registry: add ingress support (#8311)

roles/kubernetes-apps/registry/defaults/main.yml

@@ -41,3 +41,8 @@ registry_config:
       enabled: true
       interval: 10s
       threshold: 3
+
+registry_ingress_annotations: {}
+registry_ingress_host: ""
+# name of kubernetes secret for registry ingress TLS certs
+registry_ingress_tls_secret: ""

roles/kubernetes-apps/registry/tasks/main.yml

@@ -59,6 +59,13 @@
     - podsecuritypolicy_enabled
     - registry_namespace != "kube-system"
 
+- name: Registry | Append nginx ingress templates to Registry Templates list when ingress enabled
+  set_fact:
+    registry_templates: "{{ registry_templates + [item] }}"
+  with_items:
+    - [{ name: registry-ing, file: registry-ing.yml, type: ing }]
+  when: ingress_nginx_enabled == true or ingress_alb_enabled == true
+
 - name: Registry | Create manifests
   template:
     src: "{{ item.file }}.j2"

roles/kubernetes-apps/registry/templates/registry-ing.yml.j2

@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: registry
+  namespace: {{ registry_namespace }}
+{% if registry_ingress_annotations %}
+  annotations:
+    {{ registry_ingress_annotations | to_nice_yaml(indent=2, width=1337) | indent(width=4) }}
+{% endif %}
+spec:
+{% if registry_ingress_tls_secret %}
+  tls:
+  - hosts:
+      - {{ registry_ingress_host }}
+    secretName: {{ registry_ingress_tls_secret }}
+{% endif %}
+  rules:
+  - host: {{ registry_ingress_host }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: registry
+            port:
+              number: {{ registry_port }}