feat: add Helm chart for OpenShift shared registry setup (group, RBAC, build configs)

Signed-off-by: Yosief Eyob <yosiefogbazion@gmail.com>

Author: Yosiefeyob

charts/openshift-registry-setup/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: openshift-registry-setup
+description: Sets up shared image registry namespace, team group, and access policies
+version: 1.0.0
+type: application

charts/openshift-registry-setup/templates/buildconfig.yaml

@@ -0,0 +1,28 @@
+{{- range .Values.builds }}
+apiVersion: build.openshift.io/v1
+kind: BuildConfig
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.registryNamespace }}
+spec:
+  output:
+    to:
+      kind: ImageStreamTag
+      name: {{ .name }}:latest
+  source:
+    type: Binary
+    binary: {}
+  strategy:
+    type: Docker
+    dockerStrategy:
+      dockerfilePath: {{ .dockerfilePath | default "Dockerfile" }}
+---
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.registryNamespace }}
+spec:
+  lookupPolicy:
+    local: false
+{{- end }}

charts/openshift-registry-setup/templates/group.yaml

@@ -0,0 +1,8 @@
+apiVersion: user.openshift.io/v1
+kind: Group
+metadata:
+  name: {{ .Values.team.name }}
+users:
+{{- range .Values.team.members }}
+  - {{ . }}
+{{- end }}

charts/openshift-registry-setup/templates/rolebinding-global-pull.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.globalPullAccess }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: global-image-puller
+  namespace: {{ .Values.registryNamespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:image-puller
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:serviceaccounts
+{{- end }}

charts/openshift-registry-setup/templates/rolebinding-team-edit.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Values.team.name }}-edit
+  namespace: {{ .Values.registryNamespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: {{ .Values.team.name }}

charts/openshift-registry-setup/values.yaml

@@ -0,0 +1,19 @@
+# Namespace for storing shared images
+registryNamespace: contextforge-images
+
+# Team group configuration
+team:
+  name: contextforge-team
+  members:
+    - Yosief.Eyob@ibm.com
+    - akshay.shinde26@ibm.com
+    - brian.hussey@ie.ibm.com
+    - Claudia.Gray@ibm.com
+
+# Build configurations for images to host
+builds:
+  - name: mcp-context-forge
+    dockerfilePath: Containerfile.lite
+    
+# Grant all namespaces pull access
+globalPullAccess: true