image:
  repository: ghcr.io/project-zot/zot
  tag: v2.1.3-rc4

ingress:
  enabled: true
  className: traefik
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.allow-http: "false"
    cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
  pathtype: Prefix
  hosts:
    - host: {{ .Values.registry }}
      paths:
        - path: /
  tls:
    - secretName: {{ .Values.registry }}
      hosts:
        - {{ .Values.registry }}
service:
  type: ClusterIP
persistence: true
pvc:
  create: true
  lavels:
    velero.io/exclude-from-backup: true
mountConfig: true
mountSecret: true
configFiles:
  config.json: |-
    {
      "distSpecVersion": "1.1.1",
      "storage": {
        "dedupe": true,
        "gc": true,
        "rootDirectory": "/var/lib/registry",
        "retention": {
          "dryRun": false,
          "delay": "24h",
          "policies": [
            {
              "repositories": [
                "**"
              ],
              "deleteReferrers": false,
              "deleteUntagged": true,
              "keepTags": [
                {
                  "mostRecentlyPulledCount": 2
                }
              ]
            }
          ]
        }
      },
      "http": {
        "address": "0.0.0.0",
        "port": "5000",
        "externalUrl": "https://{{ .Values.registry }}",
        "auth": {
          "htpasswd": {
            "path": "/secret/htpasswd"
          }
        },
        "accessControl": {
          "metrics": {
            "users": [
              "admin"
            ]
          },
          "repositories": {
            "**": {
              "anonymousPolicy": [],
              "policies": [
                {
                  "users": [
                    "mirror_user",
                    "overlord"
                  ],
                  "actions": [
                    "read",
                    "create",
                    "update",
                    "delete"
                  ]
                }
              ]
            }
          }
        }
      },
      "log": {
        "level": "info"
      },
      "extensions": {
        "scrub": {
          "enable": true
        },
        "metrics": {
          "enable": true,
          "prometheus": {
            "path": "/metrics"
          }
        },
        "mgmt": {
          "enable": false
        },
        "sync": {
          "enable": true,
          "registries": [
            {
              "urls": [
                "https://docker.io/library",
                "https://docker.io"
              ],
              "content": [
                {
                  "prefix": "**",
                  "destination": "/dockerhub"
                }
              ],
              "onDemand": true,
              "tlsVerify": true
            },
            {
              "urls": [
                "https://registry.k8s.io"
              ],
              "content": [
                {
                  "prefix": "**",
                  "destination": "/k8s"
                }
              ],
              "onDemand": true,
              "tlsVerify": true
            },
            {
              "urls": [
                "https://quay.io"
              ],
              "content": [
                {
                  "prefix": "**",
                  "destination": "/quay"
                }
              ],
              "onDemand": true,
              "tlsVerify": true
            }
          ]
        }
      }
    }

secretFiles:
  htpasswd: |-
    overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
    mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi