From ef7048ee49491f53dc62f1849074725591580380 Mon Sep 17 00:00:00 2001
From: Jaromir Wysoglad <jwysogla@redhat.com>
Date: Fri, 17 Apr 2026 09:47:40 +0000
Subject: [PATCH] Add cifmw_crc_additional_insecure_registries support

Allow content-provider jobs to register additional insecure registries
on the CRC node via zuul_return. This patches insecureRegistries in
image.config.openshift.io/cluster and configures crio, paralleling the
existing cifmw_crc_additional_allowed_registries mechanism.

Generated-By: Claude-Code claude-opus-4-6
Signed-off-by: Jaromir Wysoglad <jwysogla@redhat.com>
---
 ci/playbooks/multinode-customizations.yml     |  5 ++-
 .../tasks/set_crc_insecure_registry.yml       | 31 ++++++++++++++++++-
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/ci/playbooks/multinode-customizations.yml b/ci/playbooks/multinode-customizations.yml
index eb26396ab..6f085a230 100644
--- a/ci/playbooks/multinode-customizations.yml
+++ b/ci/playbooks/multinode-customizations.yml
@@ -213,7 +213,10 @@
 
     - name: Set insecure registry on crc node
       ansible.builtin.include_tasks: tasks/set_crc_insecure_registry.yml
-      when: content_provider_registry_ip is defined or cifmw_crc_registry_mirror_content is defined
+      when: >-
+        content_provider_registry_ip is defined or
+        cifmw_crc_registry_mirror_content is defined or
+        cifmw_crc_additional_insecure_registries is defined
 
 - hosts: controller
   name: "Tweak Controller"
diff --git a/ci/playbooks/tasks/set_crc_insecure_registry.yml b/ci/playbooks/tasks/set_crc_insecure_registry.yml
index d57cefd91..c54cfcffe 100644
--- a/ci/playbooks/tasks/set_crc_insecure_registry.yml
+++ b/ci/playbooks/tasks/set_crc_insecure_registry.yml
@@ -38,6 +38,14 @@
     image.config.openshift.io/cluster
   loop: "{{ cifmw_crc_additional_allowed_registries }}"
 
+- name: Add additional insecure registries
+  when: cifmw_crc_additional_insecure_registries is defined
+  ansible.builtin.shell: |
+    oc patch --type=json \
+    --patch='[{"op": "add", "path": "/spec/registrySources/insecureRegistries/-", "value": "{{ item }}"}]' \
+    image.config.openshift.io/cluster
+  loop: "{{ cifmw_crc_additional_insecure_registries }}"
+
 - name: Ensure registries.conf.d exists
   become: true
   when: cifmw_crc_registry_mirror_content is defined or content_provider_registry_ip is defined
@@ -61,6 +69,24 @@
       mirror-by-digest-only = false
       prefix = ""
 
+- name: Set insecure registry in crio for additional registries
+  become: true
+  when: cifmw_crc_additional_insecure_registries is defined
+  ansible.builtin.blockinfile:
+    state: present
+    insertafter: EOF
+    marker: "# ANSIBLE MANAGED BLOCK - additional insecure registry: {{ item }}"
+    dest: /etc/containers/registries.conf.d/99-insecure-registry.conf
+    create: true
+    content: |-
+      [[registry]]
+      location = "{{ item }}"
+      insecure = true
+      blocked = false
+      mirror-by-digest-only = false
+      prefix = ""
+  loop: "{{ cifmw_crc_additional_insecure_registries }}"
+
 - name: Set registry mirror override
   when: cifmw_crc_registry_mirror_content is defined
   become: true
@@ -72,7 +98,10 @@
     content: "{{ cifmw_crc_registry_mirror_content }}"
 
 - name: Restart crio
-  when: cifmw_crc_registry_mirror_content is defined or content_provider_registry_ip is defined
+  when: >-
+    cifmw_crc_registry_mirror_content is defined or
+    content_provider_registry_ip is defined or
+    cifmw_crc_additional_insecure_registries is defined
   become: true
   ansible.builtin.service:
     name: crio