registry yeah

kube/cert.yaml

@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nilstriev-dev-cert
+spec:
+  secretName: nilstrieb-dev-cert-tls
+  dnsNames:
+    - nilstrieb.dev
+    - docker.nilstrieb.dev
+    - cors-school.nilstrieb.dev
+    - api.cors-school.nilstrieb.dev
+    - hugo-chat.nilstrieb.dev
+    - api.hugo-chat.nilstrieb.dev
+    - bisect-rustc.nilstrieb.dev
+  issuerRef:
+    name: letsencrypt-staging
+    kind: ClusterIssuer

kube/registry/README.md

@@ -0,0 +1,5 @@
+# Private Docker registry
+
+https://medium.com/swlh/deploy-your-private-docker-registry-as-a-pod-in-kubernetes-f6a489bf0180
+
+You need a `htaccess` file created using `htpasswd`. Use that as the secret.

kube/registry/docker-registry-auth-secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: docker-registry-auth-secret
+type: Opaque
+data:
+  htpasswd: SECRET

kube/registry/docker-registry-volume.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: docker-registry-volume
+spec:
+  capacity:
+    storage: 2Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Recycle
+  local:
+    path: /mnt/kube-registry-volume
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - minikube
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: docker-registry-pvc
+spec:
+  resources:
+    requests:
+      storage: 2Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce

kube/registry/docker-registry.yaml

@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: docker-registry
+spec:
+  selector:
+    matchLabels:
+      app: docker-registry
+  template:
+    metadata:
+      labels:
+        app: docker-registry
+    spec:
+      containers:
+        - name: docker-registry
+          image: registry:latest
+          resources:
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
+          env:
+            - name: REGISTRY_AUTH
+              value: "htpasswd"
+            - name: REGISTRY_AUTH_HTPASSWD_REALM
+              value: "docker.nilstriev.dev"
+            - name: REGISTRY_AUTH_HTPASSWD_PATH
+              value: "/auth/htpasswd"
+            - name: REGISTRY_HTTP_TLS_CERTIFICATE
+              value: "/certs/tls.crt"
+            - name: REGISTRY_HTTP_TLS_KEY
+              value: "/certs/tls.key"
+          volumeMounts:
+            - name: repo-vol
+              mountPath: "/var/lib/registry"
+            - name: certs-vol
+              mountPath: "/certs"
+              readOnly: true
+            - name: auth-vol
+              mountPath: "/auth"
+              readOnly: true
+      volumes:
+        - name: repo-vol
+          persistentVolumeClaim:
+            claimName: docker-registry-pvc
+        - name: certs-vol
+          secret:
+            secretName: nilstriev-dev-cert
+        - name: auth-vol
+          secret:
+            secretName: docker-registry-auth-secret
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: docker-registry-service
+spec:
+  selector:
+    app: docker-registry
+  ports:
+    - port: 5000
+      targetPort: 5000