# services/zot/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: zot namespace: zot labels: { app: zot } spec: replicas: 1 selector: matchLabels: { app: zot } template: metadata: labels: { app: zot } spec: nodeSelector: node-role.kubernetes.io/worker: "true" affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: ["rpi4","rpi5"] preferredDuringSchedulingIgnoredDuringExecution: - weight: 50 preference: matchExpressions: - key: hardware operator: In values: ["rpi4"] containers: - name: zot image: ghcr.io/project-zot/zot-linux-arm64:v2.1.8 imagePullPolicy: IfNotPresent args: ["serve", "/etc/zot/config.json"] env: - name: UI_PROXY_HTPASSWD value: "zot-ui-proxy:$2y$05$ctfbLo5KBoNA6pluLGGWde6TK8eOPnIH9u8x/IivAhcE/k0qCCR3y" ports: - { name: http, containerPort: 5000 } volumeMounts: - name: cfg mountPath: /etc/zot/config.json subPath: config.json readOnly: true - name: htpasswd mountPath: /etc/zot/htpasswd subPath: htpasswd - name: zot-data mountPath: /var/lib/registry readinessProbe: tcpSocket: port: 5000 initialDelaySeconds: 2 periodSeconds: 5 livenessProbe: tcpSocket: port: 5000 initialDelaySeconds: 5 periodSeconds: 10 resources: requests: { cpu: "50m", memory: "64Mi" } initContainers: - name: merge-htpasswd image: busybox:1.36 command: - sh - -c - | set -e if [ -f /src/htpasswd ]; then cp /src/htpasswd /merged/htpasswd else touch /merged/htpasswd fi if [ -n "${UI_PROXY_HTPASSWD}" ]; then echo "${UI_PROXY_HTPASSWD}" >> /merged/htpasswd fi env: - name: UI_PROXY_HTPASSWD value: "zot-ui-proxy:$2y$05$ctfbLo5KBoNA6pluLGGWde6TK8eOPnIH9u8x/IivAhcE/k0qCCR3y" volumeMounts: - name: htpasswd-source mountPath: /src readOnly: true - name: htpasswd mountPath: /merged volumes: - name: cfg configMap: name: zot-config - name: htpasswd-source secret: secretName: zot-htpasswd optional: true - name: htpasswd emptyDir: {} - name: zot-data persistentVolumeClaim: claimName: zot-data