feat: added registry/certs

manifests/registry/registry-configmap.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+data:
+  config.yml: |
+    version: 0.1
+    log:
+      fields:
+        service: registry
+    storage:
+      s3:
+        accesskey: registry
+        secretkey: registry123
+        region: deeznuts
+        regionendpoint: http://seaweedfs-s3.weed.svc.cluster.local:8333
+        forcepathstyle: true
+        bucket: registry
+      delete:
+        enabled: true
+      redirect:
+        disable: true
+      tag:
+        concurrencylimit: 8
+    auth:
+      htpasswd:
+        realm: deeznuts-realm
+        path: /etc/distribution/passwd
+    http:
+      addr: :5000
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: registry-cm
+  namespace: production-system

manifests/registry/registry-deployment.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    app: registry-deploy
+  name: registry-deploy
+  namespace: production-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: registry-deploy
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: registry-deploy
+    spec:
+      containers:
+      - image: registry:3.0.0
+        name: registry
+        ports:
+        - containerPort: 5000
+        env:
+        - name: OTEL_TRACES_EXPORTER
+          value: "none"
+        resources: 
+          limits:
+            memory: "500Mi"
+            cpu: "200m"
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+
+        volumeMounts:
+          - name: registry-setup
+            mountPath: /etc/distribution
+            readOnly: true
+      volumes:
+        - name: registry-setup
+          projected:
+            sources:
+            - secret:
+                name: registry-credentials
+            - configMap:
+               name: registry-cm
+
+status: {}

manifests/registry/registry-ingress.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  creationTimestamp: null
+  name: registry-ingress
+  namespace: production-system
+  annotations:
+    cert-manager.io/cluster-issuer: smigtech-issuer
+spec:
+  ingressClassName: cilium
+  rules:
+  - host: images.lab.smig.tech
+    http:
+      paths:
+      - backend:
+          service:
+            name: registry-service
+            port:
+              number: 5000
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - images.lab.smig.tech
+    secretName: registry-tls
+status:
+  loadBalancer: {}

manifests/registry/registry-namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  creationTimestamp: null
+  name: production-system
+spec: {}
+status: {}

manifests/registry/registry-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  passwd: c21pZ3o6JDJ5JDEwJGtiOGRzMkZrMUNXMGgvOGhNYjlVMnUudy5WRlpjSk1velA3dXp2djRibU1EQ2d4MkpBcWo2
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: registry-credentials
+  namespace: production-system

manifests/registry/registry-service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    app: registry-deploy
+  name: registry-service
+  namespace: production-system
+spec:
+  ports:
+  - port: 5000
+    protocol: TCP
+    targetPort: 5000
+  selector:
+    app: registry-deploy
+  type: ClusterIP
+status:
+  loadBalancer: {}