feat: add container registry and mini ca (#3,#4)

ublue-os · Apr 27, 2023 · 0714214 · 0714214
1 parent d5d03e7
commit 0714214
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 0 deletions.
diff --git a/forge-pod.yml b/forge-pod.yml
@@ -0,0 +1,38 @@
+# uBlue-OS forge podman deployment
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ublue-os_forge
+spec:
+  restartPolicy: Always
+  volumes:
+    - name: ublue-os_forge-minica-pvc
+      persistentVolumeClaim:
+        claimName: ublue-os_forge-minica
+    - name: ublue-os_forge-registry-pvc
+      persistentVolumeClaim:
+        claimName: ublue-os_forge-registry
+  containers:
+    - name: registry.ublue.local
+      image: registry
+      resources:
+        limits:
+          memory: 512Mi
+          cpu: 200m
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc
+          subPath: _.ublue.local
+        - mountPath: /var/lib/registry
+          name: ublue-os_forge-registry-pvc
+      ports:
+        - containerPort: 5000
+          hostPort: 9001
+          protocol: TCP
+  initContainers:
+    - name: minica.ublue.local
+      image: minica
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc
diff --git a/minica/Containerfile b/minica/Containerfile
@@ -0,0 +1,10 @@
+# Source Image
+FROM docker.io/library/golang:1.20
+
+# Install minica
+RUN go install github.com/jsha/minica@latest
+
+# Generate wildcard certificate
+WORKDIR /certs
+RUN minica --domains "*.ublue.local,ublue.local,localhost" \
+    --ip-addresses 127.0.0.1
diff --git a/registry/Containerfile b/registry/Containerfile
@@ -0,0 +1,6 @@
+# Source Image
+FROM docker.io/library/registry:2.8
+
+# Configure TLS certificates
+ENV REGISTRY_HTTP_TLS_CERTIFICATE="/certs/cert.pem"
+ENV REGISTRY_HTTP_TLS_KEY="/certs/key.pem"