From e187ad7955ed5baf2eb23ef7bb5ec4830881d29f Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 5 May 2021 12:25:10 +0100
Subject: [PATCH] Make docker registry network mode configurable

Adds a new flag, 'docker_registry_network_mode', which defaults to
'host'. This may be used to set the network mode of the Docker registry
container.

This is a follow up to I404dd52701426a10c2e92727bd52b7fd7112abf6, which
changed the network mode from the default of bridge to host. It allows
that change to be backported to stable branches, without modifying the
default value.

Change-Id: Ic8ec3bb98f8f016e1d089bf10bd0538264394241
---
 ansible/group_vars/all/docker-registry                   | 3 +++
 ansible/roles/docker-registry/defaults/main.yml          | 8 ++++++--
 doc/source/configuration/reference/docker-registry.rst   | 9 ++++++++-
 etc/kayobe/docker-registry.yml                           | 3 +++
 .../docker-registry-network-mode-3c678295b51d69c1.yaml   | 6 ++++++
 5 files changed, 26 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/docker-registry-network-mode-3c678295b51d69c1.yaml

diff --git a/ansible/group_vars/all/docker-registry b/ansible/group_vars/all/docker-registry
index 13e959fbe..2ace208ac 100644
--- a/ansible/group_vars/all/docker-registry
+++ b/ansible/group_vars/all/docker-registry
@@ -14,6 +14,9 @@ docker_registry_enabled: False
 # pull through cache.
 docker_registry_env: {}
 
+# The network mode of the docker registry container. Default is 'host'.
+docker_registry_network_mode: host
+
 # The port on which the docker registry server should listen.
 # NOTE: This is set to 4000 rather than the default of 5000 to avoid clashing
 #       with keystone.
diff --git a/ansible/roles/docker-registry/defaults/main.yml b/ansible/roles/docker-registry/defaults/main.yml
index 66c631ee1..f7ecce4d7 100644
--- a/ansible/roles/docker-registry/defaults/main.yml
+++ b/ansible/roles/docker-registry/defaults/main.yml
@@ -43,13 +43,17 @@ docker_registry_services:
      {{ {} |
         combine(docker_registry_env_tls if docker_registry_enable_tls | bool else {}) |
         combine(docker_registry_env_basic_auth if docker_registry_enable_basic_auth | bool else {}) |
-        combine(docker_registry_env_listen) |
+        combine(docker_registry_env_listen if docker_registry_network_mode == 'host' else {}) |
         combine(docker_registry_env) }}
     enabled: "{{ docker_registry_enabled }}"
     image: "{{ docker_registry_image_full }}"
-    network_mode: host
+    network_mode: "{{ docker_registry_network_mode }}"
+    ports: "{{ [docker_registry_port ~ ':5000'] if docker_registry_network_mode == 'bridge' else [] }}"
     volumes: "{{ docker_registry_volumes | select | list }}"
 
+# The network mode of the docker registry container.
+docker_registry_network_mode: host
+
 # The port on which the docker registry server should listen.
 docker_registry_port: 5000
 
diff --git a/doc/source/configuration/reference/docker-registry.rst b/doc/source/configuration/reference/docker-registry.rst
index dd459077d..44f768c66 100644
--- a/doc/source/configuration/reference/docker-registry.rst
+++ b/doc/source/configuration/reference/docker-registry.rst
@@ -27,9 +27,16 @@ Configuring the registry
     Docker Hub by setting REGISTRY_PROXY_REMOTEURL to
     "https://registry-1.docker.io".  Note that it is not possible to push to a
     registry configured as a pull through cache. Default is ``{}``.
+``docker_registry_network_mode``
+    The network mode used for the docker registry container. Default is
+    ``host``. When set to ``bridge``, port mapping is configured to expose the
+    registry through port ``docker_registry_port``.
 ``docker_registry_port``
     The port on which the docker registry server should listen. Default is
-    4000.
+    4000. When ``docker_registry_network_mode`` is set to ``host``, configures
+    the port used by the registry server inside the container. When
+    ``docker_registry_network_mode`` is set to ``bridge``, configures the
+    overlay network port.
 ``docker_registry_datadir_volume``
     Name or path to use as the volume for the docker registry. Default is
     ``docker_registry``.
diff --git a/etc/kayobe/docker-registry.yml b/etc/kayobe/docker-registry.yml
index 7ba79ed90..ea6ca9c84 100644
--- a/etc/kayobe/docker-registry.yml
+++ b/etc/kayobe/docker-registry.yml
@@ -14,6 +14,9 @@
 # pull through cache. Default is an empty dict.
 #docker_registry_env:
 
+# The network mode of the docker registry container. Default is 'host'.
+#docker_registry_network_mode:
+
 # The port on which the docker registry server should listen. Default is 4000.
 #docker_registry_port:
 
diff --git a/releasenotes/notes/docker-registry-network-mode-3c678295b51d69c1.yaml b/releasenotes/notes/docker-registry-network-mode-3c678295b51d69c1.yaml
new file mode 100644
index 000000000..17fb92408
--- /dev/null
+++ b/releasenotes/notes/docker-registry-network-mode-3c678295b51d69c1.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds a new flag, ``docker_registry_network_mode``, which defaults to
+    ``host``. This may be used to set the network mode of the Docker registry
+    container.