apiVersion: apps/v1 kind: Deployment metadata: name: local-registry namespace: container-registry labels: app: local-registry spec: replicas: 1 selector: matchLabels: app: local-registry template: metadata: labels: app: local-registry spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - debian securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch containers: - name: registry image: registry:2 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL ports: - containerPort: 5000 name: http readinessProbe: httpGet: path: /v2/ port: http initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /v2/ port: http initialDelaySeconds: 30 periodSeconds: 30 resources: requests: cpu: 50m memory: 64Mi limits: memory: 256Mi volumeMounts: - name: registry-vol mountPath: /var/lib/registry - name: tmp mountPath: /tmp volumes: - name: registry-vol persistentVolumeClaim: claimName: registry-pvc - name: tmp emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: local-registry-svc namespace: container-registry spec: type: NodePort ports: - port: 5000 targetPort: 5000 nodePort: 30500 selector: app: local-registry