apiVersion: v1 kind: Namespace metadata: name: registry --- apiVersion: apps/v1 kind: Deployment metadata: name: registry namespace: registry labels: app: registry spec: replicas: 1 selector: matchLabels: app: registry template: metadata: labels: app: registry spec: securityContext: runAsNonRoot: true runAsUser: 65534 fsGroup: 65534 seccompProfile: type: RuntimeDefault containers: - name: registry image: registry:2 ports: - containerPort: 5000 name: http resources: requests: cpu: 25m memory: 128Mi limits: cpu: 2000m memory: 20Gi env: - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HTTP_ADDR value: "0.0.0.0:5000" securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65534 capabilities: drop: - ALL volumeMounts: - name: registry-data mountPath: /var/lib/registry - name: tmp mountPath: /tmp livenessProbe: httpGet: path: /v2/ port: 5000 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /v2/ port: 5000 initialDelaySeconds: 5 periodSeconds: 5 volumes: - name: registry-data emptyDir: {} - name: tmp emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: registry namespace: registry labels: app: registry spec: selector: app: registry ports: - port: 5000 targetPort: 5000 name: http type: ClusterIP --- apiVersion: v1 kind: Service metadata: name: registry-nodeport namespace: registry labels: app: registry spec: selector: app: registry ports: - port: 5000 targetPort: 5000 nodePort: 30500 name: http type: NodePort