Removed no longer needed docker-compose yml for registry

CI_CD_PIPELINE_SETUP_GUIDE.md

@@ -702,17 +702,9 @@ sudo sed -i "s/YOUR_CI_CD_IP/YOUR_ACTUAL_IP_ADDRESS/g" /opt/APP_NAME/registry/op
 sudo sed -i "s/YOUR_REGISTRY_NAME/APP_NAME-Registry/g" /opt/APP_NAME/registry/openssl.conf
 ```
 
-#### 5.2.1 Alternative: Use Podman Compose
 
-```bash
-# Use podman-compose (Docker Compose compatible)
-podman-compose -f docker-registry.yml up -d
 
-# Check status
+#### 5.2.1 Security Features Applied
-podman-compose -f docker-registry.yml ps
-```
-
-#### 5.2.2 Security Features Applied
 
 The Docker Registry v2 setup includes comprehensive security hardening:
 
@@ -740,6 +732,9 @@ The Docker Registry v2 setup includes comprehensive security hardening:
 - ✅ Container policy enforcement via containers-policy.json
 - ✅ Volume mounts with read-only where possible
 
+#### 5.2.2 Set Up Authentication and Permissions
+
+```bash
 # Create FHS-compliant authentication directory
 sudo mkdir -p /etc/registry/auth
 sudo chown CI_SERVICE_USER:CI_SERVICE_USER /etc/registry/auth
@@ -759,17 +754,15 @@ sudo chmod 600 /etc/registry/auth/.htpasswd
 # Set proper permissions for configuration files
 sudo chown CI_SERVICE_USER:CI_SERVICE_USER /opt/APP_NAME/registry/nginx.conf
 sudo chown CI_SERVICE_USER:CI_SERVICE_USER /opt/APP_NAME/registry/openssl.conf
-sudo chown CI_SERVICE_USER:CI_SERVICE_USER /opt/APP_NAME/registry/docker-registry.yml
 sudo chown CI_SERVICE_USER:CI_SERVICE_USER /opt/APP_NAME/registry/registry-pod.yaml
 sudo chown CI_SERVICE_USER:CI_SERVICE_USER /opt/APP_NAME/registry/containers-policy.json
 sudo chmod 644 /opt/APP_NAME/registry/nginx.conf
 sudo chmod 644 /opt/APP_NAME/registry/openssl.conf
-sudo chmod 644 /opt/APP_NAME/registry/docker-registry.yml
 sudo chmod 644 /opt/APP_NAME/registry/registry-pod.yaml
 sudo chmod 644 /opt/APP_NAME/registry/containers-policy.json
 ```
 
-#### 5.3 Create FHS-Compliant Directory Structure
+#### 5.2.3 Create FHS-Compliant Directory Structure
 
 ```bash
 # Create FHS-compliant certificate directory structure
@@ -794,7 +787,7 @@ sudo chmod 755 /var/lib/registry/data         # Registry data
 sudo ln -sf /var/lib/registry/data /opt/APP_NAME/registry/registry
 ```
 
-#### 5.4 Generate TLS Certificate and Install for Podman
+#### 5.2.4 Generate TLS Certificate and Install for Podman
 
 **Choose one of the following options based on whether you have a domain name:**
 
@@ -888,9 +881,9 @@ sudo cp /etc/registry/certs/registry.crt /etc/containers/certs.d/YOUR_DOMAIN_NAM
 
 ---
 
-**After completing the steps for your chosen option, continue with Step 5.7 (Start Docker Registry with Docker Compose).**
+**After completing the steps for your chosen option, continue with Step 5.5 (Set Up Systemd Service for Docker Registry v2).**
 
-#### 5.5 Install Certificate for Podman (Option B Only)
+#### 5.3 Install Certificate for Podman (Option B Only)
 
 **Important**: This step adds the Let's Encrypt certificate for Podman. Since Let's Encrypt is a trusted CA, Podman will automatically trust this certificate.
 
@@ -913,7 +906,7 @@ echo "Certificate installation completed successfully!"
 echo "Podman can now connect to the registry securely using your domain name"
 ```
 
-#### 5.6 Set Up Automatic Certificate Renewal (Option B Only)
+#### 5.4 Set Up Automatic Certificate Renewal (Option B Only)
 
 **Important**: Let's Encrypt certificates expire after 90 days, so we need to set up automatic renewal.
 
@@ -930,7 +923,7 @@ echo "Automatic certificate renewal configured!"
 echo "Certificates will be renewed automatically and the registry service will be restarted"
 ```
 
-#### 5.7 Set Up Systemd Service for Docker Registry v2
+#### 5.5 Set Up Systemd Service for Docker Registry v2
 
 ```bash
 # Create system-wide Podman configuration to avoid permission issues
@@ -969,7 +962,7 @@ sudo systemctl status docker-registry.service
 sudo journalctl -u docker-registry.service -f --no-pager -n 50
 ```
 
-#### 5.8 Verify Docker Registry v2 Service
+#### 5.6 Verify Docker Registry v2 Service
 
 ```bash
 # Check that the service is running properly
@@ -985,7 +978,7 @@ sudo su - CI_SERVICE_USER -c "podman logs registry-pod-nginx"
 sudo su - CI_SERVICE_USER -c "podman logs registry-pod-registry"
 ```
 
-#### 5.9 Test Registry Setup
+#### 5.7 Test Registry Setup
 
 **For Option A (Self-signed certificates):**
 
@@ -1432,7 +1425,6 @@ ls -la /tmp/ci-workspace
 The Docker Registry setup now follows the Filesystem Hierarchy Standard (FHS) for better organization and security:
 
 **Application Files** (in `/opt/APP_NAME/registry/`):
-- `docker-registry.yml` - Podman Compose configuration for Docker Registry v2 and nginx
 - `registry-pod.yaml` - Kubernetes Pod manifest for Docker Registry v2 and nginx
 - `nginx.conf` - nginx reverse proxy configuration from project repository  
 - `openssl.conf` - OpenSSL configuration for certificate generation from project repository
@@ -2452,7 +2444,6 @@ sudo rm -rf /opt/APP_NAME/registry/openssl.conf
 sudo rm -rf /opt/APP_NAME/registry/certs/requests/openssl.conf
 
 # Note: DO NOT remove these files as they are needed for operation:
-# - /opt/APP_NAME/registry/docker-registry.yml
 # - /opt/APP_NAME/registry/registry-pod.yaml
 # - /opt/APP_NAME/registry/nginx.conf
 # - /opt/APP_NAME/registry/containers-policy.json  

registry/README.md

@@ -4,7 +4,7 @@ This folder contains the configuration files for the Docker Registry setup used
 
 ## Files
 
-- **`docker-registry.yml`**: Podman Compose configuration for Docker Registry v2 and nginx reverse proxy
+
 - **`nginx.conf`**: nginx configuration for HTTPS and authentication
 - **`docker-registry.service`**: Systemd service file for Docker Registry v2
 - **`README.md`**: This documentation file

registry/docker-registry.yml

@@ -1,66 +0,0 @@
-services:
-  registry:
-    image: registry@sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
-    container_name: registry
-    restart: unless-stopped
-    user: "1000:1000"
-    environment:
-      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
-      # Disable image deletion for security
-      REGISTRY_STORAGE_DELETE_ENABLED: "false"
-      # Listen only inside the compose network
-      REGISTRY_HTTP_ADDR: 0.0.0.0:5000
-      # TLS configuration
-      REGISTRY_HTTP_TLS_CERTIFICATE: /etc/registry/certs/registry.crt
-      REGISTRY_HTTP_TLS_KEY: /etc/registry/certs/private/registry.key
-    volumes:
-      - ./registry:/var/lib/registry
-      - /etc/registry/certs:/etc/registry/certs:ro
-    expose:
-      - "5000"   # internal only, not published
-    deploy:
-      resources:
-        limits:
-          cpus: '1.0'
-          memory: 1G
-        reservations:
-          cpus: '0.5'
-          memory: 512M
-    security_opt:
-      - no-new-privileges:true
-      - seccomp:unconfined
-    read_only: true
-    tmpfs:
-      - /tmp:noexec,nosuid,size=100m
-
-  nginx:
-    image: nginx@sha256:6650513efd1d27c1f8a5351cbd33edf85cc7e3b73dc4d4d4e8f8c0b3d0b3d0b3d
-    container_name: nginx
-    restart: unless-stopped
-    user: "1000:1000"
-    depends_on:
-      - registry
-    ports:
-      - "443:443"   # HTTPS only
-      - "4443:4443"
-      # deliberately no "80:80" – no HTTP
-    volumes:
-      - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      - /etc/registry/certs:/etc/registry/certs:ro
-      - /etc/registry/auth/.htpasswd:/etc/nginx/.htpasswd:ro
-      - /var/log/nginx:/var/log/nginx
-      - ./containers-policy.json:/etc/containers/policy.json:ro
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 512M
-        reservations:
-          cpus: '0.25'
-          memory: 256M
-    security_opt:
-      - no-new-privileges:true
-      - seccomp:unconfined
-    read_only: true
-    tmpfs:
-      - /tmp:noexec,nosuid,size=100m