infrastructure/container-registry.yaml

148 lines
3.5 KiB
YAML

apiVersion: v1
kind: ConfigMap
metadata:
name: container-registry-server-config
namespace: sysadmin
data:
config.yml: |
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
s3:
region: eu
bucket: container-registry
regionendpoint: https://eu2.contabostorage.com
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: container-registry-server
namespace: sysadmin
spec:
replicas: 1
selector:
matchLabels:
ms: container-registry-server
template:
metadata:
labels:
ms: container-registry-server
spec:
containers:
- name: container-registry-server
image: registry:2
volumeMounts:
- name: config-volume
mountPath: /etc/docker/registry/config.yml
subPath: config.yml
- name: secrets-volume
mountPath: /auth
readOnly: true
env:
- name: REGISTRY_AUTH
value: htpasswd
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: Registry Realm
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: /auth/htpasswd
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: secrets
key: AWS_ACCESS_KEY_ID
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: secrets
key: AWS_SECRET_ACCESS_KEY
volumes:
- name: config-volume
configMap:
name: container-registry-server-config
- name: secrets-volume
secret:
secretName: container-registry
optional: false
---
apiVersion: v1
kind: Service
metadata:
name: container-registry-server
namespace: sysadmin
spec:
type: NodePort
selector:
ms: container-registry-server
ports:
- port: 5000
targetPort: 5000
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
namespace: sysadmin
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: florian@nocodelytics.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: traefik
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
namespace: sysadmin
name: container-registry
spec:
secretName: container-registry-net-tls
issuerRef:
name: letsencrypt-prod
kind: Issuer
commonName: container-registry.nocodelytics.com
dnsNames:
- container-registry.nocodelytics.com
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: sysadmin
name: container-registry-nginx-ingress
annotations:
traefik.ingress.kubernetes.io/router.middlewares: default-https-redirect@kubernetescrd
spec:
rules:
- host: container-registry.nocodelytics.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ssl-redirect
port:
name: use-annotation
- path: /
pathType: Prefix
backend:
service:
name: container-registry-server
port:
number: 5000
tls:
- hosts:
- container-registry.nocodelytics.com
secretName: container-registry-net-tls