registry_enabled: true
registry_publish: false
registry_default_values:
  service:
    type: ClusterIP
  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: "{{ external_ingress_class if registry_publish else internal_ingress_class }}"
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      cert-manager.io/acme-dns01-provider: "rfc2136"
      cert-manager.io/acme-challenge-type: "dns01"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    hosts:
      - registry.{{ domain }}
    tls:
     - secretName: registry.{{ domain }}-tls
       hosts:
         - registry.{{ domain }}
  persistence:
    enabled: true
    storageClass: "{{ registry_storage | default('nfs-hdd') }}"
    size: "{{ registry_size | default('15Gi') }}"
    accessMode: "{{ registry_storage_mode | default('ReadWriteMany') }}"

registry_readonly_ingress_definition: |
  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      cert-manager.io/acme-challenge-type: dns01
      cert-manager.io/acme-dns01-provider: rfc2136
      cert-manager.io/cluster-issuer: letsencrypt-prod
      kubernetes.io/ingress.class: "{{ external_ingress_class }}"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
      nginx.ingress.kubernetes.io/configuration-snippet: |-
        limit_except GET {
            deny all;
        }
    name: docker-registry-public
    namespace: "{{ registry_namespace | default(namespace) }}"
  spec:
    rules:
    - host: "{{ registry_readonly_ingress }}"
      http:
        paths:
        - backend:
            serviceName: docker-registry
            servicePort: 5000
          path: /
    tls:
    - hosts:
      - "{{ registry_readonly_ingress }}"
      secretName: "{{ registry_readonly_ingress }}-tls"