Private Registries Support

[BROngineer]

Goals

• Enable authenticated private registry support within k0rdent
• Support for storage of cluster and service templates in a private registry
• Support to store other required artifacts for child cluster deployments
• Future support for air-gapped and secure environments.
• Support mulitple private registries with unique identities

Major deliverables

• ServiceTemplate Packaging:
  • Package these features as a declarative ServiceTemplate that allows for consistent, version-controlled deployment of private registry configurations across clusters.
  • Credentials for private registries are stored securely

Who it benefits
<describe groups / target audience and what are the benefits of feature implementation for them>

Acceptance criteria

• Secure authentication is fully integrated, with tests confirming that only authorized entities can access the registry.
• The solution is packaged as a ServiceTemplate and can be deployed consistently across multiple clusters, with clear documentation provided.
• End-to-end testing confirms that the private registry, with auth and caching, works seamlessly without reliance on external connectivity.
• In an air-gapped scenario new templates can be added and deployed

Telemetry & Success Criteria
<is any telemetry data needed? If yes, what is it?>

Assumptions

Limitations

• The initial release may support only one type of authentication method, with additional options added in future iterations.
• Customization beyond the predefined ServiceTemplate parameters might require further development.

Out of scope

• Full airgaped deployment of core k0rdent components
• Full migration or synchronization with public registries—this epic focuses on establishing a secure, standalone private registry.

User stories