relyt0925/registry_configurator_ds_filled.yaml

## registry_configurator_ds_filled.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: registry-configurator
data:
  configure.sh: |
    #!/usr/bin/env bash
    set -x
    #NOTE: based off ubi-minimal can be changed
    microdnf install util-linux -y
    cp /scripts/ca.crt /ca-directory/ca.crt
    chmod 0644 /ca-directory/ca.crt
    nsenter -t 1 -m -u -i -n -p -- update-ca-certificates
    if ! grep "CUSTOMER_DNS_RESOVERS_ADDITION" /host-etc-systemd-dir/resolved.conf; then
      if ! [[ -f  /host-etc-systemd-dir/resolved.conf.initial ]]; then
        cp /host-etc-systemd-dir/resolved.conf /host-etc-systemd-dir/resolved.conf.initial
      fi
      cat /host-etc-systemd-dir/resolved.conf.initial /scripts/resolved.conf > /host-etc-systemd-dir/resolved.conf
    fi
    nsenter -t 1 -m -u -i -n -p -- systemctl restart systemd-resolved
    nsenter -t 1 -m -u -i -n -p -- systemctl restart containerd
  resolved.conf: |
    #CUSTOMER_DNS_RESOVERS_ADDITION
    [Resolve]
    DNS=172.21.0.10
    Domains=~docker-registry.default.svc.cluster.local
  ca.crt: |
    -----BEGIN CERTIFICATE-----
    MIIFmDCCA4CgAwIBAgIQU9C87nMpOIFKYpfvOHFHFDANBgkqhkiG9w0BAQsFADBm
    MQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3Vy
    aXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQ
    ZWFyIFgxMB4XDTE1MDYwNDExMDQzOFoXDTM1MDYwNDExMDQzOFowZjELMAkGA1UE
    BhMCVVMxMzAxBgNVBAoTKihTVEFHSU5HKSBJbnRlcm5ldCBTZWN1cml0eSBSZXNl
    YXJjaCBHcm91cDEiMCAGA1UEAxMZKFNUQUdJTkcpIFByZXRlbmQgUGVhciBYMTCC
    AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbagEdDTa1QgGBWSYkyMhsc
    ZXENOBaVRTMX1hceJENgsL0Ma49D3MilI4KS38mtkmdF6cPWnL++fgehT0FbRHZg
    jOEr8UAN4jH6omjrbTD++VZneTsMVaGamQmDdFl5g1gYaigkkmx8OiCO68a4QXg4
    wSyn6iDipKP8utsE+x1E28SA75HOYqpdrk4HGxuULvlr03wZGTIf/oRt2/c+dYmD
    oaJhge+GOrLAEQByO7+8+vzOwpNAPEx6LW+crEEZ7eBXih6VP19sTGy3yfqK5tPt
    TdXXCOQMKAp+gCj/VByhmIr+0iNDC540gtvV303WpcbwnkkLYC0Ft2cYUyHtkstO
    fRcRO+K2cZozoSwVPyB8/J9RpcRK3jgnX9lujfwA/pAbP0J2UPQFxmWFRQnFjaq6
    rkqbNEBgLy+kFL1NEsRbvFbKrRi5bYy2lNms2NJPZvdNQbT/2dBZKmJqxHkxCuOQ
    FjhJQNeO+Njm1Z1iATS/3rts2yZlqXKsxQUzN6vNbD8KnXRMEeOXUYvbV4lqfCf8
    mS14WEbSiMy87GB5S9ucSV1XUrlTG5UGcMSZOBcEUpisRPEmQWUOTWIoDQ5FOia/
    GI+Ki523r2ruEmbmG37EBSBXdxIdndqrjy+QVAmCebyDx9eVEGOIpn26bW5LKeru
    mJxa/CFBaKi4bRvmdJRLAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
    Af8EBTADAQH/MB0GA1UdDgQWBBS182Xy/rAKkh/7PH3zRKCsYyXDFDANBgkqhkiG
    9w0BAQsFAAOCAgEAncDZNytDbrrVe68UT6py1lfF2h6Tm2p8ro42i87WWyP2LK8Y
    nLHC0hvNfWeWmjZQYBQfGC5c7aQRezak+tHLdmrNKHkn5kn+9E9LCjCaEsyIIn2j
    qdHlAkepu/C3KnNtVx5tW07e5bvIjJScwkCDbP3akWQixPpRFAsnP+ULx7k0aO1x
    qAeaAhQ2rgo1F58hcflgqKTXnpPM02intVfiVVkX5GXpJjK5EoQtLceyGOrkxlM/
    sTPq4UrnypmsqSagWV3HcUlYtDinc+nukFk6eR4XkzXBbwKajl0YjztfrCIHOn5Q
    CJL6TERVDbM/aAPly8kJ1sWGLuvvWYzMYgLzDul//rUF10gEMWaXVZV51KpS9DY/
    5CunuvCXmEQJHo7kGcViT7sETn6Jz9KOhvYcXkJ7po6d93A/jy4GKPIPnsKKNEmR
    xUuXY4xRdh45tMJnLTUDdC9FIU0flTeO9/vNpVA8OPU1i14vCz+MU8KX1bV3GXm/
    fxlB7VBBjX9v5oUep0o/j68R/iDlCOM4VVfRa8gX6T2FU7fNdatvGro7uQzIvWof
    gN9WUwCbEMBy/YhBSrXycKA8crgGg3x1mIsopn88JKwmMBa68oS7EHM9w7C4y71M
    7DiA+/9Qdp9RBWJpTS9i/mDnJg1xvo8Xz49mrrgfmcAXTCJqXi24NatI3Oc=
    -----END CERTIFICATE-----
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: private-registry-configurator
  name: private-registry-configurator
spec:
  selector:
    matchLabels:
      app: private-registry-configurator
  template:
    metadata:
      labels:
        app: private-registry-configurator
    spec:
      tolerations:
        - operator: "Exists"
      hostPID: true
      initContainers:
        - name: configure-registry
          image: "registry.access.redhat.com/ubi8/ubi-minimal:8.3"
          command: ['/bin/bash', '-c', 'mkdir /cache && cp /scripts/configure.sh /cache && chmod +x /cache/configure.sh && /bin/bash /cache/configure.sh']
          securityContext:
            privileged: true
          volumeMounts:
            - mountPath: /scripts
              name: script-config
            - mountPath: /host-etc-systemd-dir
              name: etc-systemd-dir
            - mountPath: /ca-directory
              name: ca-directory
      containers:
        - name: pause
          image: registry.ng.bluemix.net/armada-master/pause:3.2
      volumes:
        - name: ca-directory
          hostPath:
            # directory location on host
            path: /usr/local/share/ca-certificates/docker-registry.default.svc.cluster.local
            type: DirectoryOrCreate
        - name: etc-systemd-dir
          hostPath:
            path: /etc/systemd
        - name: script-config
          configMap:
            name: registry-configurator
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: registry-configurator
	data:
	configure.sh: \|
	#!/usr/bin/env bash
	set -x
	#NOTE: based off ubi-minimal can be changed
	microdnf install util-linux -y
	cp /scripts/ca.crt /ca-directory/ca.crt
	chmod 0644 /ca-directory/ca.crt
	nsenter -t 1 -m -u -i -n -p -- update-ca-certificates
	if ! grep "CUSTOMER_DNS_RESOVERS_ADDITION" /host-etc-systemd-dir/resolved.conf; then
	if ! [[ -f /host-etc-systemd-dir/resolved.conf.initial ]]; then
	cp /host-etc-systemd-dir/resolved.conf /host-etc-systemd-dir/resolved.conf.initial
	fi
	cat /host-etc-systemd-dir/resolved.conf.initial /scripts/resolved.conf > /host-etc-systemd-dir/resolved.conf
	fi
	nsenter -t 1 -m -u -i -n -p -- systemctl restart systemd-resolved
	nsenter -t 1 -m -u -i -n -p -- systemctl restart containerd
	resolved.conf: \|
	#CUSTOMER_DNS_RESOVERS_ADDITION
	[Resolve]
	DNS=172.21.0.10
	Domains=~docker-registry.default.svc.cluster.local
	ca.crt: \|
	-----BEGIN CERTIFICATE-----
	MIIFmDCCA4CgAwIBAgIQU9C87nMpOIFKYpfvOHFHFDANBgkqhkiG9w0BAQsFADBm
	MQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3Vy
	aXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQ
	ZWFyIFgxMB4XDTE1MDYwNDExMDQzOFoXDTM1MDYwNDExMDQzOFowZjELMAkGA1UE
	BhMCVVMxMzAxBgNVBAoTKihTVEFHSU5HKSBJbnRlcm5ldCBTZWN1cml0eSBSZXNl
	YXJjaCBHcm91cDEiMCAGA1UEAxMZKFNUQUdJTkcpIFByZXRlbmQgUGVhciBYMTCC
	AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbagEdDTa1QgGBWSYkyMhsc
	ZXENOBaVRTMX1hceJENgsL0Ma49D3MilI4KS38mtkmdF6cPWnL++fgehT0FbRHZg
	jOEr8UAN4jH6omjrbTD++VZneTsMVaGamQmDdFl5g1gYaigkkmx8OiCO68a4QXg4
	wSyn6iDipKP8utsE+x1E28SA75HOYqpdrk4HGxuULvlr03wZGTIf/oRt2/c+dYmD
	oaJhge+GOrLAEQByO7+8+vzOwpNAPEx6LW+crEEZ7eBXih6VP19sTGy3yfqK5tPt
	TdXXCOQMKAp+gCj/VByhmIr+0iNDC540gtvV303WpcbwnkkLYC0Ft2cYUyHtkstO
	fRcRO+K2cZozoSwVPyB8/J9RpcRK3jgnX9lujfwA/pAbP0J2UPQFxmWFRQnFjaq6
	rkqbNEBgLy+kFL1NEsRbvFbKrRi5bYy2lNms2NJPZvdNQbT/2dBZKmJqxHkxCuOQ
	FjhJQNeO+Njm1Z1iATS/3rts2yZlqXKsxQUzN6vNbD8KnXRMEeOXUYvbV4lqfCf8
	mS14WEbSiMy87GB5S9ucSV1XUrlTG5UGcMSZOBcEUpisRPEmQWUOTWIoDQ5FOia/
	GI+Ki523r2ruEmbmG37EBSBXdxIdndqrjy+QVAmCebyDx9eVEGOIpn26bW5LKeru
	mJxa/CFBaKi4bRvmdJRLAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
	Af8EBTADAQH/MB0GA1UdDgQWBBS182Xy/rAKkh/7PH3zRKCsYyXDFDANBgkqhkiG
	9w0BAQsFAAOCAgEAncDZNytDbrrVe68UT6py1lfF2h6Tm2p8ro42i87WWyP2LK8Y
	nLHC0hvNfWeWmjZQYBQfGC5c7aQRezak+tHLdmrNKHkn5kn+9E9LCjCaEsyIIn2j
	qdHlAkepu/C3KnNtVx5tW07e5bvIjJScwkCDbP3akWQixPpRFAsnP+ULx7k0aO1x
	qAeaAhQ2rgo1F58hcflgqKTXnpPM02intVfiVVkX5GXpJjK5EoQtLceyGOrkxlM/
	sTPq4UrnypmsqSagWV3HcUlYtDinc+nukFk6eR4XkzXBbwKajl0YjztfrCIHOn5Q
	CJL6TERVDbM/aAPly8kJ1sWGLuvvWYzMYgLzDul//rUF10gEMWaXVZV51KpS9DY/
	5CunuvCXmEQJHo7kGcViT7sETn6Jz9KOhvYcXkJ7po6d93A/jy4GKPIPnsKKNEmR
	xUuXY4xRdh45tMJnLTUDdC9FIU0flTeO9/vNpVA8OPU1i14vCz+MU8KX1bV3GXm/
	fxlB7VBBjX9v5oUep0o/j68R/iDlCOM4VVfRa8gX6T2FU7fNdatvGro7uQzIvWof
	gN9WUwCbEMBy/YhBSrXycKA8crgGg3x1mIsopn88JKwmMBa68oS7EHM9w7C4y71M
	7DiA+/9Qdp9RBWJpTS9i/mDnJg1xvo8Xz49mrrgfmcAXTCJqXi24NatI3Oc=
	-----END CERTIFICATE-----
	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	labels:
	app: private-registry-configurator
	name: private-registry-configurator
	spec:
	selector:
	matchLabels:
	app: private-registry-configurator
	template:
	metadata:
	labels:
	app: private-registry-configurator
	spec:
	tolerations:
	- operator: "Exists"
	hostPID: true
	initContainers:
	- name: configure-registry
	image: "registry.access.redhat.com/ubi8/ubi-minimal:8.3"
	command: ['/bin/bash', '-c', 'mkdir /cache && cp /scripts/configure.sh /cache && chmod +x /cache/configure.sh && /bin/bash /cache/configure.sh']
	securityContext:
	privileged: true
	volumeMounts:
	- mountPath: /scripts
	name: script-config
	- mountPath: /host-etc-systemd-dir
	name: etc-systemd-dir
	- mountPath: /ca-directory
	name: ca-directory
	containers:
	- name: pause
	image: registry.ng.bluemix.net/armada-master/pause:3.2
	volumes:
	- name: ca-directory
	hostPath:
	# directory location on host
	path: /usr/local/share/ca-certificates/docker-registry.default.svc.cluster.local
	type: DirectoryOrCreate
	- name: etc-systemd-dir
	hostPath:
	path: /etc/systemd
	- name: script-config
	configMap:
	name: registry-configurator