apiVersion: apps/v1beta2 kind: StatefulSet metadata: name: "{{ template "harbor.fullname" . }}-registry" labels: {{ include "harbor.labels" . | indent 4 }} component: registry spec: replicas: 1 serviceName: "{{ template "harbor.fullname" . }}-registry" selector: matchLabels: {{ include "harbor.matchLabels" . | indent 6 }} component: registry template: metadata: labels: {{ include "harbor.labels" . | indent 8 }} component: registry spec: containers: - name: registry image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }} imagePullPolicy: {{ .Values.registry.image.pullPolicy }} resources: {{ toYaml .Values.registry.resources | indent 10 }} args: ["serve", "/etc/registry/config.yml"] env: - name: REGISTRY_HTTP_SECRET valueFrom: secretKeyRef: name: "{{ template "harbor.fullname" . }}-registry" key: httpSecret {{- $storage := .Values.registry.storage }} {{- $type := $storage.type }} {{- if eq $type "azure" }} - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY valueFrom: secretKeyRef: name: "{{ template "harbor.fullname" . }}-registry" key: accountkey {{- else if eq $type "s3" }} {{- if $storage.s3.accesskey }} - name: REGISTRY_STORAGE_S3_ACCESSKEY valueFrom: secretKeyRef: name: "{{ template "harbor.fullname" . }}-registry" key: accesskey {{- end }} {{- if $storage.s3.secretkey }} - name: REGISTRY_STORAGE_S3_SECRETKEY valueFrom: secretKeyRef: name: "{{ template "harbor.fullname" . }}-registry" key: secretkey {{- end }} {{- else if eq $type "swift" }} - name: REGISTRY_STORAGE_SWIFT_PASSWORD valueFrom: secretKeyRef: name: "{{ template "harbor.fullname" . }}-registry" key: password {{- if $storage.swift.secretkey }} - name: REGISTRY_STORAGE_SWIFT_SECRETKEY valueFrom: secretKeyRef: name: "{{ template "harbor.fullname" . }}-registry" key: secretkey {{- end }} {{- if $storage.swift.accesskey }} - name: REGISTRY_STORAGE_SWIFT_ACCESSKEY valueFrom: secretKeyRef: name: "{{ template "harbor.fullname" . }}-registry" key: accesskey {{- end }} {{- else if eq $type "oss" }} - name: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET valueFrom: secretKeyRef: name: "{{ template "harbor.fullname" . }}-registry" key: accesskeysecret {{- end }} ports: - containerPort: 5000 - containerPort: 5001 volumeMounts: {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }} - name: registry-data mountPath: {{ .Values.registry.storage.filesystem.rootdirectory }} {{- end }} - name: registry-root-certificate mountPath: /etc/registry/root.crt subPath: tokenServiceRootCertBundle - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml volumes: - name: registry-root-certificate secret: secretName: "{{ template "harbor.fullname" . }}-ui" - name: registry-config configMap: name: "{{ template "harbor.fullname" . }}-registry" - name: registry-data hostPath: path: /etc/kubernetes/data/registry {{- with .Values.registry.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.registry.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.registry.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }}