diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index a91077e..c6266d5 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -22,3 +22,188 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} {{- end -}} + +{{- define "docker-registry.envs" -}} +- name: REGISTRY_HTTP_SECRET + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: haSharedSecret + +{{- if .Values.secrets.htpasswd }} +- name: REGISTRY_AUTH + value: "htpasswd" +- name: REGISTRY_AUTH_HTPASSWD_REALM + value: "Registry Realm" +- name: REGISTRY_AUTH_HTPASSWD_PATH + value: "/auth/htpasswd" +{{- end }} + +{{- if .Values.tlsSecretName }} +- name: REGISTRY_HTTP_TLS_CERTIFICATE + value: /etc/ssl/docker/tls.crt +- name: REGISTRY_HTTP_TLS_KEY + value: /etc/ssl/docker/tls.key +{{- end -}} + +{{- if eq .Values.storage "filesystem" }} +- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY + value: "/var/lib/registry" +{{- else if eq .Values.storage "azure" }} +- name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: azureAccountName +- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: azureAccountKey +- name: REGISTRY_STORAGE_AZURE_CONTAINER + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: azureContainer +{{- else if eq .Values.storage "s3" }} +- name: REGISTRY_STORAGE_S3_REGION + value: {{ required ".Values.s3.region is required" .Values.s3.region }} +- name: REGISTRY_STORAGE_S3_BUCKET + value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} +{{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }} +- name: REGISTRY_STORAGE_S3_ACCESSKEY + valueFrom: + secretKeyRef: + name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} + key: s3AccessKey +- name: REGISTRY_STORAGE_S3_SECRETKEY + valueFrom: + secretKeyRef: + name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} + key: s3SecretKey +{{- end -}} + +{{- if .Values.s3.regionEndpoint }} +- name: REGISTRY_STORAGE_S3_REGIONENDPOINT + value: {{ .Values.s3.regionEndpoint }} +{{- end -}} + +{{- if .Values.s3.rootdirectory }} +- name: REGISTRY_STORAGE_S3_ROOTDIRECTORY + value: {{ .Values.s3.rootdirectory | quote }} +{{- end -}} + +{{- if .Values.s3.encrypt }} +- name: REGISTRY_STORAGE_S3_ENCRYPT + value: {{ .Values.s3.encrypt | quote }} +{{- end -}} + +{{- if .Values.s3.secure }} +- name: REGISTRY_STORAGE_S3_SECURE + value: {{ .Values.s3.secure | quote }} +{{- end -}} + +{{- else if eq .Values.storage "swift" }} +- name: REGISTRY_STORAGE_SWIFT_AUTHURL + value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} +- name: REGISTRY_STORAGE_SWIFT_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: swiftUsername +- name: REGISTRY_STORAGE_SWIFT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "docker-registry.fullname" . }}-secret + key: swiftPassword +- name: REGISTRY_STORAGE_SWIFT_CONTAINER + value: {{ required ".Values.swift.container is required" .Values.swift.container }} +{{- end -}} + +{{- if .Values.proxy.enabled }} +- name: REGISTRY_PROXY_REMOTEURL + value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }} +- name: REGISTRY_PROXY_USERNAME + valueFrom: + secretKeyRef: + name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} + key: proxyUsername +- name: REGISTRY_PROXY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} + key: proxyPassword +{{- end -}} + +{{- if .Values.persistence.deleteEnabled }} +- name: REGISTRY_STORAGE_DELETE_ENABLED + value: "true" +{{- end -}} + +{{- with .Values.extraEnvVars }} +{{ toYaml . }} +{{- end -}} + +{{- end -}} + +{{- define "docker-registry.volumeMounts" -}} +- name: "{{ template "docker-registry.fullname" . }}-config" + mountPath: "/etc/docker/registry" + +{{- if .Values.secrets.htpasswd }} +- name: auth + mountPath: /auth + readOnly: true +{{- end }} + +{{- if eq .Values.storage "filesystem" }} +- name: data + mountPath: /var/lib/registry/ +{{- end }} + +{{- if .Values.tlsSecretName }} +- mountPath: /etc/ssl/docker + name: tls-cert + readOnly: true +{{- end }} + +{{- with .Values.extraVolumeMounts }} +{{- toYaml . }} +{{- end }} + +{{- end -}} + +{{- define "docker-registry.volumes" -}} +- name: {{ template "docker-registry.fullname" . }}-config + configMap: + name: {{ template "docker-registry.fullname" . }}-config + +{{- if .Values.secrets.htpasswd }} +- name: auth + secret: + secretName: {{ template "docker-registry.fullname" . }}-secret + items: + - key: htpasswd + path: htpasswd +{{- end }} + +{{- if eq .Values.storage "filesystem" }} +- name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }} + {{- else }} + emptyDir: {} + {{- end -}} +{{- end }} + +{{- if .Values.tlsSecretName }} +- name: tls-cert + secret: + secretName: {{ .Values.tlsSecretName }} +{{- end }} + +{{- with .Values.extraVolumes }} +{{- toYaml . }} +{{- end }} +{{- end -}} diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml index 23a4485..3a04680 100644 --- a/templates/cronjob.yaml +++ b/templates/cronjob.yaml @@ -22,9 +22,9 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- if $.Values.podAnnotations }} -{{ toYaml $.Values.podAnnotations | indent 8 }} -{{- end }} + {{- if .Values.podAnnotations }} + {{ toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} spec: template: spec: @@ -51,135 +51,8 @@ spec: - garbage-collect - --delete-untagged={{ .Values.garbageCollect.deleteUntagged }} - /etc/docker/registry/config.yml - env: -{{- if .Values.secrets.htpasswd }} - - name: REGISTRY_AUTH - value: "htpasswd" - - name: REGISTRY_AUTH_HTPASSWD_REALM - value: "Registry Realm" - - name: REGISTRY_AUTH_HTPASSWD_PATH - value: "/auth/htpasswd" -{{- end }} - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: haSharedSecret -{{- if .Values.tlsSecretName }} - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: /etc/ssl/docker/tls.crt - - name: REGISTRY_HTTP_TLS_KEY - value: /etc/ssl/docker/tls.key -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: "/var/lib/registry" -{{- else if eq .Values.storage "azure" }} - - name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountName - - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountKey - - name: REGISTRY_STORAGE_AZURE_CONTAINER - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureContainer -{{- else if eq .Values.storage "s3" }} - {{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }} - - name: REGISTRY_STORAGE_S3_ACCESSKEY - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: s3AccessKey - - name: REGISTRY_STORAGE_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: s3SecretKey - {{- end }} - - name: REGISTRY_STORAGE_S3_REGION - value: {{ required ".Values.s3.region is required" .Values.s3.region }} - {{- if .Values.s3.regionEndpoint }} - - name: REGISTRY_STORAGE_S3_REGIONENDPOINT - value: {{ .Values.s3.regionEndpoint }} - {{- end }} - - name: REGISTRY_STORAGE_S3_BUCKET - value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} - {{- if .Values.s3.rootdirectory }} - - name: REGISTRY_STORAGE_S3_ROOTDIRECTORY - value: {{ .Values.s3.rootdirectory | quote }} - {{- end }} - {{- if .Values.s3.encrypt }} - - name: REGISTRY_STORAGE_S3_ENCRYPT - value: {{ .Values.s3.encrypt | quote }} - {{- end }} - {{- if .Values.s3.secure }} - - name: REGISTRY_STORAGE_S3_SECURE - value: {{ .Values.s3.secure | quote }} - {{- end }} -{{- else if eq .Values.storage "swift" }} - - name: REGISTRY_STORAGE_SWIFT_AUTHURL - value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} - - name: REGISTRY_STORAGE_SWIFT_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftUsername - - name: REGISTRY_STORAGE_SWIFT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftPassword - - name: REGISTRY_STORAGE_SWIFT_CONTAINER - value: {{ required ".Values.swift.container is required" .Values.swift.container }} -{{- end }} -{{- if .Values.proxy.enabled }} - - name: REGISTRY_PROXY_REMOTEURL - value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }} - - name: REGISTRY_PROXY_USERNAME - valueFrom: - secretKeyRef: - name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: proxyUsername - - name: REGISTRY_PROXY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: proxyPassword -{{- end }} -{{- if .Values.persistence.deleteEnabled }} - - name: REGISTRY_STORAGE_DELETE_ENABLED - value: "true" -{{- end }} -{{- with .Values.extraEnvVars }} - {{- toYaml . | nindent 14 }} -{{- end }} - volumeMounts: -{{- if .Values.secrets.htpasswd }} - - name: auth - mountPath: /auth - readOnly: true -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - mountPath: /var/lib/registry/ -{{- end }} - - name: "{{ template "docker-registry.fullname" . }}-config" - mountPath: "/etc/docker/registry" -{{- if .Values.tlsSecretName }} - - mountPath: /etc/ssl/docker - name: tls-cert - readOnly: true -{{- end }} -{{- with .Values.extraVolumeMounts }} - {{- toYaml . | nindent 16 }} -{{- end }} + env: {{ include "docker-registry.envs" . | nindent 16 }} + volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 16 }} restartPolicy: OnFailure {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }} @@ -190,33 +63,5 @@ spec: {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | nindent 12 }} {{- end }} - volumes: -{{- if .Values.secrets.htpasswd }} - - name: auth - secret: - secretName: {{ template "docker-registry.fullname" . }}-secret - items: - - key: htpasswd - path: htpasswd -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end -}} -{{- end }} - - name: {{ template "docker-registry.fullname" . }}-config - configMap: - name: {{ template "docker-registry.fullname" . }}-config -{{- if .Values.tlsSecretName }} - - name: tls-cert - secret: - secretName: {{ .Values.tlsSecretName }} -{{- end }} -{{- with .Values.extraVolumes }} - {{- toYaml . | nindent 12 }} -{{- end }} + volumes: {{ include "docker-registry.volumes" . | nindent 12 }} {{- end }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 88b941e..6d2ff0e 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -14,45 +14,43 @@ spec: app: {{ template "docker-registry.name" . }} release: {{ .Release.Name }} replicas: {{ .Values.replicaCount }} -{{- if .Values.updateStrategy }} - strategy: -{{ toYaml .Values.updateStrategy | indent 4 }} -{{- end }} + {{- if .Values.updateStrategy }} + strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} minReadySeconds: 5 template: metadata: labels: app: {{ template "docker-registry.name" . }} release: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} + {{- with .Values.podLabels }} + {{ toYaml . | nindent 8 }} {{- end }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- if $.Values.podAnnotations }} -{{ toYaml $.Values.podAnnotations | indent 8 }} -{{- end }} + {{- if .Values.podAnnotations }} + {{ toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} spec: -{{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }} + {{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }} serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }} -{{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} -{{- if .Values.priorityClassName }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" -{{- end }} -{{- if .Values.securityContext.enabled }} + {{- end }} + {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} runAsUser: {{ .Values.securityContext.runAsUser }} -{{- end }} -{{- with .Values.initContainers }} + {{- end }} + {{- with .Values.initContainers }} initContainers: {{- toYaml . | nindent 8 }} -{{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -63,194 +61,35 @@ spec: - /etc/docker/registry/config.yml ports: - containerPort: 5000 -{{- if .Values.metrics.enabled }} + {{- if .Values.metrics.enabled }} - containerPort: {{ (split ":" .Values.configData.http.debug.addr)._1 }} name: http-metrics protocol: TCP -{{- end }} + {{- end }} livenessProbe: httpGet: -{{- if .Values.tlsSecretName }} + {{- if .Values.tlsSecretName }} scheme: HTTPS -{{- end }} + {{- end }} path: / port: 5000 readinessProbe: httpGet: -{{- if .Values.tlsSecretName }} + {{- if .Values.tlsSecretName }} scheme: HTTPS -{{- end }} + {{- end }} path: / port: 5000 - resources: -{{ toYaml .Values.resources | indent 12 }} - env: -{{- if .Values.secrets.htpasswd }} - - name: REGISTRY_AUTH - value: "htpasswd" - - name: REGISTRY_AUTH_HTPASSWD_REALM - value: "Registry Realm" - - name: REGISTRY_AUTH_HTPASSWD_PATH - value: "/auth/htpasswd" -{{- end }} - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: haSharedSecret -{{- if .Values.tlsSecretName }} - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: /etc/ssl/docker/tls.crt - - name: REGISTRY_HTTP_TLS_KEY - value: /etc/ssl/docker/tls.key -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: "/var/lib/registry" -{{- else if eq .Values.storage "azure" }} - - name: REGISTRY_STORAGE_AZURE_ACCOUNTNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountName - - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureAccountKey - - name: REGISTRY_STORAGE_AZURE_CONTAINER - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: azureContainer -{{- else if eq .Values.storage "s3" }} - {{- if or (and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey) .Values.secrets.s3.secretRef }} - - name: REGISTRY_STORAGE_S3_ACCESSKEY - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: s3AccessKey - - name: REGISTRY_STORAGE_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.s3.secretRef }}{{ .Values.secrets.s3.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: s3SecretKey - {{- end }} - - name: REGISTRY_STORAGE_S3_REGION - value: {{ required ".Values.s3.region is required" .Values.s3.region }} - {{- if .Values.s3.regionEndpoint }} - - name: REGISTRY_STORAGE_S3_REGIONENDPOINT - value: {{ .Values.s3.regionEndpoint }} - {{- end }} - - name: REGISTRY_STORAGE_S3_BUCKET - value: {{ required ".Values.s3.bucket is required" .Values.s3.bucket }} - {{- if .Values.s3.rootdirectory }} - - name: REGISTRY_STORAGE_S3_ROOTDIRECTORY - value: {{ .Values.s3.rootdirectory | quote }} - {{- end }} - {{- if .Values.s3.encrypt }} - - name: REGISTRY_STORAGE_S3_ENCRYPT - value: {{ .Values.s3.encrypt | quote }} - {{- end }} - {{- if .Values.s3.secure }} - - name: REGISTRY_STORAGE_S3_SECURE - value: {{ .Values.s3.secure | quote }} - {{- end }} -{{- else if eq .Values.storage "swift" }} - - name: REGISTRY_STORAGE_SWIFT_AUTHURL - value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} - - name: REGISTRY_STORAGE_SWIFT_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftUsername - - name: REGISTRY_STORAGE_SWIFT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "docker-registry.fullname" . }}-secret - key: swiftPassword - - name: REGISTRY_STORAGE_SWIFT_CONTAINER - value: {{ required ".Values.swift.container is required" .Values.swift.container }} -{{- end }} -{{- if .Values.proxy.enabled }} - - name: REGISTRY_PROXY_REMOTEURL - value: {{ required ".Values.proxy.remoteurl is required" .Values.proxy.remoteurl }} - - name: REGISTRY_PROXY_USERNAME - valueFrom: - secretKeyRef: - name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: proxyUsername - - name: REGISTRY_PROXY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.proxy.secretRef }}{{ .Values.proxy.secretRef }}{{ else }}{{ template "docker-registry.fullname" . }}-secret{{ end }} - key: proxyPassword -{{- end }} -{{- if .Values.persistence.deleteEnabled }} - - name: REGISTRY_STORAGE_DELETE_ENABLED - value: "true" -{{- end }} -{{- with .Values.extraEnvVars }} - {{- toYaml . | nindent 12 }} -{{- end }} - volumeMounts: -{{- if .Values.secrets.htpasswd }} - - name: auth - mountPath: /auth - readOnly: true -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - mountPath: /var/lib/registry/ -{{- end }} - - name: "{{ template "docker-registry.fullname" . }}-config" - mountPath: "/etc/docker/registry" -{{- if .Values.tlsSecretName }} - - mountPath: /etc/ssl/docker - name: tls-cert - readOnly: true -{{- end }} -{{- with .Values.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - volumes: -{{- if .Values.secrets.htpasswd }} - - name: auth - secret: - secretName: {{ template "docker-registry.fullname" . }}-secret - items: - - key: htpasswd - path: htpasswd -{{- end }} -{{- if eq .Values.storage "filesystem" }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "docker-registry.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end -}} -{{- end }} - - name: {{ template "docker-registry.fullname" . }}-config - configMap: - name: {{ template "docker-registry.fullname" . }}-config -{{- if .Values.tlsSecretName }} - - name: tls-cert - secret: - secretName: {{ .Values.tlsSecretName }} -{{- end }} -{{- with .Values.extraVolumes }} - {{- toYaml . | nindent 8 }} -{{- end }} + resources: {{ toYaml .Values.resources | nindent 12 }} + env: {{ include "docker-registry.envs" . | nindent 12 }} + volumeMounts: {{ include "docker-registry.volumeMounts" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{ toYaml .Values.tolerations | nindent 8 }} + {{- end }} + volumes: {{ include "docker-registry.volumes" . | nindent 8 }}