public-registry.nomad (1602B)
1 job "public-registry" { 2 datacenters = ["dc1"] 3 type = "service" 4 priority = 85 5 6 group "server" { 7 count = 5 8 9 volume "registry-data" { 10 type = "csi" 11 source = "registry" 12 access_mode = "multi-node-multi-writer" 13 attachment_mode = "file-system" 14 } 15 volume "tls" { 16 type = "csi" 17 source = "certbot" 18 access_mode = "multi-node-multi-writer" 19 attachment_mode = "file-system" 20 } 21 22 network { 23 port "https" { 24 to = 5000 25 static = 5050 26 } 27 } 28 29 task "registry" { 30 driver = "podman" 31 32 volume_mount { 33 volume = "registry-data" 34 destination = "/var/lib/registry" 35 } 36 volume_mount { 37 volume = "tls" 38 destination = "/etc/letsencrypt" 39 } 40 41 vault { 42 policies = ["public-registry"] 43 change_mode = "noop" 44 } 45 46 template { 47 destination = "${NOMAD_SECRETS_DIR}/htpasswd" 48 # https://www.nomadproject.io/docs/job-specification/template#vault-kv-api-v2 49 data = "{{ with secret \"kv/registry\" }}{{ .Data.data.htpasswd }}{{end}}" 50 } 51 52 template { 53 destination = "${NOMAD_TASK_DIR}/config.yml" 54 data = file("./templates/config.yml.tmpl") 55 } 56 57 config { 58 image = "registry:latest" 59 force_pull = true 60 ports = ["https"] 61 volumes = [ 62 # mount the templated config from the task directory to the container 63 "local/config.yml:/etc/docker/registry/config.yml", 64 ] 65 } 66 67 resources { 68 memory = 64 69 cpu = 100 70 } 71 } 72 } 73 }