apiVersion: v1
kind: ConfigMap
metadata:
name: container-registry-server-config
namespace: sysadmin
data:
config.yml: |
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
s3:
region: eu
bucket: container-registry
regionendpoint: https://eu2.contabostorage.com
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: container-registry-server
namespace: sysadmin
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
name: container-registry-server
template:
metadata:
labels:
name: container-registry-server
spec:
containers:
- name: container-registry-server
image: registry:2
volumeMounts:
- name: config-volume
mountPath: /etc/docker/registry/config.yml
subPath: config.yml
- name: secrets-volume
mountPath: /auth
readOnly: true
env:
- name: REGISTRY_AUTH
value: htpasswd
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: Registry Realm
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: /auth/docker-container-registry
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: secrets
key: HTTP_SECRET
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: secrets
key: AWS_ACCESS_KEY_ID
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: secrets
key: AWS_SECRET_ACCESS_KEY
volumes:
- name: config-volume
configMap:
name: container-registry-server-config
- name: secrets-volume
secret:
secretName: container-registry
optional: false
---
apiVersion: v1
kind: Service
metadata:
name: container-registry-server
namespace: sysadmin
spec:
type: NodePort
selector:
name: container-registry-server
ports:
- port: 5000
nodePort: 30007
targetPort: 5000
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: container-registry-server
namespace: sysadmin
spec:
entryPoints:
- websecure
routes:
- match: Host(`container-registry.nocodelytics.com`)
kind: Rule
services:
- name: container-registry-server
port: 5000
middlewares:
- name: websocket-middleware
namespace: default
- name: https-redirect
namespace: default
tls:
certResolver: letsencrypt
domains:
- main: container-registry.nocodelytics.com
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: container-registry-ui
namespace: sysadmin
spec:
replicas: 1
selector:
matchLabels:
name: container-registry-ui
template:
metadata:
labels:
name: container-registry-ui
spec:
containers:
- name: docker-registry-ui
image: joxit/docker-registry-ui:main
env:
- name: SINGLE_REGISTRY
value: "true"
- name: REGISTRY_TITLE
value: "Docker Registry UI"
- name: DELETE_IMAGES
value: "true"
- name: SHOW_CONTENT_DIGEST
value: "true"
- name: NGINX_PROXY_PASS_URL
value: "http://container-registry-server.sysadmin:5000"
- name: SHOW_CATALOG_NB_TAGS
value: "true"
- name: CATALOG_MIN_BRANCHES
value: "1"
- name: CATALOG_MAX_BRANCHES
value: "1"
- name: TAGLIST_PAGE_SIZE
value: "100"
- name: REGISTRY_SECURED
value: "false"
- name: CATALOG_ELEMENTS_LIMIT
value: "1000"
---
apiVersion: v1
kind: Service
metadata:
name: container-registry-ui
namespace: sysadmin
spec:
type: ClusterIP
selector:
name: container-registry-ui
ports:
- port: 80
targetPort: 80