-server-config
        - name: secrets-volume
          secret:
            secretName: container-registry
            optional: false
---
apiVersion: v1
kind: Service
metadata:
  name: container-registry-server
  namespace: sysadmin
spec:
  type: NodePort
  selector:
    name: container-registry-server
  ports:
    - port: 5000
      nodePort: 30007
      targetPort: 5000
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: container-registry-server
  namespace: sysadmin
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`container-registry.nocodelytics.com`)
      kind: Rule
      services:
        - name: container-registry-server
          port: 5000
      middlewares:
        - name: websocket-middleware
          namespace: default
        - name: https-redirect
          namespace: default
  tls:
    certResolver: letsencrypt
    domains:
      - main: container-registry.nocodelytics.com