version: 0.1

log:
  level: info
  formatter: text
  fields:
    service: registry
    environment: provisioning

storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
  maintenance:
    uploadpurging:
      enabled: true
      age: 168h
      interval: 24h
      dryrun: false
    readonly:
      enabled: false

http:
  addr: :5000
  host: https://registry.provisioning.local
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['*']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
  tls:
    certificate: /etc/docker/registry/certs/cert.pem
    key: /etc/docker/registry/certs/key.pem
    clientcas:
      - /etc/docker/registry/certs/ca.pem
  http2:
    disabled: false
  debug:
    addr: :5001
    prometheus:
      enabled: true
      path: /metrics

auth:
  htpasswd:
    realm: Registry Realm
    path: /etc/docker/registry/htpasswd

middleware:
  registry:
    - name: cloudfront
      disabled: true
  repository:
    - name: cloudfront
      disabled: true
  storage:
    - name: cloudfront
      disabled: true

health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

notifications:
  endpoints:
    - name: provisioning-webhook
      disabled: false
      url: http://orchestrator:8080/registry/events
      timeout: 5s
      threshold: 5
      backoff: 1s
      headers:
        Authorization: [Bearer provisioning-token]

redis:
  addr: localhost:6379
  password: ""
  db: 0
  dialtimeout: 10ms
  readtimeout: 10ms
  writetimeout: 10ms
  pool:
    maxidle: 16
    maxactive: 64
    idletimeout: 300s

validation:
  enabled: true
  manifests:
    urls:
      allow:
        - ^https?://
      deny:
        - ^https?://localhost/