apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: docker-registry
  namespace: docker-registry
  #annotations:
  #  volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
  storageClassName: csi-s3-slow
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi

---
apiVersion: apps/v1
kind: Deployment 
metadata:
  name: registry
  labels:
    app: registry
  namespace: live-env
spec:
  replicas: 1
  selector:
      matchLabels:
          app: registry
  template:
      metadata:
          labels:
              app: registry
      spec:
        containers:
        - name: registry
          image: registry:2
          imagePullPolicy: Always
          env:
          - name: REGISTRY_HTTP_SECRET
            value: "ThisIsTotallySecret"
          ports:
            - containerPort: 5000
          volumeMounts:
            - mountPath: /var/lib/registry
              name: registry-data
            - mountPath: /etc/docker/registry
              name: config
        volumes:
          - name: registry-data
            persistentVolumeClaim:
                claimName: docker-registry 
          - name: config
            configMap:
              defaultMode: 420
              name: docker-registry-config
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: docker-registry-config
  namespace: live-env
  labels:
    app: registry
data:
  config.yml: |-
    version: 0.1
    log:
      fields:
        service: registry
    storage:
      delete:
        enabled: true
      cache:
        blobdescriptor: inmemory
      filesystem:
        rootdirectory: /var/lib/registry
    http:
      addr: :5000
      headers:
        X-Content-Type-Options: [nosniff]
        Access-Control-Allow-Origin: ['*', 'http://cr-ui.lan']
        Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
        Access-Control-Allow-Headers: ['Authorization', 'Accept']
        Access-Control-Max-Age: [1728000]
        Access-Control-Allow-Credentials: [true]
        Access-Control-Expose-Headers: ['Docker-Content-Digest']            
---
kind: Service
apiVersion: v1
metadata:
  name: registry
  namespace: live-env
spec:
  selector:
    app: registry
  ports:
    - port: 5000
      targetPort: 5000
#---
#apiVersion: v1
#data:
#  proxy-connect-timeout: "30"
#  proxy-read-timeout: "1801"
#  proxy-send-timeout: "1801"
#  proxy-body-size: "0"
#  client-max-body-size: "0"
#kind: ConfigMap
#metadata:
#  name: ingress-nginx-controller
#  namespace: ingress-nginx
---
apiVersion: networking.k8s.io/v1 
kind: Ingress
metadata:
    name: docker-registry
    namespace: live-env
    annotations:
      kubernetes.io/ingress.class: nginx
spec:
    rules:
    - host: docker-registry.lan
      http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: registry
                port: 
                  number: 5000