feat(docker-registry): add registry

apps/docker-registry/overlays/system/config.json

@@ -0,0 +1,11 @@
+{
+  "appName": "docker-registry",
+  "userGivenName": "docker-registry",
+  "destNamespace": "gitops",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "apps/docker-registry/overlays/system",
+  "srcRepoURL": "ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

apps/docker-registry/overlays/system/deployment.patch.yaml

@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: docker-registry
+spec:
+  template:
+    metadata:
+      annotations:
+        updated-at/secret: 2024-10-16T15:23-04:00
+

apps/docker-registry/overlays/system/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+
+generators:
+  - ./secret-generator.yaml
+
+patches:
+  - path: ./deployment.patch.yaml

apps/docker-registry/overlays/system/secret-generator.yaml

@@ -0,0 +1,15 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  # Specify a name
+  name: example-secret-generator
+  annotations:
+    config.kubernetes.io/function: |
+        exec:
+          # if the binary is in your PATH, you can do
+          path: ksops
+          # otherwise, path should be relative to manifest files, like
+          # path: ../../../ksops
+files:
+  - ./secret.enc.yaml
+

apps/docker-registry/overlays/system/secret.enc.yaml

@@ -0,0 +1,39 @@
+# htpasswd is what our docker client uses to authenticate
+# haSharedSecret, I _think_ is used internally by the registry
+# proxyUsername and proxyPassword are used to pull from the upstream registry
+apiVersion: v1
+kind: Secret
+metadata:
+    name: docker-registry-secret
+    namespace: gitops
+    labels:
+        app: docker-registry
+        chart: docker-registry-2.2.3
+        heritage: Helm
+        release: docker-registry
+type: Opaque
+data:
+    htpasswd: ENC[AES256_GCM,data:5h7uURIfPb0rhgFkVtyAPaxvWdQme+XO658zokdFo/MW63ums/ZPfM1ZGNstxX9Vu9u+0xaEUShl3Nx40ZC1R0zIrxZiBkUVqP4wHn1cWMuENGAyuXx4ZA==,iv:gahLRzdg00DjgA1TjPWsP7Gl2L4pROdoUojS6FW0P7M=,tag:0fG1LgSXpslaU9Hpq65Zxw==,type:str]
+    haSharedSecret: ENC[AES256_GCM,data:7T1G6Mn6ZDl+zPWcgUHyWtu0YLQ7xTu0,iv:ppzjJfrkjQ6HqoODQzalkhHYCkBJWrjpu9h6GAl8T3I=,tag:3QEuf5MkTsvF7gMHfnby9A==,type:str]
+    proxyUsername: ""
+    proxyPassword: ""
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWkxRSmtSQjhMdFJsUVVQ
+            ck5PTW5rUnNPZEZMZWRDWlFBdjhqOTRmbVZJClJqSkVudWpuUFUyT3VEMXhwTVIv
+            WFM5RUxMSXVkdGlKdG9MSEtTVkZHalUKLS0tIE5UWWIzamMrQ004cktwL01TYU5j
+            R0d6SEpsWmMvOW4yWEVpZ1JWZWNaMEEKkZQF0LdmNb7gLPHpcNO69JmvgM9eOsE7
+            /j3vwbU4GcYzyl9BDW9g7JldKxHSiFAH4CUHye9dQo2cKV2pQy00DQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-16T19:27:14Z"
+    mac: ENC[AES256_GCM,data:Wsiav/1E4LxZEDFJ4J4P0q4IIcaXb/dzTfLVqi5hbIak8mIWWi6dcmB9jCJ6uKwHlQtQ35FtnZyugdcOGrnC/qgAc6Y0cU/wq942rZgQmNuNmeQb+1npE1j7pAWu8Ws57ge/hepDuWRhQgb/+1mqBJRAWPoAl2RpoopTFFyW1U8=,iv:7VeiEu7ovC0I8Te7aZrFt+t4mgsaEOJXhH5rFYG+RDw=,tag:7SdU45JfGirXW+/k65s5vg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.1