apiVersion: apps/v1
kind: Deployment
metadata:
  name: docker-registry
spec:
  selector:
    matchLabels:
      app: docker-registry
  template:
    metadata:
      labels:
        app: docker-registry
    spec:
      containers:
        - name: docker-registry
          image: registry:latest
          resources:
            limits:
              memory: "128Mi"
              cpu: "500m"
          env:
            - name: REGISTRY_AUTH
              value: "htpasswd"
            - name: REGISTRY_AUTH_HTPASSWD_REALM
              value: "docker.nilstriev.dev"
            - name: REGISTRY_AUTH_HTPASSWD_PATH
              value: "/auth/htpasswd"
            - name: REGISTRY_HTTP_TLS_CERTIFICATE
              value: "/certs/tls.crt"
            - name: REGISTRY_HTTP_TLS_KEY
              value: "/certs/tls.key"
          volumeMounts:
            - name: repo-vol
              mountPath: "/var/lib/registry"
            - name: certs-vol
              mountPath: "/certs"
              readOnly: true
            - name: auth-vol
              mountPath: "/auth"
              readOnly: true
      volumes:
        - name: repo-vol
          persistentVolumeClaim:
            claimName: docker-registry-pvc
        - name: certs-vol
          secret:
            secretName: nilstriev-dev-cert
        - name: auth-vol
          secret:
            secretName: docker-registry-auth-secret
---
apiVersion: v1
kind: Service
metadata:
  name: docker-registry-service
spec:
  selector:
    app: docker-registry
  ports:
    - port: 5000
      targetPort: 5000