summary: "Docker Registry"
maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
inherit: base-0k
description: |
    Docker Registry

docker-image: docker.0k.io/registry:2.0
data-resources:
  - /var/lib/docker-registry

default-options:
  # log:
  #   accesslog:
  #     disabled: true
  #   level: debug
  #   formatter: text
  #   fields:
  #     service: registry
  #     environment: staging
  #   hooks:
  #     - type: mail
  #       disabled: true
  #       levels:
  #         - panic
  #       options:
  #         smtp:
  #           addr: mail.example.com:25
  #           username: mailuser
  #           password: password
  #           insecure: true
  #         from: sender@example.com
  #         to:
  #           - errors@example.com
  # notifications:
  #   endpoints:
  #     - name: alistener
  #       disabled: false
  #       url: https://my.listener.com/event
  #       headers: <http.Header>
  #       timeout: 500
  #       threshold: 5
  #       backoff: 1000
  #       ignoredmediatypes:
  #         - application/octet-stream

  # health:
  #   storagedriver:
  #     enabled: true
  #     interval: 10s
  #     threshold: 3
  #   file:
  #     - file: /path/to/checked/file
  #       interval: 10s
  #   http:
  #     - uri: http://server.to.check/must/return/200
  #       headers:
  #         Authorization: [Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==]
  #       statuscode: 200
  #       timeout: 3s
  #       interval: 10s
  #       threshold: 3
  #   tcp:
  #     - addr: redis-server.domain.com:6379
  #       timeout: 3s
  #       interval: 10s
  #       threshold: 3

  # proxy:
  #   remoteurl: https://registry-1.docker.io
  #   username: [username]
  #   password: [password]
  # compatibility:
  #   schema1:
  #     signingkeyfile: /etc/registry/key.json
  # validation:
  #   enabled: true
  #   manifests:
  #     urls:
  #       allow:
  #         - ^https?://([^/]+\.)*example\.com/
  #       deny:
  #         - ^https?://www\.example\.com/

uses:
  registry-auth:
    #constraint: required | recommended | optional
    constraint: recommended
    solves:
      unmanaged-auth: "Authentication is not managed"

  web-proxy:
    #constraint: required | recommended | optional
    constraint: recommended
    solves:
      proxy: "Public access"