private-registry.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: registry
  name: registry-auth
  labels:
    app: registry
data:
  htpasswd: |
    admin:$2y$05$YNcEFrWkTs0aEdK9NK/5B.8t051YD7S8P0Q9NHi0ixIWeR8Pv8TQC  # admin:admin2675
  config: |
    version: 0.1
    log:
      fields:
        service: registry
    storage:
      cache:
        blobdescriptor: inmemory
      filesystem:
        rootdirectory: /var/lib/registry
    http:
      addr: :5000
      headers:
        X-Content-Type-Options: [nosniff]
      secret: SomeKindOfSecretKeyYouShouldNotReveal  # this can be anything, but it should be set to something
    auth:
      htpasswd:
        realm: basic-realm
        path: /etc/docker/registry/htpasswd
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: registry
  name: registry
  labels:
    app: registry
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: registry 
  template:
    metadata:
      labels:
        app: registry 
    spec:
      nodeName: worker1
      containers:
      - name: registry
        image: registry
        imagePullPolicy: IfNotPresent
        env:
        - name: REGISTRY_AUTH_HTPASSWD_REALM
          value: "Registry Realm"
        - name: REGISTRY_AUTH_HTPASSWD_PATH
          value: /etc/docker/registry/htpasswd
        - name: REGISTRY_AUTH
          value: htpasswd
        ports:
        - containerPort: 5000
          name: http-web
        resources:
          limits:
            cpu: 300m
            memory: 300Mi
          requests:
            cpu: 100m
            memory: 100Mi
        volumeMounts:
        - name: auth
          mountPath: /etc/docker/registry/htpasswd
          subPath: htpasswd
        - name: auth
          mountPath: /etc/docker/registry/config.yml
          subPath: config
        - name: containers
          mountPath: /var/lib/registry
      volumes:
      - name: containers
        hostPath:
          path: /opt/registry/data  # local folder on the host.  
          type: DirectoryOrCreate 
      - name: auth
        configMap:
          name: registry-auth
          items:
          - key: htpasswd
            path: htpasswd
          - key: config
            path: config
---
apiVersion: v1
kind: Service
metadata:
  namespace: registry
  name: registry
  labels:
    app: registry
spec:
  ports:
  - port: 80
    name: http-web
    protocol: TCP
    targetPort: http-web
  selector:
    app: registry  
  sessionAffinity: None
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: registry
  name: registry
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    kubernetes.io/tls-acme: 'true'
    cert-manager.io/cluster-issuer: "selfsigned-issuer"
  labels:
    app: registry
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - registry.apps.k8s.cloudcafe.tech
    secretName: reg-cert
  rules:
  - host: registry.apps.k8s.cloudcafe.tech
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: registry
            port:
              name: http-web