├── .circleci └── config.yml ├── .github └── workflows │ ├── main.yaml │ └── release.yml ├── .gitignore ├── .helmignore ├── Chart.yaml ├── LICENSE ├── README.md ├── templates ├── NOTES.txt ├── _helpers.tpl ├── configmap.yaml ├── deployment.yaml ├── ingress.yaml ├── poddisruptionbudget.yaml ├── pvc.yaml ├── secret.yaml └── service.yaml └── values.yaml /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | jobs: 3 | lint: 4 | docker: 5 | - image: twuni/helm:3.4.1 6 | steps: 7 | - checkout 8 | - run: 9 | command: helm lint --strict 10 | name: lint 11 | workflows: 12 | version: 2 13 | default: 14 | jobs: 15 | - lint 16 | -------------------------------------------------------------------------------- /.github/workflows/main.yaml: -------------------------------------------------------------------------------- 1 | name: Main CI Workflow 2 | 3 | on: push 4 | 5 | jobs: 6 | build-test-docker: 7 | name: Helm Lint 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/checkout@v2 11 | - name: helm-build-dependencies 12 | run: helm dep build . 13 | - name: helm-lint 14 | run: helm lint . 15 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: CI Release Helm Chart 2 | 3 | on: 4 | release: 5 | types: [published] 6 | 7 | jobs: 8 | release-helm-chart: 9 | name: Release Helm Chart 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | with: 14 | fetch-depth: 0 15 | - name: helm-build-dependencies 16 | run: helm dep build . 17 | - name: helm-check 18 | run: helm lint . 19 | 20 | - name: Configure Git 21 | run: | 22 | git config user.name "$GITHUB_ACTOR" 23 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 24 | 25 | - name: Release Helm Chart 26 | env: 27 | CR_TOKEN: "${{ secrets.GH_ACCESS_TOKEN }}" 28 | run: | 29 | owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") 30 | repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") 31 | 32 | echo "Create helm chart package..." 33 | mkdir -p .helm-release-tmp/charts 34 | helm package . -d .helm-release-tmp/charts 35 | 36 | gh_pages_worktree=$(mktemp -d) 37 | git worktree add "$gh_pages_worktree" gh-pages 38 | 39 | if [[ ! -d "${gh_pages_worktree}/charts" ]] 40 | then 41 | echo "Packing first chart release & build index..." 42 | mkdir -p ${gh_pages_worktree}/charts 43 | helm repo index .helm-release-tmp/charts --url https://${owner}.github.io/${repo}/charts 44 | else 45 | echo "Packing release chart & update index..." 46 | helm repo index --url https://${owner}.github.io/${repo}/charts --merge "${gh_pages_worktree}/index.yaml" .helm-release-tmp/charts 47 | fi 48 | echo "Commit helm charts to gh-pages branch..." 49 | cp --force -u .helm-release-tmp/charts/*.tgz ${gh_pages_worktree}/charts/ 50 | cp --force .helm-release-tmp/charts/index.yaml ${gh_pages_worktree}/index.yaml 51 | cp --force README.md ${gh_pages_worktree}/README.md 52 | rm -Rf .helm-release-packages 53 | pushd "$gh_pages_worktree" > /dev/null 54 | git add --all 55 | git commit --message="Update helm repo" --signoff 56 | git push "https://x-access-token:$CR_TOKEN@github.com/$owner/$repo" gh-pages 57 | popd > /dev/null -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .helm-release-tmp/ -------------------------------------------------------------------------------- /.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .github/ 23 | .helm-release-tmp/ 24 | 25 | -------------------------------------------------------------------------------- /Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Docker Registry Mirror 3 | name: docker-registry-mirror 4 | version: 1.10.3 5 | appVersion: 2.7.1 6 | home: https://github.com/t83714/docker-registry-mirror 7 | sources: 8 | - https://github.com/t83714/docker-registry-mirror 9 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright The Helm Authors. 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker Registry Mirror Helm Chart 2 | 3 | This directory contains a Kubernetes chart to deploy a private Docker Registry Mirror that will run the registry as a "pull through cache" and cache the requests to Docker hub. Please note, you cannot push to the docker registry when it works under "pull through cache" mode. 4 | 5 | Since November 20, 2020, [Anonymous and Free Docker Hub users are limited to 100 and 200 container image pull requests per six hours](https://www.docker.com/increase-rate-limits). To mitigate the impact of this limit, this Helm chart allows you to deploy a Docker Registry as registry mirror that can be used to cache pull request to docker hub. 6 | 7 | Forked from https://github.com/twuni/docker-registry.helm 8 | 9 | This Helm chart uses official Docker Registry image: https://hub.docker.com/_/registry/ 10 | 11 | ## Prerequisites Details 12 | 13 | * PV support on underlying infrastructure (if persistence is required) 14 | 15 | ## Chart Details 16 | 17 | This chart will do the following: 18 | 19 | * Implement a Docker registry deployment 20 | 21 | ## Installing the Chart 22 | 23 | First, add the repo: 24 | 25 | ```console 26 | $ helm repo add docker-registry-mirror https://t83714.github.io/docker-registry-mirror 27 | ``` 28 | 29 | To install the chart, use the following: 30 | 31 | ```console 32 | $ helm upgrade --install docker-registry-mirror docker-registry-mirror/docker-registry-mirror 33 | ``` 34 | 35 | Set username & password to remote registry (e.g. docker hub): 36 | 37 | ```console 38 | $ helm upgrade --install --set proxy.username=xxxx,proxy.password=xxx docker-registry-mirror docker-registry-mirror/docker-registry-mirror 39 | ``` 40 | 41 | ## Configure Minikube to use registry-mirror as Pull cache mirror 42 | 43 | 1. Find nodePort allocated to the registry mirror: 44 | 45 | ```console 46 | kubectl get svc --all-namespaces --selector=app=docker-registry-mirror -oyaml | grep nodePort 47 | ``` 48 | 49 | This command will list the `nodePort` assign to your registry mirror service. 50 | 51 | To verify the nodePort & registry mirror installation: 52 | ```console 53 | # Log into Minikube VM via SSH 54 | minikube ssh 55 | curl http://localhost:xxxxx/v2/_catalog 56 | ``` 57 | 58 | Here, `xxxxx` is the nodePort number we just find out via "kubectl" command. 59 | 60 | We should see: 61 | 62 | ```console 63 | {"repositories":[]} 64 | ``` 65 | 66 | 2. Edit minikube configuration to use registry mirror 67 | 68 | Open minikube configuration file: `~/.minikube/machines/minikube/config.json`. 69 | 70 | Under key `HostOptions.EngineOptions`, add or replace (if exists) key `RegistryMirror` as: 71 | ```js 72 | "RegistryMirror": [ 73 | "http://localhost:xxxxx" 74 | ] 75 | ``` 76 | 77 | Here, `xxxxx` is the nodePort number we find out via "kubectl" command in step 1. 78 | 79 | 3. Restart minikube 80 | 81 | ```console 82 | # Apply the config and restart minikube 83 | minikube stop 84 | minikube start 85 | ``` 86 | 87 | After restart, you should see docker pull requests appearing in docker registry mirror pod logs. 88 | 89 | ## Configuration 90 | 91 | The following table lists the configurable parameters of the docker-registry chart and 92 | their default values. 93 | 94 | | Parameter | Description | Default | 95 | |:----------------------------|:-------------------------------------------------------------------------------------------|:----------------| 96 | | `proxy.remoteurl` | The url of the remote docker registry to be cached | `https://registry-1.docker.io` | 97 | | `proxy.username` | Remote docker registry username (optional) | `nil` | 98 | | `proxy.password` | Remote docker registry password (optional) | `nil` | 99 | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | 100 | | `image.repository` | Container image to use | `registry` | 101 | | `image.tag` | Container image tag to deploy | `2.7.1` | 102 | | `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | 103 | | `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` | 104 | | `persistence.enabled` | Whether to use a PVC for the Docker storage | `false` | 105 | | `persistence.deleteEnabled` | Enable the deletion of image blobs and manifests by digest | `nil` | 106 | | `persistence.size` | Amount of space to claim for PVC | `10Gi` | 107 | | `persistence.storageClass` | Storage Class to use for PVC | `-` | 108 | | `persistence.existingClaim` | Name of an existing PVC to use for config | `nil` | 109 | | `service.port` | TCP port on which the service is exposed | `5000` | 110 | | `service.type` | service type | `ClusterIP` | 111 | | `service.clusterIP` | if `service.type` is `ClusterIP` and this is non-empty, sets the cluster IP of the service | `nil` | 112 | | `service.nodePort` | if `service.type` is `NodePort` and this is non-empty, sets the node port of the service | `nil` | 113 | | `service.loadBalancerIP` | if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerIP of the service | `nil` | 114 | | `service.loadBalancerSourceRanges`| if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerSourceRanges of the service | `nil` | 115 | | `service.sessionAffinity` | service session affinity | `nil` | 116 | | `service.sessionAffinityConfig` | service session affinity config | `nil` | 117 | | `replicaCount` | k8s replicas | `1` | 118 | | `updateStrategy` | update strategy for deployment | `{}` | 119 | | `podAnnotations` | Annotations for pod | `{}` | 120 | | `podLabels` | Labels for pod | `{}` | 121 | | `podDisruptionBudget` | Pod disruption budget | `{}` | 122 | | `resources.limits.cpu` | Container requested CPU | `nil` | 123 | | `resources.limits.memory` | Container requested memory | `nil` | 124 | | `priorityClassName ` | priorityClassName | `""` | 125 | | `storage` | Storage system to use | `filesystem` | 126 | | `tlsSecretName` | Name of secret for TLS certs | `nil` | 127 | | `secrets.htpasswd` | Htpasswd authentication | `nil` | 128 | | `secrets.s3.accessKey` | Access Key for S3 configuration | `nil` | 129 | | `secrets.s3.secretKey` | Secret Key for S3 configuration | `nil` | 130 | | `secrets.swift.username` | Username for Swift configuration | `nil` | 131 | | `secrets.swift.password` | Password for Swift configuration | `nil` | 132 | | `haSharedSecret` | Shared secret for Registry | `nil` | 133 | | `configData` | Configuration hash for docker | `nil` | 134 | | `s3.region` | S3 region | `nil` | 135 | | `s3.regionEndpoint` | S3 region endpoint | `nil` | 136 | | `s3.bucket` | S3 bucket name | `nil` | 137 | | `s3.encrypt` | Store images in encrypted format | `nil` | 138 | | `s3.secure` | Use HTTPS | `nil` | 139 | | `swift.authurl` | Swift authurl | `nil` | 140 | | `swift.container` | Swift container | `nil` | 141 | | `nodeSelector` | node labels for pod assignment | `{}` | 142 | | `affinity` | affinity settings | `{}` | 143 | | `tolerations` | pod tolerations | `[]` | 144 | | `ingress.enabled` | If true, Ingress will be created | `false` | 145 | | `ingress.annotations` | Ingress annotations | `{}` | 146 | | `ingress.labels` | Ingress labels | `{}` | 147 | | `ingress.path` | Ingress service path | `/` | 148 | | `ingress.hosts` | Ingress hostnames | `[]` | 149 | | `ingress.tls` | Ingress TLS configuration (YAML) | `[]` | 150 | | `extraVolumeMounts` | Additional volumeMounts to the registry container | `[]` | 151 | | `extraVolumes` | Additional volumes to the pod | `[]` | 152 | | `extraVars` | Pass extra environment variables to the Docker Registry container | `nil` | 153 | 154 | Specify each parameter using the `--set key=value[,key=value]` argument to 155 | `helm install`. 156 | 157 | To generate htpasswd file, run this docker command: 158 | `docker run --entrypoint htpasswd registry:2 -Bbn user password > ./htpasswd`. 159 | -------------------------------------------------------------------------------- /templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range .Values.ingress.hosts }} 4 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} 5 | {{- end }} 6 | {{- else if contains "NodePort" .Values.service.type }} 7 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "docker-registry.fullname" . }}) 8 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 9 | echo http://$NODE_IP:$NODE_PORT 10 | {{- else if contains "LoadBalancer" .Values.service.type }} 11 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 12 | You can watch the status of by running 'kubectl get svc -w {{ template "docker-registry.fullname" . }}' 13 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "docker-registry.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 14 | echo http://$SERVICE_IP:{{ .Values.service.externalPort }} 15 | {{- else if contains "ClusterIP" .Values.service.type }} 16 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "docker-registry.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 17 | echo "Visit http://127.0.0.1:8080 to use your application" 18 | kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8080:5000 19 | {{- end }} 20 | {{- if contains "NodePort" .Values.service.type }} 21 | 2. Get registry nodePort by running command: 22 | kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "docker-registry.fullname" . }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "docker-registry.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "docker-registry.fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Chart.Name .Values.nameOverride -}} 18 | {{- if contains $name .Release.Name -}} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 20 | {{- else -}} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 22 | {{- end -}} 23 | {{- end -}} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "docker-registry.fullname" . }}-config 5 | labels: 6 | app: {{ template "docker-registry.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | data: 11 | config.yml: |- 12 | {{ toYaml .Values.configData | indent 4 }} 13 | -------------------------------------------------------------------------------- /templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "docker-registry.fullname" . }} 5 | labels: 6 | app: {{ template "docker-registry.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | selector: 12 | matchLabels: 13 | app: {{ template "docker-registry.name" . }} 14 | release: {{ .Release.Name }} 15 | replicas: {{ .Values.replicaCount }} 16 | {{- if .Values.updateStrategy }} 17 | strategy: 18 | {{ toYaml .Values.updateStrategy | indent 4 }} 19 | {{- end }} 20 | minReadySeconds: 5 21 | template: 22 | metadata: 23 | labels: 24 | app: {{ template "docker-registry.name" . }} 25 | release: {{ .Release.Name }} 26 | {{- if .Values.podLabels }} 27 | {{ toYaml .Values.podLabels | indent 8 }} 28 | {{- end }} 29 | annotations: 30 | checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 31 | {{- if $.Values.podAnnotations }} 32 | {{ toYaml $.Values.podAnnotations | indent 8 }} 33 | {{- end }} 34 | spec: 35 | {{- if .Values.imagePullSecrets }} 36 | imagePullSecrets: 37 | {{ toYaml .Values.imagePullSecrets | indent 8 }} 38 | {{- end }} 39 | {{- if .Values.priorityClassName }} 40 | priorityClassName: "{{ .Values.priorityClassName }}" 41 | {{- end }} 42 | {{- if .Values.securityContext.enabled }} 43 | securityContext: 44 | fsGroup: {{ .Values.securityContext.fsGroup }} 45 | runAsUser: {{ .Values.securityContext.runAsUser }} 46 | {{- end }} 47 | containers: 48 | - name: {{ .Chart.Name }} 49 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 50 | imagePullPolicy: {{ .Values.image.pullPolicy }} 51 | command: 52 | - /bin/registry 53 | - serve 54 | - /etc/docker/registry/config.yml 55 | ports: 56 | - containerPort: 5000 57 | livenessProbe: 58 | httpGet: 59 | {{- if .Values.tlsSecretName }} 60 | scheme: HTTPS 61 | {{- end }} 62 | path: / 63 | port: 5000 64 | readinessProbe: 65 | httpGet: 66 | {{- if .Values.tlsSecretName }} 67 | scheme: HTTPS 68 | {{- end }} 69 | path: / 70 | port: 5000 71 | resources: 72 | {{ toYaml .Values.resources | indent 12 }} 73 | env: 74 | {{- if .Values.secrets.htpasswd }} 75 | - name: REGISTRY_AUTH 76 | value: "htpasswd" 77 | - name: REGISTRY_AUTH_HTPASSWD_REALM 78 | value: "Registry Realm" 79 | - name: REGISTRY_AUTH_HTPASSWD_PATH 80 | value: "/auth/htpasswd" 81 | {{- end }} 82 | - name: REGISTRY_HTTP_SECRET 83 | valueFrom: 84 | secretKeyRef: 85 | name: {{ template "docker-registry.fullname" . }}-secret 86 | key: haSharedSecret 87 | {{- if .Values.tlsSecretName }} 88 | - name: REGISTRY_HTTP_TLS_CERTIFICATE 89 | value: /etc/ssl/docker/tls.crt 90 | - name: REGISTRY_HTTP_TLS_KEY 91 | value: /etc/ssl/docker/tls.key 92 | {{- end }} 93 | {{- if eq .Values.storage "filesystem" }} 94 | - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY 95 | value: "/var/lib/registry" 96 | {{- else if eq .Values.storage "azure" }} 97 | - name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME 98 | valueFrom: 99 | secretKeyRef: 100 | name: {{ template "docker-registry.fullname" . }}-secret 101 | key: azureAccountName 102 | - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY 103 | valueFrom: 104 | secretKeyRef: 105 | name: {{ template "docker-registry.fullname" . }}-secret 106 | key: azureAccountKey 107 | - name: REGISTRY_STORAGE_AZURE_CONTAINER 108 | valueFrom: 109 | secretKeyRef: 110 | name: {{ template "docker-registry.fullname" . }}-secret 111 | key: azureContainer 112 | {{- else if eq .Values.storage "s3" }} 113 | {{- if and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey }} 114 | - name: REGISTRY_STORAGE_S3_ACCESSKEY 115 | valueFrom: 116 | secretKeyRef: 117 | name: {{ template "docker-registry.fullname" . }}-secret 118 | key: s3AccessKey 119 | - name: REGISTRY_STORAGE_S3_SECRETKEY 120 | valueFrom: 121 | secretKeyRef: 122 | name: {{ template "docker-registry.fullname" . }}-secret 123 | key: s3SecretKey 124 | {{- end }} 125 | - name: REGISTRY_STORAGE_S3_REGION 126 | value: {{ required ".Values.s3.region is required" .Values.s3.region }} 127 | {{- if .Values.s3.regionEndpoint }} 128 | - name: REGISTRY_STORAGE_S3_REGIONENDPOINT 129 | value: {{ .Values.s3.regionEndpoint }} 130 | {{- end }} 131 | - name: REGISTRY_STORAGE_S3_BUCKET 132 | value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} 133 | {{- if .Values.s3.encrypt }} 134 | - name: REGISTRY_STORAGE_S3_ENCRYPT 135 | value: {{ .Values.s3.encrypt | quote }} 136 | {{- end }} 137 | {{- if .Values.s3.secure }} 138 | - name: REGISTRY_STORAGE_S3_SECURE 139 | value: {{ .Values.s3.secure | quote }} 140 | {{- end }} 141 | {{- else if eq .Values.storage "swift" }} 142 | - name: REGISTRY_STORAGE_SWIFT_AUTHURL 143 | value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} 144 | - name: REGISTRY_STORAGE_SWIFT_USERNAME 145 | valueFrom: 146 | secretKeyRef: 147 | name: {{ template "docker-registry.fullname" . }}-secret 148 | key: swiftUsername 149 | - name: REGISTRY_STORAGE_SWIFT_PASSWORD 150 | valueFrom: 151 | secretKeyRef: 152 | name: {{ template "docker-registry.fullname" . }}-secret 153 | key: swiftPassword 154 | - name: REGISTRY_STORAGE_SWIFT_CONTAINER 155 | value: {{ required ".Values.swift.container is required" .Values.swift.container }} 156 | {{- end }} 157 | {{- if .Values.persistence.deleteEnabled }} 158 | - name: REGISTRY_STORAGE_DELETE_ENABLED 159 | value: "true" 160 | {{- end }} 161 | - name: REGISTRY_PROXY_REMOTEURL 162 | value: {{ .Values.proxy.remoteurl | quote }} 163 | {{- if .Values.proxy.username }} 164 | - name: REGISTRY_PROXY_USERNAME 165 | value: {{ .Values.proxy.username | quote }} 166 | {{- end }} 167 | {{- if .Values.proxy.password }} 168 | - name: REGISTRY_PROXY_PASSWORD 169 | value: {{ .Values.proxy.password | quote }} 170 | {{- end }} 171 | {{- if .Values.extraVars }} 172 | {{ toYaml .Values.extraVars | indent 12 }} 173 | {{- end }} 174 | volumeMounts: 175 | {{- if .Values.secrets.htpasswd }} 176 | - name: auth 177 | mountPath: /auth 178 | readOnly: true 179 | {{- end }} 180 | {{- if eq .Values.storage "filesystem" }} 181 | - name: data 182 | mountPath: /var/lib/registry/ 183 | {{- end }} 184 | - name: "{{ template "docker-registry.fullname" . }}-config" 185 | mountPath: "/etc/docker/registry" 186 | {{- if .Values.tlsSecretName }} 187 | - mountPath: /etc/ssl/docker 188 | name: tls-cert 189 | readOnly: true 190 | {{- end }} 191 | {{- with .Values.extraVolumeMounts }} 192 | {{- toYaml . | nindent 12 }} 193 | {{- end }} 194 | {{- if .Values.nodeSelector }} 195 | nodeSelector: 196 | {{ toYaml .Values.nodeSelector | indent 8 }} 197 | {{- end }} 198 | {{- if .Values.affinity }} 199 | affinity: 200 | {{ toYaml .Values.affinity | indent 8 }} 201 | {{- end }} 202 | {{- if .Values.tolerations }} 203 | tolerations: 204 | {{ toYaml .Values.tolerations | indent 8 }} 205 | {{- end }} 206 | volumes: 207 | {{- if .Values.secrets.htpasswd }} 208 | - name: auth 209 | secret: 210 | secretName: {{ template "docker-registry.fullname" . }}-secret 211 | items: 212 | - key: htpasswd 213 | path: htpasswd 214 | {{- end }} 215 | {{- if eq .Values.storage "filesystem" }} 216 | - name: data 217 | {{- if .Values.persistence.enabled }} 218 | persistentVolumeClaim: 219 | claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }} 220 | {{- else }} 221 | emptyDir: {} 222 | {{- end -}} 223 | {{- end }} 224 | - name: {{ template "docker-registry.fullname" . }}-config 225 | configMap: 226 | name: {{ template "docker-registry.fullname" . }}-config 227 | {{- if .Values.tlsSecretName }} 228 | - name: tls-cert 229 | secret: 230 | secretName: {{ .Values.tlsSecretName }} 231 | {{- end }} 232 | {{- with .Values.extraVolumes }} 233 | {{- toYaml . | nindent 8 }} 234 | {{- end }} 235 | -------------------------------------------------------------------------------- /templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $serviceName := include "docker-registry.fullname" . -}} 3 | {{- $servicePort := .Values.service.port -}} 4 | {{- $path := .Values.ingress.path -}} 5 | apiVersion: {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} networking.k8s.io/v1beta1 {{- else }} extensions/v1beta1 {{- end }} 6 | kind: Ingress 7 | metadata: 8 | name: {{ template "docker-registry.fullname" . }} 9 | labels: 10 | app: {{ template "docker-registry.name" . }} 11 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 12 | release: {{ .Release.Name }} 13 | heritage: {{ .Release.Service }} 14 | {{- if .Values.ingress.labels }} 15 | {{ toYaml .Values.ingress.labels | indent 4 }} 16 | {{- end }} 17 | annotations: 18 | {{- range $key, $value := .Values.ingress.annotations }} 19 | {{ $key }}: {{ $value | quote }} 20 | {{- end }} 21 | spec: 22 | rules: 23 | {{- range $host := .Values.ingress.hosts }} 24 | - host: {{ $host }} 25 | http: 26 | paths: 27 | - path: {{ $path }} 28 | backend: 29 | serviceName: {{ $serviceName }} 30 | servicePort: {{ $servicePort }} 31 | {{- end -}} 32 | {{- if .Values.ingress.tls }} 33 | tls: 34 | {{ toYaml .Values.ingress.tls | indent 4 }} 35 | {{- end -}} 36 | {{- end -}} 37 | -------------------------------------------------------------------------------- /templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget -}} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ template "docker-registry.fullname" . }} 6 | labels: 7 | app: {{ template "docker-registry.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | app: {{ template "docker-registry.name" . }} 15 | release: {{ .Release.Name }} 16 | {{ toYaml .Values.podDisruptionBudget | indent 2 }} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence.enabled }} 2 | {{- if not .Values.persistence.existingClaim -}} 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: {{ template "docker-registry.fullname" . }} 7 | labels: 8 | app: {{ template "docker-registry.fullname" . }} 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | spec: 13 | accessModes: 14 | - {{ .Values.persistence.accessMode | quote }} 15 | resources: 16 | requests: 17 | storage: {{ .Values.persistence.size | quote }} 18 | {{- if .Values.persistence.storageClass }} 19 | {{- if (eq "-" .Values.persistence.storageClass) }} 20 | storageClassName: "" 21 | {{- else }} 22 | storageClassName: "{{ .Values.persistence.storageClass }}" 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | {{- end -}} 27 | -------------------------------------------------------------------------------- /templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "docker-registry.fullname" . }}-secret 5 | labels: 6 | app: {{ template "docker-registry.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- if .Values.secrets.htpasswd }} 13 | htpasswd: {{ .Values.secrets.htpasswd | b64enc }} 14 | {{- end }} 15 | {{- if .Values.secrets.haSharedSecret }} 16 | haSharedSecret: {{ .Values.secrets.haSharedSecret | b64enc | quote }} 17 | {{- else }} 18 | haSharedSecret: {{ randAlphaNum 16 | b64enc | quote }} 19 | {{- end }} 20 | 21 | {{- if eq .Values.storage "azure" }} 22 | {{- if and .Values.secrets.azure.accountName .Values.secrets.azure.accountKey .Values.secrets.azure.container }} 23 | azureAccountName: {{ .Values.secrets.azure.accountName | b64enc | quote }} 24 | azureAccountKey: {{ .Values.secrets.azure.accountKey | b64enc | quote }} 25 | azureContainer: {{ .Values.secrets.azure.container | b64enc | quote }} 26 | {{- end }} 27 | {{- else if eq .Values.storage "s3" }} 28 | {{- if and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey }} 29 | s3AccessKey: {{ .Values.secrets.s3.accessKey | b64enc | quote }} 30 | s3SecretKey: {{ .Values.secrets.s3.secretKey | b64enc | quote }} 31 | {{- end }} 32 | {{- else if eq .Values.storage "swift" }} 33 | {{- if and .Values.secrets.swift.username .Values.secrets.swift.password }} 34 | swiftUsername: {{ .Values.secrets.swift.username | b64enc | quote }} 35 | swiftPassword: {{ .Values.secrets.swift.password | b64enc | quote }} 36 | {{- end }} 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "docker-registry.fullname" . }} 5 | labels: 6 | app: {{ template "docker-registry.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- if .Values.service.annotations }} 11 | annotations: 12 | {{ toYaml .Values.service.annotations | indent 4 }} 13 | {{- end }} 14 | spec: 15 | type: {{ .Values.service.type }} 16 | {{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} 17 | clusterIP: {{ .Values.service.clusterIP }} 18 | {{- end }} 19 | {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} 20 | loadBalancerIP: {{ .Values.service.loadBalancerIP }} 21 | {{- end }} 22 | {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges))) }} 23 | loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} 24 | {{- end }} 25 | {{- if .Values.service.sessionAffinity }} 26 | sessionAffinity: {{ .Values.service.sessionAffinity }} 27 | {{- if .Values.service.sessionAffinityConfig }} 28 | sessionAffinityConfig: 29 | {{ toYaml .Values.service.sessionAffinityConfig | nindent 4 }} 30 | {{- end -}} 31 | {{- end }} 32 | ports: 33 | - port: {{ .Values.service.port }} 34 | protocol: TCP 35 | name: {{ .Values.service.name }} 36 | targetPort: 5000 37 | {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} 38 | nodePort: {{ .Values.service.nodePort }} 39 | {{- end }} 40 | selector: 41 | app: {{ template "docker-registry.name" . }} 42 | release: {{ .Release.Name }} 43 | -------------------------------------------------------------------------------- /values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for docker-registry. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | replicaCount: 1 5 | 6 | updateStrategy: {} 7 | # type: RollingUpdate 8 | # rollingUpdate: 9 | # maxSurge: 1 10 | # maxUnavailable: 0 11 | 12 | podAnnotations: {} 13 | podLabels: {} 14 | 15 | image: 16 | repository: registry 17 | tag: 2.7.1 18 | pullPolicy: IfNotPresent 19 | # imagePullSecrets: 20 | # - name: docker 21 | service: 22 | name: registry 23 | type: NodePort 24 | # sessionAffinity: None 25 | # sessionAffinityConfig: {} 26 | # clusterIP: 27 | port: 5000 28 | # nodePort: 29 | # loadBalancerIP: 30 | # loadBalancerSourceRanges: 31 | annotations: {} 32 | # foo.io/bar: "true" 33 | ingress: 34 | enabled: false 35 | path: / 36 | # Used to create an Ingress record. 37 | hosts: 38 | - chart-example.local 39 | annotations: {} 40 | # kubernetes.io/ingress.class: nginx 41 | # kubernetes.io/tls-acme: "true" 42 | labels: {} 43 | tls: 44 | # Secrets must be manually created in the namespace. 45 | # - secretName: chart-example-tls 46 | # hosts: 47 | # - chart-example.local 48 | resources: {} 49 | # We usually recommend not to specify default resources and to leave this as a conscious 50 | # choice for the user. This also increases chances charts run on environments with little 51 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 52 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 53 | # limits: 54 | # cpu: 100m 55 | # memory: 128Mi 56 | # requests: 57 | # cpu: 100m 58 | # memory: 128Mi 59 | persistence: 60 | accessMode: 'ReadWriteOnce' 61 | enabled: false 62 | size: 10Gi 63 | # storageClass: '-' 64 | 65 | # set the type of filesystem to use: filesystem, s3 66 | storage: filesystem 67 | 68 | # Set this to name of secret for tls certs 69 | # tlsSecretName: registry.docker.example.com 70 | secrets: 71 | haSharedSecret: "" 72 | htpasswd: "" 73 | # Secrets for Azure 74 | # azure: 75 | # accountName: "" 76 | # accountKey: "" 77 | # container: "" 78 | # Secrets for S3 access and secret keys 79 | # s3: 80 | # accessKey: "" 81 | # secretKey: "" 82 | # Secrets for Swift username and password 83 | # swift: 84 | # username: "" 85 | # password: "" 86 | 87 | # Options for s3 storage type: 88 | # s3: 89 | # region: us-east-1 90 | # regionEndpoint: s3.us-east-1.amazonaws.com 91 | # bucket: my-bucket 92 | # encrypt: false 93 | # secure: true 94 | 95 | # Options for swift storage type: 96 | # swift: 97 | # authurl: http://swift.example.com/ 98 | # container: my-container 99 | 100 | configData: 101 | version: 0.1 102 | log: 103 | fields: 104 | service: registry 105 | storage: 106 | cache: 107 | blobdescriptor: inmemory 108 | http: 109 | addr: :5000 110 | headers: 111 | X-Content-Type-Options: [nosniff] 112 | health: 113 | storagedriver: 114 | enabled: true 115 | interval: 10s 116 | threshold: 3 117 | 118 | securityContext: 119 | enabled: true 120 | runAsUser: 1000 121 | fsGroup: 1000 122 | 123 | priorityClassName: "" 124 | 125 | podDisruptionBudget: {} 126 | # maxUnavailable: 1 127 | # minAvailable: 2 128 | 129 | nodeSelector: {} 130 | 131 | affinity: {} 132 | 133 | tolerations: [] 134 | 135 | extraVolumeMounts: [] 136 | ## Additional volumeMounts to the registry container. 137 | # - mountPath: /secret-data 138 | # name: cloudfront-pem-secret 139 | # readOnly: true 140 | 141 | extraVolumes: [] 142 | ## Additional volumes to the pod. 143 | # - name: cloudfront-pem-secret 144 | # secret: 145 | # secretName: cloudfront-credentials 146 | # items: 147 | # - key: cloudfront.pem 148 | # path: cloudfront.pem 149 | # mode: 511 150 | 151 | ## Pass extra environment variables to the Docker Registry container. 152 | ## 153 | extraVars: 154 | # - name: EXTRA_VAR_1 155 | # value: extra-var-value-1 156 | # - name: EXTRA_VAR_2 157 | # value: extra-var-value-2 158 | 159 | # Configure the docker registry as a pull-through cache to Docker Hub 160 | # Optionally provide docker hub (or your private registry) username & password 161 | proxy: 162 | remoteurl: https://registry-1.docker.io 163 | username: 164 | password: --------------------------------------------------------------------------------