apiVersion: v1
kind: Namespace
metadata:
    name: docker-registry
spec:
    finalizers:
    - kubernetes
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: docker-registry
  namespace: docker-registry
  #annotations:
  #  volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
  storageClassName: csi-s3-slow
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi

---
apiVersion: apps/v1
kind: Deployment 
metadata:
  name: registry
  labels:
    app: registry
  namespace: docker-registry
spec:
  replicas: 1
  selector:
      matchLabels:
          app: registry
  template:
      metadata:
          labels:
              app: registry
      spec:
        containers:
        - name: registry
          image: registry:2
          imagePullPolicy: Always
          env:
          - name: REGISTRY_HTTP_SECRET
            value: "ThisIsTotallySecret"
          ports:
            - containerPort: 5000
          volumeMounts:
            - mountPath: /var/lib/registry
              name: registry-data
            - mountPath: /etc/docker/registry
              name: config
        volumes:
          - name: registry-data
            persistentVolumeClaim:
                claimName: docker-registry 
          - name: config
            configMap:
              defaultMode: 420
              name: docker-registry-config
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: docker-registry-config
  namespace: docker-registry
  labels:
    app: registry
data:
  config.yml: |-
    version: 0.1
    log:
      fields:
        service: registry
    storage:
      delete:
        enabled: true
      cache:
        blobdescriptor: inmemory
      filesystem:
        rootdirectory: /var/lib/registry
    http:
      addr: :5000
      headers:
        X-Content-Type-Options: [nosniff]
        Access-Control-Allow-Origin: ['*']
        Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
        Access-Control-Allow-Headers: ['Authorization', 'Accept']
        Access-Control-Max-Age: [1728000]
        Access-Control-Allow-Credentials: [true]
        Access-Control-Expose-Headers: ['Docker-Content-Digest']            
---
kind: Service
apiVersion: v1
metadata:
  name: registry
  namespace: docker-registry
spec:
  selector:
    app: registry
  ports:
    - port: 5000
      targetPort: 5000
---
apiVersion: v1
data:
  proxy-connect-timeout: "30"
  proxy-read-timeout: "1801"
  proxy-send-timeout: "1801"
  proxy-body-size: "0"
  client-max-body-size: "0"
kind: ConfigMap
metadata:
  name: ingress-nginx-controller
  namespace: ingress-nginx
---
apiVersion: networking.k8s.io/v1beta1 
kind: Ingress
metadata:
    name: docker-registry
    namespace: docker-registry
    #annotations:
    #  nginx.ingress.kubernetes.io/proxy‑connect‑timeout: 30
    #  nginx.ingress.kubernetes.io/proxy‑read‑timeout: 1800
    #  nginx.ingress.kubernetes.io/proxy‑send‑timeout: 1800
    #  nginx.ingress.kubernetes.io/proxy-body-size: '5g' 
spec:
    rules:
    - host: docker-registry.lan
      http:
          paths:
          - backend:
              serviceName: registry
              servicePort: 5000 
            path: /