MngomaLab/cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0410dc39503638d8c95776cb63ba90587165d45a
cluster/k3s/stacks/registry.yml
Khwezi Mngoma 0410dc3950 first commit
2026-02-22 16:43:17 +02:00

171 lines
3.8 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: Namespace
metadata:
name: registry
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: registry-pv
namespace: registry
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/registry
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: registry-pvc
namespace: registry
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Secret
metadata:
name: registry-http-secret
namespace: registry
type: Opaque
data:
http-secret: ZDlmOTNjOGEyMmQ2NDMyZWE4YTMwYTBkNDc5ZjBhMWY=
---
apiVersion: v1
kind: Secret
metadata:
name: registry-basic-auth
namespace: registry
type: Opaque
data:
users: YXBwX3VzZXI6JGFwcjEkMTIzNDUk
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: registry
namespace: registry
spec:
replicas: 1
selector:
matchLabels:
app: registry
template:
metadata:
labels:
app: registry
spec:
containers:
- name: registry
image: registry:2.8.2
ports:
- containerPort: 5000
name: http
env:
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: registry-http-secret
key: http-secret
- name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin
value: '["https://registry-ui.apps.mngoma.lab","https://registry.apps.mngoma.lab"]'
- name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods
value: '["HEAD","GET","OPTIONS","DELETE","PUT","POST"]'
- name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials
value: '["true"]'
- name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers
value: '["Authorization","Accept","Cache-Control","Content-Type","X-Requested-With"]'
- name: REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers
value: '["Docker-Content-Digest"]'
volumeMounts:
- name: registry-data
mountPath: /var/lib/registry
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
volumes:
- name: registry-data
persistentVolumeClaim:
claimName: registry-pvc
---
apiVersion: v1
kind: Service
metadata:
name: registry-server
namespace: registry
spec:
selector:
app: registry
ports:
- name: http
port: 5000
targetPort: 5000
type: ClusterIP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: registry-server-ingress
namespace: registry
spec:
entryPoints:
- websecure
routes:
- match: Host(`registry.apps.mngoma.lab`)
kind: Rule
middlewares:
- name: registry-basic-auth
services:
- name: registry-server
port: 5000
tls: {}
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: registry-server-insecure
namespace: registry
spec:
entryPoints:
- web
routes:
- match: Host(`registry.apps.mngoma.lab`)
kind: Rule
services:
- name: registry-server
port: 5000
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: registry-basic-auth
namespace: registry
spec:
basicAuth:
secret: registry-basic-auth
removeHeader: true
Reference in New Issue View Git Blame Copy Permalink