replicaCount: 1

image:
  repository: ghcr.io/project-zot/zot
  pullPolicy: IfNotPresent
  # multi-arch image, no override needed for arm64

service:
  type: ClusterIP
  port: 5000

ingress:
  enabled: true
  className: traefik
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
  pathtype: Prefix
  hosts:
    - host: zot.immich-ad.ovh
      paths:
        - path: /
  tls:
    - secretName: zot-tls
      hosts:
        - zot.immich-ad.ovh

# Mount the config.json into /etc/zot
mountConfig: true
configFiles:
  config.json: |-
    {
      "storage": { "rootDirectory": "/var/lib/registry" },
      "log": { "level": "info" },
      "extensions": {"search": {"enable": true}, "ui": {"enable": true}},
      "http": {
        "address": "0.0.0.0",
        "port": "5000",
        "auth": {
        "htpasswd": {
            "path": "/secret/htpasswd"
          }
        },
        "accessControl": {
          "repositories": {
            "**": {
              "anonymousPolicy": [],
              "defaultPolicy": []
            }
          },
          "adminPolicy": {
            "users": ["admin"],
            "actions": ["read", "create", "update", "delete"]
          }
        }
      }
    }
mountSecret: true
secretFiles:
  htpasswd: |
    admin:$2y$10$1w7mXxSIKGV7dAyqy9TgAeZINEizxuA9ln.Pi6esu7olUV7Kw9ffO
persistence: true
pvc:
  create: true
  name: data          # PVC will be named: data-zot-zot-0
  accessModes: ["ReadWriteOnce"]
  storage: 20Gi
  storageClassName: local-storage

# local-storage does not support live migration — Recreate avoids attach conflicts
strategy:
  type: Recreate