From b5216592e2f2f407f1bc1b446865b5c727537845 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Fri, 30 Oct 2020 10:41:39 +0100
Subject: [PATCH] ci: deploy a private container image registry

With a private container image registry, the images that CI jobs use can
be cached and re-used. This speeds up the CI jobs, as building the
container images takes up the majority of the runtime for some jobs.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 deploy/container-registry.yaml | 100 +++++++++++++++++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 deploy/container-registry.yaml

diff --git a/deploy/container-registry.yaml b/deploy/container-registry.yaml
new file mode 100644
index 000000000..f0c8f8cce
--- /dev/null
+++ b/deploy/container-registry.yaml
@@ -0,0 +1,100 @@
+#
+#
+# Also requires linking the pushSecret to the builder Service Account:
+#   $ oc secrets link builder container-registry-auth
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: container-registry-auth
+  labels:
+    app: container-registry
+stringData:
+  username: "@@USERNAME@@"
+  password: "@@RANDOM_STRING@@"
+  # contents created with:
+  #   $ htpasswd -Bbn $USER $PASSWD
+  htpasswd: |-
+    "@@REPLACE_WITH_OUTPUT_OF_HTPASSWD_CMD@@"
+  # contents created with:
+  #   $ podman login -u $USER -p $PASSWD --authfile=config.json $URL
+  config.json: |-
+    {
+      "auths": {
+        "registry-ceph-csi.apps.ocp.ci.centos.org": {
+          "auth": "@@SOME_B64ENCODED_STRING@@"
+        }
+      }
+    }
+---
+kind: DeploymentConfig
+apiVersion: apps.openshift.io/v1
+metadata:
+  name: container-registry
+  labels:
+    app: container-registry
+spec:
+  triggers:
+    - type: ConfigChange
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        name: container-registry
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: docker-registry
+          image: docker.io/library/registry:2
+          volumeMounts:
+            - name: container-images
+              mountPath: /var/lib/registry
+            - name: htpasswd
+              mountPath: /auth
+          env:
+            - name: REGISTRY_AUTH
+              value: htpasswd
+            - name: REGISTRY_AUTH_HTPASSWD_REALM
+              value: Ceph-CSI CI Container Registry
+            - name: REGISTRY_AUTH_HTPASSWD_PATH
+              value: /auth/htpasswd
+      volumes:
+        - name: container-images
+          persistentVolumeClaim:
+            claimName: ceph-csi-image-registry
+        - name: htpasswd
+          secret:
+            secretName: container-registry-auth
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: container-registry
+  labels:
+    app: container-registry
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5000
+      protocol: TCP
+      targetPort: 5000
+  selector:
+    name: container-registry
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: registry
+  labels:
+    app: container-registry
+spec:
+  port:
+    targetPort: 5000
+  tls:
+    insecureEdgeTerminationPolicy: Allow
+    termination: edge
+  to:
+    kind: Service
+    name: container-registry
+    weight: 100
+  wildcardPolicy: None