From 07142142477372db49d1e30bc2e808a8a22c3af1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20L=C3=BCscher?= <stephan.luescher@mykolab.com>
Date: Thu, 27 Apr 2023 17:20:18 +0000
Subject: [PATCH] feat: add container registry and mini ca (#3,#4)

---
 forge-pod.yml          | 38 ++++++++++++++++++++++++++++++++++++++
 minica/Containerfile   | 10 ++++++++++
 registry/Containerfile |  6 ++++++
 3 files changed, 54 insertions(+)
 create mode 100644 forge-pod.yml
 create mode 100644 minica/Containerfile
 create mode 100644 registry/Containerfile

diff --git a/forge-pod.yml b/forge-pod.yml
new file mode 100644
index 0000000..145f9e8
--- /dev/null
+++ b/forge-pod.yml
@@ -0,0 +1,38 @@
+# uBlue-OS forge podman deployment
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ublue-os_forge
+spec:
+  restartPolicy: Always
+  volumes:
+    - name: ublue-os_forge-minica-pvc
+      persistentVolumeClaim:
+        claimName: ublue-os_forge-minica
+    - name: ublue-os_forge-registry-pvc
+      persistentVolumeClaim:
+        claimName: ublue-os_forge-registry
+  containers:
+    - name: registry.ublue.local
+      image: registry
+      resources:
+        limits:
+          memory: 512Mi
+          cpu: 200m
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc
+          subPath: _.ublue.local
+        - mountPath: /var/lib/registry
+          name: ublue-os_forge-registry-pvc
+      ports:
+        - containerPort: 5000
+          hostPort: 9001
+          protocol: TCP
+  initContainers:
+    - name: minica.ublue.local
+      image: minica
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc
diff --git a/minica/Containerfile b/minica/Containerfile
new file mode 100644
index 0000000..ef38695
--- /dev/null
+++ b/minica/Containerfile
@@ -0,0 +1,10 @@
+# Source Image
+FROM docker.io/library/golang:1.20
+
+# Install minica
+RUN go install github.com/jsha/minica@latest
+
+# Generate wildcard certificate
+WORKDIR /certs
+RUN minica --domains "*.ublue.local,ublue.local,localhost" \
+    --ip-addresses 127.0.0.1
diff --git a/registry/Containerfile b/registry/Containerfile
new file mode 100644
index 0000000..70d4074
--- /dev/null
+++ b/registry/Containerfile
@@ -0,0 +1,6 @@
+# Source Image
+FROM docker.io/library/registry:2.8
+
+# Configure TLS certificates
+ENV REGISTRY_HTTP_TLS_CERTIFICATE="/certs/cert.pem"
+ENV REGISTRY_HTTP_TLS_KEY="/certs/key.pem"