apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry
  labels:
    app: registry
spec:
  selector:
    matchLabels:
      app: registry
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: registry
    spec:
      restartPolicy: OnFailure
      volumes:
        - name: config
          secret:
            secretName: registry-config
            items:
              - key: registry-config.yml
                path: config.yml
        - name: htpasswd
          secret:
            secretName: registry-creds
            items:
              - key: HTPASSWD
                path: htpasswd
      containers:
        - name: registry
          image: registry:2.7.1
          imagePullPolicy: Always
          ports:
            - name: registry
              containerPort: 5000
              protocol: TCP
          volumeMounts:
            - name: config
              mountPath: /etc/docker/registry
              readOnly: true
            - name: htpasswd
              mountPath: /auth
              readOnly: true