docs: add files to setup private registry

Signed-off-by: Alessio Greggi <alessio.greggi@suse.com>

Author: alegrey91

docs/private_registry.md

@@ -0,0 +1,66 @@
+# Private Registries
+
+SBOMbastic supports private registries to scan for images. In order to make it work, please follow the steps listed below.
+
+## Create the Secret
+
+SBOMbastic relies on the docker `config.json` file to manage the authentication to the registries.
+
+The first step to setup a private registry is to create a `Secret` with the `config.json` content, having the following structure:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-auth-secret 
+  namespace: default
+data:
+  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJkZXYtcmVnaXN0cnkuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo1MDAwIjogewoJCQkiYXV0aCI6ICJkWE5sY2pwd1lYTnpkMjl5WkE9PSIKCQl9Cgl9Cn0KCg==
+type: kubernetes.io/dockerconfigjson
+```
+
+The `.dockerconfigjson` field is a base64 value, with the `config.json` content.
+
+Here's an example:
+
+```json
+{
+    "auths": {
+        "myprivateregistry.example": {
+            "auth": "dXNlcjpwYXNzd29yZA=="
+        }
+    }
+}
+```
+
+For more info, please take a look to the Kubernetes [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).
+
+### Tip
+
+Save the `config.json` into a file and use the following command to save it into the `Secret` file:
+
+```sh
+cat dockerconfig.json | base64 -w 0 | xclip -sel clipboard
+```
+
+## Create the Registry
+
+Once your `Secret` is ready, you can reference it on the `Registry` configuration, specifying the name in the `Registry` field `spec.authSecret`.
+
+```yaml
+apiVersion: sbombastic.rancher.io/v1alpha1
+kind: Registry
+metadata:
+  name: my-first-registry
+  namespace: default
+spec:
+  uri: dev-registry.default.svc.cluster.local:5000
+  scanInterval: 1h
+  authSecret: my-auth-secret
+```
+
+This will allow SBOMbastic to scan for images from private registries.
+
+**Please, note**:
+
+The `Secret` and the `Registry` must be defined inside of the very same `Namespace`.

examples/private-registry/dockerconfig.json

@@ -0,0 +1,7 @@
+{
+	"auths": {
+		"myprivateregistry.example": {
+			"auth": "dXNlcjpwYXNzd29yZA=="
+		}
+	}
+}

examples/private-registry/registry.yaml

@@ -0,0 +1,9 @@
+apiVersion: sbombastic.rancher.io/v1alpha1
+kind: Registry
+metadata:
+  name: my-first-registry
+  namespace: default
+spec:
+  uri: dev-registry.default.svc.cluster.local:5000
+  scanInterval: 1h
+  authSecret: my-auth-secret

examples/private-registry/secret.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: myregistrykey
+  name: my-auth-secret
   namespace: default
 data:
   .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJkZXYtcmVnaXN0cnkuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo1MDAwIjogewoJCQkiYXV0aCI6ICJkWE5sY2pwd1lYTnpkMjl5WkE9PSIKCQl9Cgl9Cn0KCg==

hack/private-registry.yaml

@@ -0,0 +1,84 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry-auth
+  namespace: default
+type: Opaque
+data:
+  # user:$2y$10$nTQigvLRGGHCBQwZB4MPPe2SA6GYG218uTe1ntHusNcEjLaAfBive -> user:password
+  htpasswd: dXNlcjokMnkkMTAkblRRaWd2TFJHR0hDQlF3WkI0TVBQZTJTQTZHWUcyMTh1VGUxbnRIdXNOY0VqTGFBZkJpdmUK
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: registry-storage-pvc
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dev-registry
+  namespace: default
+  labels:
+    app: dev-registry
+spec:
+  containers:
+    - name: registry
+      image: registry:2.8.3
+      ports:
+        - containerPort: 5000
+          name: http
+      env:
+        # Basic authentication configuration
+        - name: REGISTRY_AUTH
+          value: htpasswd
+        - name: REGISTRY_AUTH_HTPASSWD_PATH
+          value: /auth/htpasswd
+        - name: REGISTRY_AUTH_HTPASSWD_REALM
+          value: Registry Realm
+        # Optional: Enable deletion
+        - name: REGISTRY_STORAGE_DELETE_ENABLED
+          value: "true"
+      volumeMounts:
+        - name: auth-volume
+          mountPath: /auth
+          readOnly: true
+        - name: registry-storage
+          mountPath: /var/lib/registry
+      resources:
+        requests:
+          memory: "256Mi"
+          cpu: "100m"
+        limits:
+          memory: "512Mi"
+          cpu: "500m"
+  volumes:
+    - name: auth-volume
+      secret:
+        secretName: registry-auth
+    - name: registry-storage
+      persistentVolumeClaim:
+        claimName: registry-storage-pvc
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dev-registry
+  namespace: default
+spec:
+  selector:
+    app: dev-registry
+  ports:
+    - protocol: TCP
+      port: 5000
+      targetPort: http

tilt-settings.yaml.example

@@ -1,4 +1,5 @@
 registry: ghcr.io
+use_private_registry: false
 storage: 
     image: <username>/sbombastic/storage
 controller: