apiVersion: v1
kind: Service
metadata:
  name: registry
spec:
  ports:
    - name: "80"
      port: 80
      targetPort: 5000
  selector:
    name: registry
status:
  loadBalancer: {}

---

apiVersion: v1
kind: Service
metadata:
  name: registry
spec:
  ports:
    - name: "80"
      port: 80
      targetPort: 5000
  selector:
    name: registry-mirror
status:
  loadBalancer: {}

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: registry
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/proxy-body-size: "1G"
spec:
  tls:
  rules:
  - http:
      paths:
      - path: /v2
        pathType: Prefix
        backend:
          service:
            name: registry
            port:
              number: 80

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: registry-mirror
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/proxy-body-size: "1G"
spec:
  tls:
  rules:
  - http:
      paths:
      - path: /v2
        pathType: Prefix
        backend:
          service:
            name: registry-mirror
            port:
              number: 80

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: registry-data
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10G

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: registry-auth
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10M

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry
spec:
  replicas: 1
  selector:
    matchLabels:
      name: registry
  template:
    metadata:
      labels:
        name: registry
    spec:
      containers:
      - name: registry
        image: registry:2.8.3
        resources: {}
        env:
        - name: REGISTRY_HTTP_ADDR
          value: :5000
        - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
          value: /var/lib/registry
        - name: REGISTRY_AUTH
          value: htpasswd
        - name: REGISTRY_AUTH_HTPASSWD_PATH
          value: /auth/htpasswd
        - name: REGISTRY_AUTH_HTPASSWD_REALM
          value: Registry Realm
        volumeMounts:
        - name: registry-data
          mountPath: /var/lib/registry
        - name: registry-auth
          mountPath: /auth
        ports:
        - containerPort: 5000
          name: registry
          protocol: TCP
      volumes:
      - name: registry-data
        persistentVolumeClaim:
          claimName: registry-data
      - name: registry-auth
        persistentVolumeClaim:
          claimName: registry-auth
---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry-mirror
spec:
  replicas: 1
  selector:
    matchLabels:
      name: registry-mirror
  template:
    metadata:
      labels:
        name: registry-mirror
    spec:
      containers:
      - name: registry-mirror
        image: registry:2.8.3
        resources: {}
        env:
        - name: REGISTRY_HTTP_ADDR
          value: :5000
        - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
          value: /var/lib/registry
        - name: REGISTRY_PROXY_REMOTEURL
          value: https://registry-1.docker.io
        volumeMounts:
        - name: registry-data
          mountPath: /var/lib/registry
        - name: registry-auth
          mountPath: /auth
        ports:
        - containerPort: 5000
          name: registry-mirror
          protocol: TCP
      volumes:
      - name: registry-data
        persistentVolumeClaim:
          claimName: registry-data
      - name: registry-auth
        persistentVolumeClaim:
          claimName: registry-auth