apiVersion: apps/v1 kind: Deployment metadata: name: "{{ template "harbor.registry" . }}" labels: {{ include "harbor.labels" . | indent 4 }} app: registry spec: replicas: {{ .Values.registry.replicas }} selector: matchLabels: {{ include "harbor.matchLabels" . | indent 6 }} app: registry template: metadata: labels: {{ include "harbor.labels" . | indent 8 }} app: registry annotations: checksum/configmap: {{ include (print $.Template.BasePath "/registry/registry-cm.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/registry/registry-secret.yaml") . | sha256sum }} checksum/secret-jobservice: {{ include (print $.Template.BasePath "/jobservice/jobservice-secrets.yaml") . | sha256sum }} checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }} {{- if .Values.registry.podAnnotations }} {{ toYaml .Values.registry.podAnnotations | indent 8 }} {{- end }} spec: containers: - name: registry image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: path: / port: 5000 initialDelaySeconds: 1 periodSeconds: 10 readinessProbe: httpGet: path: / port: 5000 initialDelaySeconds: 1 periodSeconds: 10 {{- if .Values.registry.registry.resources }} resources: {{ toYaml .Values.registry.registry.resources | indent 10 }} {{- end }} args: ["serve", "/etc/registry/config.yml"] envFrom: - secretRef: name: "{{ template "harbor.registry" . }}" ports: - containerPort: 5000 - containerPort: 5001 volumeMounts: - name: registry-data mountPath: /data - name: registry-root-certificate mountPath: /etc/registry/root.crt subPath: tokenServiceRootCertBundle - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: etc-localtime mountPath: /etc/localtime - name: registryctl image: {{ .Values.registry.controller.image.repository }}:{{ .Values.registry.controller.image.tag }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: path: /api/health port: 8080 initialDelaySeconds: 1 periodSeconds: 10 readinessProbe: httpGet: path: /api/health port: 8080 initialDelaySeconds: 1 periodSeconds: 10 {{- if .Values.registry.controller.resources }} resources: {{ toYaml .Values.registry.controller.resources | indent 10 }} {{- end }} args: ["serve", "/etc/registry/config.yml"] envFrom: - secretRef: name: "{{ template "harbor.registry" . }}" env: - name: CORE_SECRET valueFrom: secretKeyRef: name: {{ template "harbor.core" . }} key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: {{ template "harbor.jobservice" . }} key: secret ports: - containerPort: 8080 volumeMounts: - name: registry-data mountPath: /data - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registry-config mountPath: /etc/registryctl/config.yml subPath: ctl-config.yml - name: etc-localtime mountPath: /etc/localtime volumes: - name: etc-localtime hostPath: path: /etc/localtime - name: registry-root-certificate secret: {{- if .Values.core.secretName }} secretName: {{ .Values.core.secretName }} {{- else }} secretName: {{ template "harbor.core" . }} {{- end }} - name: registry-config configMap: name: "{{ template "harbor.registry" . }}" - name: registry-data hostPath: {{- if .Values.registry.hostPath }} path: {{ .Values.registry.hostPath }} {{- else }} path: /data/{{ .Release.Namespace }}/{{ .Release.Name }}/registry {{- end }} {{- with .Values.registry.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.registry.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.registry.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }}