From d5c00192d5fb26f9e299efa7a9af74c2e5999c78 Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Fri, 13 Feb 2026 12:36:03 -0800
Subject: [PATCH] Configure DinD to use Zot as pull-through registry mirror
 (#183)

## Summary
- Add `daemon.json` with `registry-mirrors` to the forgejo-runner ConfigMap, pointing DinD at `http://host.minikube.internal:5050`
- Mount `daemon.json` into the DinD sidecar at `/etc/docker/daemon.json` via `subPath`
- Docker Hub pulls during Dagger CI builds will now route through Zot's pull-through cache, reducing bandwidth and avoiding rate limits

## Deployment and Testing
- [ ] `argocd app sync forgejo-runner`
- [ ] Exec into DinD container: `docker info` should show the registry mirror
- [ ] Trigger a workflow build and check Zot logs for cache hits

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/183
---
 argocd/manifests/forgejo-runner/configmap.yaml             | 4 ++++
 argocd/manifests/forgejo-runner/deployment.yaml            | 4 ++++
 docs/changelog.d/feature-dind-zot-registry-mirror.infra.md | 1 +
 3 files changed, 9 insertions(+)
 create mode 100644 docs/changelog.d/feature-dind-zot-registry-mirror.infra.md

diff --git a/argocd/manifests/forgejo-runner/configmap.yaml b/argocd/manifests/forgejo-runner/configmap.yaml
index dc4584e..18d5448 100644
--- a/argocd/manifests/forgejo-runner/configmap.yaml
+++ b/argocd/manifests/forgejo-runner/configmap.yaml
@@ -22,3 +22,7 @@ data:
       network: "host"
       # Connect to DinD sidecar via TCP (not socket)
       docker_host: tcp://127.0.0.1:2375
+  daemon.json: |
+    {
+      "registry-mirrors": ["http://host.minikube.internal:5050"]
+    }
diff --git a/argocd/manifests/forgejo-runner/deployment.yaml b/argocd/manifests/forgejo-runner/deployment.yaml
index 75b978c..decbd7a 100644
--- a/argocd/manifests/forgejo-runner/deployment.yaml
+++ b/argocd/manifests/forgejo-runner/deployment.yaml
@@ -77,6 +77,10 @@ spec:
           volumeMounts:
             - name: dind-storage
               mountPath: /var/lib/docker
+            - name: config
+              mountPath: /etc/docker/daemon.json
+              subPath: daemon.json
+              readOnly: true
 
       volumes:
         - name: data
diff --git a/docs/changelog.d/feature-dind-zot-registry-mirror.infra.md b/docs/changelog.d/feature-dind-zot-registry-mirror.infra.md
new file mode 100644
index 0000000..a88d5d8
--- /dev/null
+++ b/docs/changelog.d/feature-dind-zot-registry-mirror.infra.md
@@ -0,0 +1 @@
+Configure DinD sidecar to use Zot as a pull-through registry mirror for Docker Hub images, reducing bandwidth and avoiding rate limits during Dagger CI builds.