| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147 |
- apiVersion: v1
- kind: Namespace
- metadata:
- name: registry
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- name: registry-auth
- namespace: registry
- type: Opaque
- data:
- # 注意:这里要填 base64 编码后的 htpasswd 内容
- htpasswd: YWRtaW46JDJ5JDEwJEs4NlE4NnkycU5VUWdCM3lEMlEuN1k5N2w4cW9hRTlGcWp3bXlLaQ==
- ---
- apiVersion: v1
- kind: PersistentVolumeClaim
- metadata:
- name: registry-pvc
- namespace: registry
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 10Gi
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: registry
- namespace: registry
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: registry
- template:
- metadata:
- labels:
- app: registry
- spec:
- containers:
- - name: registry
- image: registry.cn-hangzhou.aliyuncs.com/zhongpengqun/wanderer:amd64-linux-docker-registry-v2
- ports:
- - containerPort: 5000
- env:
- - name: REGISTRY_AUTH
- value: "htpasswd"
- - name: REGISTRY_AUTH_HTPASSWD_REALM
- value: "Registry Realm"
- - name: REGISTRY_AUTH_HTPASSWD_PATH
- value: "/auth/htpasswd"
- - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
- value: "/var/lib/registry"
- # --- 关键:Registry 跨域配置 ---
- - name: REGISTRY_HTTP_HEADERS_ACCESS_CONTROL_ALLOW_ORIGIN
- value: '["http://47.113.186.215:30501"]'
- - name: REGISTRY_HTTP_HEADERS_ACCESS_CONTROL_ALLOW_METHODS
- value: '["GET", "POST", "PUT", "DELETE", "OPTIONS"]'
- - name: REGISTRY_HTTP_HEADERS_ACCESS_CONTROL_ALLOW_HEADERS
- value: '["Authorization", "Accept", "Content-Type", "Origin"]'
- - name: REGISTRY_HTTP_HEADERS_ACCESS_CONTROL_ALLOW_CREDENTIALS
- value: '["true"]'
- - name: REGISTRY_HTTP_HEADERS_ACCESS_CONTROL_EXPOSE_HEADERS
- value: '["Docker-Content-Digest", "Location"]'
- volumeMounts:
- - name: auth
- mountPath: /auth
- - name: data
- mountPath: /var/lib/registry
- volumes:
- - name: auth
- secret:
- secretName: registry-auth
- - name: data
- persistentVolumeClaim:
- claimName: registry-pvc
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: registry
- namespace: registry
- spec:
- type: NodePort
- selector:
- app: registry
- ports:
- - port: 5000
- targetPort: 5000
- nodePort: 30500
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: registry-ui
- namespace: registry
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: registry-ui
- template:
- metadata:
- labels:
- app: registry-ui
- spec:
- containers:
- - name: registry-ui
- image: registry.cn-hangzhou.aliyuncs.com/zhongpengqun/wanderer:linux-amd64-docker-registry-ui-2.6.0
- ports:
- - containerPort: 80
- env:
- - name: REGISTRY_URL
- value: "http://registry:5000"
- - name: REGISTRY_TITLE
- value: "K3s Private Registry"
- - name: SINGLE_REGISTRY
- value: "true"
- - name: REGISTRY_HOST
- value: "registry"
- - name: REGISTRY_PORT
- value: "5000"
- - name: CORS_ALLOW_ORIGIN
- value: "http://47.113.186.215:30501"
- - name: CORS_ALLOW_CREDENTIALS
- value: "true"
- - name: CORS_ALLOW_METHODS
- value: "GET, POST, PUT, DELETE, OPTIONS"
- - name: CORS_ALLOW_HEADERS
- value: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: registry-ui
- namespace: registry
- spec:
- type: NodePort
- selector:
- app: registry-ui
- ports:
- - port: 80
- targetPort: 80
- nodePort: 30501
|
