{{- $storage := .Values.registry.storage }} apiVersion: apps/v1 kind: StatefulSet metadata: name: "{{ template "harbor.registry" . }}" labels: {{ include "harbor.labels" . | indent 4 }} app: registry spec: replicas: {{ .Values.registry.replicas }} serviceName: "{{ template "harbor.registry" . }}" selector: matchLabels: {{ include "harbor.matchLabels" . | indent 6 }} app: registry template: metadata: labels: {{ include "harbor.labels" . | indent 8 }} app: registry annotations: checksum/configmap: {{ include (print $.Template.BasePath "/registry/registry-cm.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/registry/registry-secret.yaml") . | sha256sum }} {{- if .Values.registry.podAnnotations }} {{ toYaml .Values.registry.podAnnotations | indent 8 }} {{- end }} spec: tolerations: - effect: NoSchedule operator: Exists containers: - name: registry image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: path: / port: 5000 initialDelaySeconds: 1 periodSeconds: 10 readinessProbe: httpGet: path: / port: 5000 initialDelaySeconds: 1 periodSeconds: 10 resources: {{ toYaml .Values.registry.resources | indent 10 }} args: ["serve", "/etc/registry/config.yml"] envFrom: - secretRef: name: "{{ template "harbor.registry" . }}" ports: - containerPort: 5000 - containerPort: 5001 volumeMounts: {{- if eq $storage.type "filesystem" }} - name: data mountPath: /data {{- end }} - name: registry-root-certificate mountPath: /etc/registry/root.crt subPath: tokenServiceRootCertBundle - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: etc-localtime mountPath: /etc/localtime - name: registryctl image: {{ .Values.registry.controller.image.repository }}:{{ .Values.registry.controller.image.tag }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: path: /api/health port: 8080 initialDelaySeconds: 1 periodSeconds: 10 readinessProbe: httpGet: path: /api/health port: 8080 initialDelaySeconds: 1 periodSeconds: 10 resources: {{ toYaml .Values.registry.resources | indent 10 }} args: ["serve", "/etc/registry/config.yml"] envFrom: - secretRef: name: "{{ template "harbor.registry" . }}" env: - name: CORE_SECRET valueFrom: secretKeyRef: name: {{ template "harbor.core" . }} key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: "{{ template "harbor.fullname" . }}-jobservice" key: secret ports: - containerPort: 8080 volumeMounts: {{- if eq $storage.type "filesystem" }} - name: data mountPath: /data {{- end }} - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registry-config mountPath: /etc/registryctl/config.yml subPath: ctl-config.yml - name: etc-localtime mountPath: /etc/localtime {{- with .Values.registry.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.registry.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.registry.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} volumes: - name: etc-localtime hostPath: path: /etc/localtime - name: registry-root-certificate secret: secretName: {{ template "harbor.core" . }} - name: registry-config configMap: name: "{{ template "harbor.registry" . }}" {{- if eq $storage.type "filesystem" }} {{- if .Values.registry.storageSpec.hostPath }} - name: data hostPath: path: {{.Values.registry.storageSpec.hostPath.root | default "/data" }}/{{ .Release.Namespace }}/{{ .Release.Name }}/database {{- else if .Values.registry.storageSpec.emptyDir }} - name: data emptyDir: {} {{- else if .Values.registry.storageSpec.volumeClaimTemplate }} volumeClaimTemplates: - metadata: name: "data" labels: {{ include "harbor.labels" . | indent 8 }} app: registry spec: {{ toYaml $.Values.registry.storageSpec.volumeClaimTemplate.spec | indent 6 }} {{- end }} {{- end }}