apiVersion: v1
kind: persistentvolume
metadata:
  name: repo-pv
  labels:
    type: prstore
spec:
  capacity:
    storage: 7gi
  volumemode: filesystem
  accessmodes:
  - readwritemany
  persistentvolumereclaimpolicy: retain
  storageclassname: local-storage
  local:
    fstype: ext4
    path: /root/repo
  nodeaffinity:
    required:
      nodeselectorterms:
      - matchexpressions:
        - key: kubernetes.io/hostname
          operator: in
          values:
          - spring
---
apiversion: v1
kind: persistentvolumeclaim
metadata:
  name: repo-pvc
  labels:
    type: prstore
spec:
  selector:
    matchlabels: 
      type: prstore
  volumemode: filesystem
  storageclassname: local-storage
  accessmodes:
  - readwritemany
  resources:
    requests:
      storage: 7gi
---
apiVersion: v1
kind: Pod
metadata:
  name: dockreg-pod
  labels:
    app: mregistry
spec:
  containers:
  - name: registry
    image: registry:2.7.0
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: repo-vol
      mountPath: "/var/lib/registry"
    - name: certs-vol
      mountPath: "/certs"
      readOnly: true
    - name: auth-vol
      mountPath: "/auth"
      readOnly: true
    env:
    - name: REGISTRY_AUTH
      value: "htpasswd"
    - name: REGISTRY_AUTH_HTPASSWD_REALM
      value: "Registry Realm"
    - name: REGISTRY_AUTH_HTPASSWD_PATH
      value: "/auth/htpasswd"
    - name: REGISTRY_HTTP_TLS_CERTIFICATE
      value: "/certs/tls.crt"
    - name: REGISTRY_HTTP_TLS_KEY
      value: "/certs/tls.key"
    - name: REGISTRY_STORAGE_DELETE_ENABLED
      value: "true"
    - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR
      value: ""
  volumes:
  - name: repo-vol
    persistentVolumeClaim:
      claimName: repo-pvc
  - name: certs-vol
    secret:
      secretName: certs-secret
  - name: auth-vol
    secret:
      secretName: auth-secret
  restartPolicy: Always
  nodeName: spring
---
apiVersion: v1
kind: Service
metadata:
  name: dockreg
spec:
  selector:
    app: mregistry
  ports:
  - port: 5000
    targetPort: 5000