feat: add registry addon (#1116)

**What problem does this PR solve?**:
This PR adds a new addon `registryMirror` that deploys
https://github.com/distribution/distribution as a StatefulSet
and a [sidecar container to sync
images](https://github.com/regclient/regclient/blob/main/docs/regsync.md)
across instances.
 
```
$ kubectl get pods -n registry-system 
NAME                                           READY   STATUS    RESTARTS   AGE
cncf-distribution-registry-docker-registry-0   2/2     Running   0          2m13s
cncf-distribution-registry-docker-registry-1   2/2     Running   0          8s

```
 
This addon is designed to only be a mirror and not used a regular
registry, hence the name and the lack of external access to the Service.
In a follow up PR, the in-cluster Service will be used a Containerd
mirror.
In a follow up PR, it will also be deployed with randomly generated
credentials to further prevent direct use.
 
**Which issue(s) this PR fixes**:
Fixes #

**How Has This Been Tested?**:
<!--
Please describe the tests that you ran to verify your changes.
Provide output from the tests and any manual steps needed to replicate
the tests.
-->

**Special notes for your reviewer**:
<!--
Use this to provide any additional information to the reviewers.
This may include:
- Best way to review the PR.
- Where the author wants the most review attention on.
- etc.
-->

Author: dkoshkin

api/v1alpha1/addon_types.go

@@ -27,6 +27,8 @@ const (
 
 	ServiceLoadBalancerProviderMetalLB = "MetalLB"
 
+	RegistryProviderCNCFDistribution = "CNCF Distribution"
+
 	AddonStrategyClusterResourceSet AddonStrategy = "ClusterResourceSet"
 	AddonStrategyHelmAddon          AddonStrategy = "HelmAddon"
 
@@ -100,6 +102,9 @@ type GenericAddons struct {
 
 	// +kubebuilder:validation:Optional
 	ServiceLoadBalancer *ServiceLoadBalancer `json:"serviceLoadBalancer,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	Registry *RegistryAddon `json:"registry,omitempty"`
 }
 
 type AddonStrategy string
@@ -335,3 +340,10 @@ type AddressRange struct {
 	// +kubebuilder:validation:Format=ipv4
 	End string `json:"end"`
 }
+
+type RegistryAddon struct {
+	// The OCI registry provider to deploy.
+	// +kubebuilder:default="CNCF Distribution"
+	// +kubebuilder:validation:Enum="CNCF Distribution"
+	Provider string `json:"provider"`
+}

api/v1alpha1/constants.go

@@ -28,6 +28,8 @@ const (
 	ClusterAutoscalerVariableName = "clusterAutoscaler"
 	// ServiceLoadBalancerVariableName is the Service LoadBalancer config patch variable name.
 	ServiceLoadBalancerVariableName = "serviceLoadBalancer"
+	// RegistryAddonVariableName is the OCI registry config patch variable name.
+	RegistryAddonVariableName = "registry"
 
 	// GlobalMirrorVariableName is the global image registry mirror patch variable name.
 	GlobalMirrorVariableName = "globalImageRegistryMirror"

api/v1alpha1/crds/caren.nutanix.com_awsclusterconfigs.yaml

@@ -234,6 +234,17 @@ spec:
                             - HelmAddon
                           type: string
                       type: object
+                    registry:
+                      properties:
+                        provider:
+                          default: CNCF Distribution
+                          description: The OCI registry provider to deploy.
+                          enum:
+                            - CNCF Distribution
+                          type: string
+                      required:
+                        - provider
+                      type: object
                     serviceLoadBalancer:
                       properties:
                         configuration:

api/v1alpha1/crds/caren.nutanix.com_dockerclusterconfigs.yaml

@@ -243,6 +243,17 @@ spec:
                             - HelmAddon
                           type: string
                       type: object
+                    registry:
+                      properties:
+                        provider:
+                          default: CNCF Distribution
+                          description: The OCI registry provider to deploy.
+                          enum:
+                            - CNCF Distribution
+                          type: string
+                      required:
+                        - provider
+                      type: object
                     serviceLoadBalancer:
                       properties:
                         configuration:

api/v1alpha1/crds/caren.nutanix.com_nutanixclusterconfigs.yaml

@@ -243,6 +243,17 @@ spec:
                             - HelmAddon
                           type: string
                       type: object
+                    registry:
+                      properties:
+                        provider:
+                          default: CNCF Distribution
+                          description: The OCI registry provider to deploy.
+                          enum:
+                            - CNCF Distribution
+                          type: string
+                      required:
+                        - provider
+                      type: object
                     serviceLoadBalancer:
                       properties:
                         configuration:

api/v1alpha1/zz_generated.deepcopy.go

@@ -85,6 +85,8 @@ A Helm chart for cluster-api-runtime-extensions-nutanix
 | hooks.nfd.crsStrategy.defaultInstallationConfigMap.name | string | `"node-feature-discovery"` |  |
 | hooks.nfd.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.nfd.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-nfd-helm-values-template"` |  |
+| hooks.registry.cncfDistribution.defaultValueTemplateConfigMap.create | bool | `true` |  |
+| hooks.registry.cncfDistribution.defaultValueTemplateConfigMap.name | string | `"default-cncf-distribution-registry-helm-values-template"` |  |
 | hooks.serviceLoadBalancer.metalLB.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.serviceLoadBalancer.metalLB.defaultValueTemplateConfigMap.name | string | `"default-metallb-helm-values-template"` |  |
 | hooks.virtualIP.kubeVip.defaultTemplateConfigMap.create | bool | `true` |  |

charts/cluster-api-runtime-extensions-nutanix/README.md

@@ -0,0 +1,12 @@
+replicaCount: 2
+persistence:
+  enabled: true
+  size: 50Gi
+service:
+  type: ClusterIP
+  clusterIP: {{ .ServiceIP }}
+  port: 80
+statefulSet:
+  enabled: true
+  syncer:
+    interval: 2m

charts/cluster-api-runtime-extensions-nutanix/addons/registry/cncf-distribution/values-template.yaml

@@ -23,6 +23,10 @@ data:
     ChartName: cluster-autoscaler
     ChartVersion: 9.46.3
     RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://kubernetes.github.io/autoscaler{{ end }}'
+  cncf-distribution-registry: |
+    ChartName: docker-registry
+    ChartVersion: 2.3.1
+    RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://mesosphere.github.io/charts/staging/{{ end }}'
   cosi-controller: |
     ChartName: cosi
     ChartVersion: 0.0.1-alpha.5

charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml

@@ -0,0 +1,12 @@
+# Copyright 2025 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.hooks.registry.cncfDistribution.defaultValueTemplateConfigMap.name }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: '{{ .Values.hooks.registry.cncfDistribution.defaultValueTemplateConfigMap.name }}'
+data:
+  values.yaml: |-
+    {{- .Files.Get "addons/registry/cncf-distribution/values-template.yaml" | nindent 4 }}
+{{- end -}}