apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-registry" namespace: "harbor" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.15.0" component: registry app.kubernetes.io/component: registry spec: replicas: 1 revisionHistoryLimit: 10 strategy: type: Recreate rollingUpdate: null selector: matchLabels: release: harbor app: "harbor" component: registry template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.15.0" component: registry app.kubernetes.io/component: registry annotations: checksum/configmap: 2e9fbee4c76df88822f47066eb1e8c02cec9917d54a619344512e042d1aba13b checksum/secret: 0e6f4d074dceb03e699f84fb97a8bb6f2eb9968ee89396d3b9fe56c965d2e5b3 checksum/secret-jobservice: 388df16a5ce670284aaa57126ada65df238ddadbad14c5aaa94a384592da2e7d checksum/secret-core: 7d184289f51bc7b1001e976c80693ff24befaa3ccfb2146ab9c4051b61ae385d spec: securityContext: runAsUser: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: registry image: goharbor/registry-photon:v2.15.1@sha256:ebf0325c2661729dbb317cbf839608eb8b15cfa158911a94976f2c21563c466e imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: / scheme: HTTP port: 5000 initialDelaySeconds: 300 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 readinessProbe: httpGet: path: / scheme: HTTP port: 5000 initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault envFrom: - secretRef: name: "harbor-registry" env: - name: REGISTRY_HTTP_SECRET valueFrom: secretKeyRef: name: harbor-secret key: REGISTRY_HTTP_SECRET ports: - containerPort: 5000 - containerPort: 8001 volumeMounts: - name: registry-data mountPath: /storage subPath: - name: registry-htpasswd mountPath: /etc/registry/passwd subPath: passwd - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registryctl image: ghcr.io/goharbor/harbor-registryctl:v2.15.1@sha256:554147a956989175f63f8d41573d716c6ddf6052acd1749c88c0f99ce6ee2bff imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /api/health scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 readinessProbe: httpGet: path: /api/health scheme: HTTP port: 8080 initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault envFrom: - configMapRef: name: "harbor-registryctl" - secretRef: name: "harbor-registry" - secretRef: name: "harbor-registryctl" env: - name: REGISTRY_HTTP_SECRET valueFrom: secretKeyRef: name: harbor-secret key: REGISTRY_HTTP_SECRET - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-secret key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-secret key: JOBSERVICE_SECRET ports: - containerPort: 8080 volumeMounts: - name: registry-data mountPath: /storage subPath: - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registry-config mountPath: /etc/registryctl/config.yml subPath: ctl-config.yml volumes: - name: registry-htpasswd secret: secretName: harbor-secret items: - key: REGISTRY_HTPASSWD path: passwd - name: registry-config configMap: name: "harbor-registry" - name: registry-data persistentVolumeClaim: claimName: harbor-registry