add kind-registry.local:5000 to kind cluster

- update kind config to include local registry
- configure kind cluster to talk to local registry
- docker build & push pinniped dev code to local registry
- deploy dev code of the following via the local registry:
  - concierge
  - supervisor
  - local-user-authenticator

hack/kind-up.sh

@@ -8,6 +8,15 @@ set -euo pipefail
 ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 cd "${ROOT}"
 
+# create registry container unless it already exists
+reg_name='kind-registry.local'
+reg_port='5000'
+if [ "$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
+  docker run \
+    -d --restart=always -p "127.0.0.1:${reg_port}:5000" --name "${reg_name}" \
+    registry:2
+fi
+
 if [[ "${PINNIPED_USE_CONTOUR:-}" != "" ]]; then
   echo "Adding Contour port mapping to Kind config."
   ytt -f "${ROOT}/hack/lib/kind-config/single-node.yaml" \
@@ -18,3 +27,23 @@ else
   # To debug the kind config, add this option to the command below: `-v 10`
   kind create cluster --config "hack/lib/kind-config/single-node.yaml" --name pinniped
 fi
+
+
+# connect the registry to the cluster network if not already connected
+if [ "$(docker inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = 'null' ]; then
+  docker network connect "kind" "${reg_name}"
+fi
+
+# Document the local registry
+# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: local-registry-hosting
+  namespace: kube-public
+data:
+  localRegistryHosting.v1: |
+    host: "localhost:${reg_port}"
+    help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
+EOF

hack/lib/kind-config/single-node.yaml

@@ -44,3 +44,11 @@ kubeadmConfigPatches:
     extraArgs:
       # See comment above.
       enable-aggregator-routing: "true"
+# TODO: in kind-up.sh these variables are created, but aren't passed in here, so we are hard-coding them
+# reg_name='kind-registry.local'
+# reg_port='5000'
+# perhaps we need to ytt --overlay it like we do the contour configuration?
+containerdConfigPatches:
+- |-
+  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."kind-registry.local:5000"]
+    endpoint = ["http://kind-registry.local:5000"]

hack/prepare-for-integration-tests.sh

@@ -220,8 +220,11 @@ else
   fi
 fi
 
-registry="pinniped.local"
+# NOW CHANGE THIS SO WE PUSH TO THE REGISTRY?
+# registry="pinniped.local"
+registry="kind-registry.local:5000"
 repo="test/build"
+# TODO: can we force HTTP here? HTTPS is problematic.
 registry_repo="$registry/$repo"
 tag=$(uuidgen) # always a new tag to force K8s to reload the image on redeploy
 
@@ -254,8 +257,11 @@ if [[ "$do_build" == "yes" ]]; then
 fi
 
 # Load it into the cluster
-log_note "Loading the app's container image into the kind cluster..."
-kind load docker-image "$registry_repo_tag" --name pinniped
+log_note "Loading the app's container image into the local registry ($registry)..."
+# TODO: now we don't want to direct load anymore, we want to docker push to our new local registry.
+# and then be sure that it pulls?
+# kind load docker-image "$registry_repo_tag" --name pinniped
+docker push "$registry_repo_tag"
 
 #
 # Deploy local-user-authenticator
@@ -501,3 +507,9 @@ log_note
 log_note "To delete the deployments, run:"
 log_note "  kapp delete -a local-user-authenticator -y && kapp delete -a $concierge_app_name -y &&  kapp delete -a $supervisor_app_name -y"
 log_note "When you're finished, use './hack/kind-down.sh' to tear down the cluster."
+log_note
+# TODO: come back and check the /etc/hosts file for the existence of
+# the correct lines, just like is done in prepare-supervisor-on-kind.sh
+log_note "Please run these commands to edit /etc/hosts, and then run this script again with the same options."
+log_note "  sudo bash -c \"echo '127.0.0.1 kind-registry.local' >> /etc/hosts\""
+log_note "When you are finished with your Kind cluster, you can remove these lines from /etc/hosts."