F image cache

[nicholasjackson]

• Add the capability to add custom container registries to the image cache

  Nomad and Kubernetes clusters are started in a Docker container that does not save any state to the local disk.
  This state includes a Docker Image cache, every time an image is pulled to a new cluster, it is downloaded
  from the internet. This can be slow and bandwidth-intensive. To solve this problem, Jumppad implemented a pull-through
  cache that is used by all clusters. By default, this cache supported the following registries:

  • k8s.gcr.io
  • gcr.io
  • asia.gcr.io
  • eu.gcr.io
  • us.gcr.io
  • quay.io
  • ghcr.io
  • docker.pkg.github.com

  To support custom registries, Jumppad has added a new resource type, container_registry. This resource type can be used
  to define either a local or remote registry. When a registry is defined, it is added to the pull-through cache, and
  any authentication details are added to the cache, meaning you do not need to authenticate each pull on the Nomad or
  Kubernetes cluster. Any defined registry must be configured to use HTTPS; the image cache can not be used to pull
  from insecure registries.

# Define a custom registry that does not use authentication
resource "container_registry" "noauth" {
  hostname = "noauth-registry.demo.gs" // cache can not resolve local jumppad.dev dns for some reason, 
  // using external dns mapped to the local ip address
}

# Define a custom registry that uses authentication
resource "container_registry" "auth" {
  hostname = "auth-registry.demo.gs"
  auth {
    username = "admin"
    password = "password"
  }
}

• Add capability to add insecure registries and image cache bypass to Kubernetes and Nomad clusters.

  All images pulled to Nomad and Kubernetes clusters are pulled through the image cache. This cache is a Docker
  container that Jumppad automatically starts. To disable the cache and pull images directly from the internet,
  add the no_proxy parameter to the new docker config stanza. This will cause the cache to be bypassed and
  the image to be pulled directly from the internet.

  Add the insecure_registries parameter to the docker config stanza to support insecure registries. This
  must be used in conjunction with the no_proxy parameter as the image cache does not support insecure registries.

resource "nomad_cluster" "dev" {
  client_nodes = 1

  datacenter = "dc1"

  network {
    id = variable.network_id
  }

  // add configuration to allow cache bypass and insecure registry
  config {
    docker {
      no_proxy            = ["insecure.container.jumppad.dev"]
      insecure_registries = ["insecure.container.jumppad.dev:5003"]
    }
  }
}

@Zortaniac this is an update of your PR #244

[Zortaniac]

@nicholasjackson I noticed that you removed the extra option to specify a hostname for the registry authentication. There was actually a specific reason to support that for gitlab installations, which can require a different hostname for the authentication part then the actual docker registry hostname https://github.com/shipyard-run/docker-registry-proxy#gitlab-auth

[nicholasjackson]

OK, thanks, I will add that back in for you.