# 私有Docker Registry - K3s 部署清单
# 等价转换原 docker-compose.yml 所有配置
apiVersion: v1
kind: Secret
metadata:
  name: registry-auth
  namespace: default
type: Opaque
# 注意：这里仅为占位，实际需要用 htpasswd 生成账号密码后替换
data:
  htpasswd: ""
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: registry-data
  namespace: default
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: docker-registry
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: docker-registry
  template:
    metadata:
      labels:
        app: docker-registry
    spec:
      containers:
      - name: registry
        image: registry.cn-hangzhou.aliyuncs.com/zhongpengqun/wanderer:amd64-linux-docker-registry-v2
        ports:
        - containerPort: 5000
        resources:
          limits:
            cpu: "0.5"
            memory: "256Mi"
          requests:
            cpu: "0.2"
            memory: "128Mi"
        env:
        - name: REGISTRY_AUTH
          value: "htpasswd"
        - name: REGISTRY_AUTH_HTPASSWD_REALM
          value: "Docker Registry"
        - name: REGISTRY_AUTH_HTPASSWD_PATH
          value: "/auth/htpasswd"
        volumeMounts:
        - name: registry-data
          mountPath: /var/lib/registry
        - name: registry-auth
          mountPath: /auth
          readOnly: true
      volumes:
      - name: registry-data
        persistentVolumeClaim:
          claimName: registry-data
      - name: registry-auth
        secret:
          secretName: registry-auth
---
apiVersion: v1
kind: Service
metadata:
  name: docker-registry
  namespace: default
spec:
  type: NodePort
  ports:
  - port: 5000
    nodePort: 30009
    targetPort: 5000
  selector:
    app: docker-registry