infrastructure/clusters/cl01tl/manifests/harbor/Deployment-harbor-registry.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: "harbor-registry"
  namespace: "harbor"
  labels:
    heritage: Helm
    release: harbor
    chart: harbor
    app: "harbor"
    app.kubernetes.io/instance: harbor
    app.kubernetes.io/name: harbor
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/part-of: harbor
    app.kubernetes.io/version: "2.15.0"
    component: registry
    app.kubernetes.io/component: registry
spec:
  replicas: 1
  revisionHistoryLimit: 10
  strategy:
    type: Recreate
    rollingUpdate: null
  selector:
    matchLabels:
      release: harbor
      app: "harbor"
      component: registry
  template:
    metadata:
      labels:
        heritage: Helm
        release: harbor
        chart: harbor
        app: "harbor"
        app.kubernetes.io/instance: harbor
        app.kubernetes.io/name: harbor
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/part-of: harbor
        app.kubernetes.io/version: "2.15.0"
        component: registry
        app.kubernetes.io/component: registry
      annotations:
        checksum/configmap: 2e9fbee4c76df88822f47066eb1e8c02cec9917d54a619344512e042d1aba13b
        checksum/secret: 0e6f4d074dceb03e699f84fb97a8bb6f2eb9968ee89396d3b9fe56c965d2e5b3
        checksum/secret-jobservice: 388df16a5ce670284aaa57126ada65df238ddadbad14c5aaa94a384592da2e7d
        checksum/secret-core: 7d184289f51bc7b1001e976c80693ff24befaa3ccfb2146ab9c4051b61ae385d
    spec:
      securityContext:
        runAsUser: 10000
        fsGroup: 10000
        fsGroupChangePolicy: OnRootMismatch
      automountServiceAccountToken: false
      terminationGracePeriodSeconds: 120
      containers:
        - name: registry
          image: goharbor/registry-photon:v2.15.1@sha256:ebf0325c2661729dbb317cbf839608eb8b15cfa158911a94976f2c21563c466e
          imagePullPolicy: IfNotPresent
          livenessProbe:
            httpGet:
              path: /
              scheme: HTTP
              port: 5000
            initialDelaySeconds: 300
            periodSeconds: 10
            timeoutSeconds: 1
            failureThreshold: 3
            successThreshold: 1
          readinessProbe:
            httpGet:
              path: /
              scheme: HTTP
              port: 5000
            initialDelaySeconds: 1
            periodSeconds: 10
            timeoutSeconds: 1
            failureThreshold: 3
            successThreshold: 1
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          envFrom:
            - secretRef:
                name: "harbor-registry"
          env:
            - name: REGISTRY_HTTP_SECRET
              valueFrom:
                secretKeyRef:
                  name: harbor-secret
                  key: REGISTRY_HTTP_SECRET
          ports:
            - containerPort: 5000
            - containerPort: 8001
          volumeMounts:
            - name: registry-data
              mountPath: /storage
              subPath:
            - name: registry-htpasswd
              mountPath: /etc/registry/passwd
              subPath: passwd
            - name: registry-config
              mountPath: /etc/registry/config.yml
              subPath: config.yml
        - name: registryctl
          image: ghcr.io/goharbor/harbor-registryctl:v2.15.1@sha256:554147a956989175f63f8d41573d716c6ddf6052acd1749c88c0f99ce6ee2bff
          imagePullPolicy: IfNotPresent
          livenessProbe:
            httpGet:
              path: /api/health
              scheme: HTTP
              port: 8080
            initialDelaySeconds: 300
            periodSeconds: 10
            timeoutSeconds: 1
            failureThreshold: 3
            successThreshold: 1
          readinessProbe:
            httpGet:
              path: /api/health
              scheme: HTTP
              port: 8080
            initialDelaySeconds: 1
            periodSeconds: 10
            timeoutSeconds: 1
            failureThreshold: 3
            successThreshold: 1
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          envFrom:
            - configMapRef:
                name: "harbor-registryctl"
            - secretRef:
                name: "harbor-registry"
            - secretRef:
                name: "harbor-registryctl"
          env:
            - name: REGISTRY_HTTP_SECRET
              valueFrom:
                secretKeyRef:
                  name: harbor-secret
                  key: REGISTRY_HTTP_SECRET
            - name: CORE_SECRET
              valueFrom:
                secretKeyRef:
                  name: harbor-secret
                  key: secret
            - name: JOBSERVICE_SECRET
              valueFrom:
                secretKeyRef:
                  name: harbor-secret
                  key: JOBSERVICE_SECRET
          ports:
            - containerPort: 8080
          volumeMounts:
            - name: registry-data
              mountPath: /storage
              subPath:
            - name: registry-config
              mountPath: /etc/registry/config.yml
              subPath: config.yml
            - name: registry-config
              mountPath: /etc/registryctl/config.yml
              subPath: ctl-config.yml
      volumes:
        - name: registry-htpasswd
          secret:
            secretName: harbor-secret
            items:
              - key: REGISTRY_HTPASSWD
                path: passwd
        - name: registry-config
          configMap:
            name: "harbor-registry"
        - name: registry-data
          persistentVolumeClaim:
            claimName: harbor-registry