registry.yaml
2.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: registry-crt
spec:
secretName: registry-crt
dnsNames:
- registry.local
issuerRef:
name: ca-issuer
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: registry
spec:
hosts:
- "registry.local"
gateways:
- default/cluster-local-gateway
http:
- route:
- destination:
port:
number: 5000
host: registry
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: registry-originate-tls
spec:
host: registry
trafficPolicy:
portLevelSettings:
- port:
number: 5000
tls:
mode: SIMPLE
---
apiVersion: v1
kind: Service
metadata:
name: registry
spec:
type: ClusterIP
selector:
app: registry
ports:
- name: https-registry
protocol: TCP
port: 5000
targetPort: 5000
nodePort: 5000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: registry
labels:
app: registry
spec:
selector:
matchLabels:
app: registry
template:
metadata:
labels:
app: registry
spec:
restartPolicy: Always
securityContext:
runAsUser: 0
runAsGroup: 0
volumes:
- name: registry-data
persistentVolumeClaim:
claimName: registry-data
- name: certificate
secret:
secretName: registry-crt
- name: registry-etc
configMap:
name: registry-etc
containers:
- name: registry
image: registry:2
envFrom:
- configMapRef:
name: registry-env
- secretRef:
name: registry-env
volumeMounts:
- name: registry-etc
mountPath: /etc/docker/registry/
- name: registry-data
mountPath: /var/lib/registry
- name: certificate
mountPath: /certs