Registry

This is a carefully sanitized first-pass draft from a sensitive note. The useful pattern is still there: test the registry with curl against /v2/, vary the host and scheme deliberately, confirm the image naming path, and validate that the backup and retention tasks around the same service are in place.

This draft is based on a real cluster note where I validated private image pulls in Kubernetes by creating a Docker registry secret, attaching it to a deployment, and testing the workload in a dedicated namespace.