diff --git a/docker-distribution/README.md b/docker-distribution/README.md
new file mode 100644
index 0000000..cad10f1
--- /dev/null
+++ b/docker-distribution/README.md
@@ -0,0 +1,20 @@
+# Docker Distribution
+
+[Distribution][0] is the name of the official OCI image registry, originally
+published by Docker, Inc.  It provides a lightweight, albeit rather barebones,
+container image hosting platform.
+
+The registry itself only provides an HTTP API.  The third-party
+[docker-registry-ui][1] project provides a nice browser-based GUI for it.
+
+[0]: https://github.com/distribution/distribution
+[1]: https://joxit.dev/docker-registry-ui/
+
+
+## Installation
+
+Apply the manifest:
+
+```sh
+kubectl apply -f docker-distribution.yaml
+```
diff --git a/docker-distribution/docker-distribution.yaml b/docker-distribution/docker-distribution.yaml
new file mode 100644
index 0000000..72c084c
--- /dev/null
+++ b/docker-distribution/docker-distribution.yaml
@@ -0,0 +1,159 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: docker-distribution-pvc
+spec:
+  accessModes:
+  - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 2Gi
+
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app.kubernetes.io/component: registry
+    app.kubernetes.io/name: docker-distribution
+    app.kubernetes.io/instance: docker-distribution
+    app.kubernetes.io/part-of: docker-distribution
+  name: docker-distribution
+spec:
+  serviceName: docker-distribution
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: registry
+      app.kubernetes.io/name: docker-distribution
+      app.kubernetes.io/instance: docker-distribution
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: registry
+        app.kubernetes.io/name: docker-distribution
+        app.kubernetes.io/instance: docker-distribution
+    spec:
+      containers:
+      - image: docker.io/registry:2
+        imagePullPolicy: IfNotPresent
+        name: registry
+        ports:
+        - containerPort: 5000
+          name: http
+          protocol: TCP
+        readinessProbe: &probe
+          failureThreshold: 3
+          httpGet:
+            path: /v2/
+            port: 5000
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        livenessProbe: *probe
+        env:
+        - name: REGISTRY_STORAGE_DELETE_ENABLED
+          value: 'true'
+        volumeMounts:
+        - mountPath: /var/lib/registry
+          name: docker-registry
+      - image: joxit/docker-registry-ui:latest
+        imagePullPolicy: IfNotPresent
+        name: registry-ui
+        ports:
+        - containerPort: 80
+          name: http-ui
+        env:
+        - name: REGISTRY_URL
+          value: https://registry.pyrocufflink.blue/
+        - name: SINGLE_REGISTRY
+          value: 'true'
+        - name: DELETE_IMAGES
+          value: 'true'
+      volumes:
+      - name: docker-registry
+        persistentVolumeClaim:
+          claimName: docker-distribution-pvc
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: registry
+    app.kubernetes.io/instance: docker-distribution
+    app.kubernetes.io/name: docker-distribution
+    app.kubernetes.io/part-of: docker-distribution
+  name: docker-distribution
+spec:
+  ports:
+  - port: 5000
+    protocol: TCP
+    targetPort: 5000
+  selector:
+    app.kubernetes.io/component: registry
+    app.kubernetes.io/instance: docker-distribution
+    app.kubernetes.io/name: docker-distribution
+  sessionAffinity: None
+  type: ClusterIP
+status:
+  loadBalancer: {}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: registry
+    app.kubernetes.io/instance: docker-distribution
+    app.kubernetes.io/name: docker-distribution
+    app.kubernetes.io/part-of: docker-distribution
+  name: registry-ui
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app.kubernetes.io/component: registry
+    app.kubernetes.io/instance: docker-distribution
+    app.kubernetes.io/name: docker-distribution
+  sessionAffinity: None
+  type: ClusterIP
+status:
+  loadBalancer: {}
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: docker-distribution
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: '0'
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - registry.pyrocufflink.blue
+    secretName: pyrocufflink-cert
+  rules:
+  - host: registry.pyrocufflink.blue
+    http:
+      paths:
+      - path: /ui(.*)?
+        pathType: Prefix
+        backend:
+          service:
+            name: registry-ui
+            port:
+              number: 8080
+      - path: /(.*)?
+        pathType: Prefix
+        backend:
+          service:
+            name: docker-distribution
+            port:
+              number: 5000