harbor/contrib/helm/harbor/templates/registry/registry-ss.yaml

apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
  name: "{{ template "harbor.fullname" . }}-registry"
  labels:
{{ include "harbor.labels" . | indent 4 }}
    component: registry
spec:
  replicas: 1
  serviceName: "{{ template "harbor.fullname" . }}-registry"
  selector:
    matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
      component: registry
  template:
    metadata:
      labels:
{{ include "harbor.labels" . | indent 8 }}
        component: registry
    spec:
      containers:
      - name: registry
        image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}
        imagePullPolicy: {{ .Values.registry.image.pullPolicy }}
        resources:
{{ toYaml .Values.registry.resources | indent 10 }}
        args: ["serve", "/etc/registry/config.yml"]
        env:
          - name: REGISTRY_HTTP_SECRET
            valueFrom:
              secretKeyRef:
                name: "{{ template "harbor.fullname" . }}-registry"
                key: httpSecret
          {{- $storage := .Values.registry.storage }}
          {{- $type := $storage.type }}
          {{- if eq $type "azure" }}
          - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
            valueFrom:
              secretKeyRef:
                name: "{{ template "harbor.fullname" . }}-registry"
                key: accountkey
          {{- else if eq $type "s3" }}
          {{- if $storage.s3.accesskey }}
          - name: REGISTRY_STORAGE_S3_ACCESSKEY
            valueFrom:
              secretKeyRef:
                name: "{{ template "harbor.fullname" . }}-registry"
                key: accesskey
          {{- end }}
          {{- if $storage.s3.secretkey }}
          - name: REGISTRY_STORAGE_S3_SECRETKEY
            valueFrom:
              secretKeyRef:
                name: "{{ template "harbor.fullname" . }}-registry"
                key: secretkey
          {{- end }}
          {{- else if eq $type "swift" }}
          - name: REGISTRY_STORAGE_SWIFT_PASSWORD
            valueFrom:
              secretKeyRef:
                name: "{{ template "harbor.fullname" . }}-registry"
                key: password
          {{- if $storage.swift.secretkey }}
          - name: REGISTRY_STORAGE_SWIFT_SECRETKEY
            valueFrom:
              secretKeyRef:
                name: "{{ template "harbor.fullname" . }}-registry"
                key: secretkey
          {{- end }}
          {{- if $storage.swift.accesskey }}
          - name: REGISTRY_STORAGE_SWIFT_ACCESSKEY
            valueFrom:
              secretKeyRef:
                name: "{{ template "harbor.fullname" . }}-registry"
                key: accesskey
          {{- end }}
          {{- else if eq $type "oss" }}
          - name: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
            valueFrom:
              secretKeyRef:
                name: "{{ template "harbor.fullname" . }}-registry"
                key: accesskeysecret
          {{- end }}
        ports:
        - containerPort: 5000
        - containerPort: 5001
        volumeMounts:
        {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
        - name: registry-data
          mountPath: {{ .Values.registry.storage.filesystem.rootdirectory }}
        {{- end }}
        - name: registry-root-certificate
          mountPath: /etc/registry/root.crt
          subPath: tokenServiceRootCertBundle
        - name: registry-config
          mountPath: /etc/registry/config.yml
          subPath: config.yml
      volumes:
      - name: registry-root-certificate
        secret:
          secretName: "{{ template "harbor.fullname" . }}-ui"
      - name: registry-config
        configMap:
          name: "{{ template "harbor.fullname" . }}-registry"
    {{- with .Values.registry.nodeSelector }}
      nodeSelector:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.registry.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.registry.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
    {{- end }}
  {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
  volumeClaimTemplates:
  - metadata:
      name: registry-data
      labels:
{{ include "harbor.labels" . | indent 8 }}
    spec:
      accessModes: [{{ .Values.registry.volumes.data.accessMode | quote }}]
      {{- if .Values.registry.volumes.data.storageClass }}
      {{- if (eq "-" .Values.registry.volumes.data.storageClass) }}
      storageClassName: ""
      {{- else }}
      storageClassName: "{{ .Values.registry.volumes.data.storageClass }}"
      {{- end }}
      {{- end }}
      resources:
        requests:
          storage: {{ .Values.registry.volumes.data.size | quote }}
  {{- end }}