From a739d1b8adbc026796d1c55f7319677f9010f727 Mon Sep 17 00:00:00 2001
From: Gabor Nyiri <author@example.com>
Date: Fri, 16 Apr 2021 08:45:02 +0000
Subject: [PATCH] feat: add support of custom registry CA certificate usage

Adding option to use custom CA certificate for downloading container
images.

Signed-off-by: Gabor Nyiri <gabor.nyiri@nokia.com>
---
 .../config/types/v1alpha1/generate/options.go | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/pkg/machinery/config/types/v1alpha1/generate/options.go b/pkg/machinery/config/types/v1alpha1/generate/options.go
index 489b0d906d..bf4437a354 100644
--- a/pkg/machinery/config/types/v1alpha1/generate/options.go
+++ b/pkg/machinery/config/types/v1alpha1/generate/options.go
@@ -79,6 +79,27 @@ func WithRegistryMirror(host string, endpoints ...string) GenOption {
 	}
 }
 
+// WithRegistryCACert specifies the certificate of the certificate authority which signed certificate of the registry.
+func WithRegistryCACert(host, cacert string) GenOption {
+	return func(o *GenOptions) error {
+		if o.RegistryConfig == nil {
+			o.RegistryConfig = make(map[string]*v1alpha1.RegistryConfig)
+		}
+
+		if _, ok := o.RegistryConfig[host]; !ok {
+			o.RegistryConfig[host] = &v1alpha1.RegistryConfig{}
+		}
+
+		if o.RegistryConfig[host].RegistryTLS == nil {
+			o.RegistryConfig[host].RegistryTLS = &v1alpha1.RegistryTLSConfig{}
+		}
+
+		o.RegistryConfig[host].RegistryTLS.TLSCA = v1alpha1.Base64Bytes(cacert)
+
+		return nil
+	}
+}
+
 // WithRegistryInsecureSkipVerify marks registry host to skip TLS verification.
 func WithRegistryInsecureSkipVerify(host string) GenOption {
 	return func(o *GenOptions) error {