From 90a0ca34432c86551867d7256f3628c97ef82b53 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Thu, 29 Oct 2020 15:42:37 +0100
Subject: [PATCH] Change docker_registry network_mode to host

Change-Id: I404dd52701426a10c2e92727bd52b7fd7112abf6
---
 ansible/roles/docker-registry/defaults/main.yml          | 9 +++++++--
 ansible/roles/docker-registry/tasks/deploy.yml           | 1 +
 .../docker-registry-network-mode-ef7de6a7463ca5e5.yaml   | 6 ++++++
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/docker-registry-network-mode-ef7de6a7463ca5e5.yaml

diff --git a/ansible/roles/docker-registry/defaults/main.yml b/ansible/roles/docker-registry/defaults/main.yml
index 7d25a518e..66c631ee1 100644
--- a/ansible/roles/docker-registry/defaults/main.yml
+++ b/ansible/roles/docker-registry/defaults/main.yml
@@ -17,6 +17,11 @@ docker_registry_enabled: true
 # pull through cache.
 docker_registry_env: {}
 
+# Dict of environment variables setting a listen port for docker registry
+# container.
+docker_registry_env_listen:
+  REGISTRY_HTTP_ADDR: "0.0.0.0:{{ docker_registry_port }}"
+
 # Dict of environment variables to provide to the docker registry container
 # when TLS is enabled.
 docker_registry_env_tls:
@@ -38,11 +43,11 @@ docker_registry_services:
      {{ {} |
         combine(docker_registry_env_tls if docker_registry_enable_tls | bool else {}) |
         combine(docker_registry_env_basic_auth if docker_registry_enable_basic_auth | bool else {}) |
+        combine(docker_registry_env_listen) |
         combine(docker_registry_env) }}
     enabled: "{{ docker_registry_enabled }}"
     image: "{{ docker_registry_image_full }}"
-    ports:
-      - "{{ docker_registry_port }}:5000"
+    network_mode: host
     volumes: "{{ docker_registry_volumes | select | list }}"
 
 # The port on which the docker registry server should listen.
diff --git a/ansible/roles/docker-registry/tasks/deploy.yml b/ansible/roles/docker-registry/tasks/deploy.yml
index e8bb7f7f0..ca038c7e4 100644
--- a/ansible/roles/docker-registry/tasks/deploy.yml
+++ b/ansible/roles/docker-registry/tasks/deploy.yml
@@ -6,6 +6,7 @@
     env: "{{ item.value.env }}"
     image: "{{ item.value.image }}"
     name: "{{ item.value.container_name }}"
+    network_mode: "{{ item.value.network_mode }}"
     ports: "{{ item.value.ports | default(omit) }}"
     privileged: "{{ item.value.privileged | default(omit) }}"
     read_only: "{{ item.value.read_only | default(omit) }}"
diff --git a/releasenotes/notes/docker-registry-network-mode-ef7de6a7463ca5e5.yaml b/releasenotes/notes/docker-registry-network-mode-ef7de6a7463ca5e5.yaml
new file mode 100644
index 000000000..506b0f7da
--- /dev/null
+++ b/releasenotes/notes/docker-registry-network-mode-ef7de6a7463ca5e5.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The ``docker_registry`` network mode has been changed from ``bridge`` to
+    ``host`` for compatibility when Docker is prevented from manipulating iptables
+    (default behaviour in Wallaby).