refactor: Use Minikube registry addon instead of external registry

Replace external registry container approach with Minikube's built-in
registry addon for improved cross-platform compatibility.

Key changes:
- Use 'minikube addons enable registry' instead of external container
- Port-forward to localhost:5000 (macOS: socat, Linux: kubectl)
- Update image reference from 192.168.49.1:5001 to localhost:5000
- Change imagePullPolicy from Always to IfNotPresent
- Remove insecure-registry requirement from Minikube start
- Simplify GitHub Actions workflow

Benefits:
- Works with rootless Podman on Fedora/Linux
- No insecure registry configuration needed
- Cross-platform consistency (Mac, Linux, Windows)
- Follows proven WildFly cloud-tests patterns
- Simpler setup and troubleshooting

Fixes compatibility issues with rootless Podman where external registry
running in user context was inaccessible from Minikube VM.

Author: kabir

.github/workflows/cloud-deployment-example.yml

@@ -33,20 +33,44 @@ jobs:
           kubernetes-version: v1.30.0
           driver: docker
           addons: ingress
-          insecure-registry: '192.168.49.1:5001'
 
       - name: Build project
         run: mvn -B clean install -DskipTests -f pom.xml
 
+      - name: Enable Minikube registry addon
+        run: |
+          echo "Enabling Minikube registry addon..."
+          minikube addons enable registry
+          sleep 5
+
+      - name: Set up registry port forwarding
+        run: |
+          echo "Starting registry port forwarding..."
+          kubectl port-forward --namespace kube-system service/registry 5000:80 > /dev/null 2>&1 &
+
+          # Wait for registry to be accessible
+          echo "Waiting for registry to be accessible..."
+          for i in {1..30}; do
+            if curl -s http://localhost:5000/v2/ > /dev/null 2>&1; then
+              echo "Registry accessible"
+              break
+            fi
+            if [ $i -eq 30 ]; then
+              echo "ERROR: Registry not accessible"
+              exit 1
+            fi
+            sleep 1
+          done
+
       - name: Build and package server
         working-directory: examples/cloud-deployment/server
         run: mvn clean package -DskipTests
 
-      - name: Build Docker image
+      - name: Build and push Docker image
         working-directory: examples/cloud-deployment/server
         run: |
-          docker build -t localhost:5001/a2a-cloud-deployment:latest .
-          docker tag localhost:5001/a2a-cloud-deployment:latest 192.168.49.1:5001/a2a-cloud-deployment:latest
+          docker build -t localhost:5000/a2a-cloud-deployment:latest .
+          docker push localhost:5000/a2a-cloud-deployment:latest
 
       - name: Deploy infrastructure (skip agent)
         working-directory: examples/cloud-deployment/scripts
@@ -56,24 +80,12 @@ jobs:
           chmod +x deploy.sh
           ./deploy.sh
 
-      - name: Load image into minikube and deploy agent
+      - name: Deploy agent
         working-directory: examples/cloud-deployment
         run: |
-          # Load image into minikube
-          echo "Loading image into minikube..."
-          minikube image load 192.168.49.1:5001/a2a-cloud-deployment:latest
-
-          # Verify image is in minikube
-          echo "Verifying image in minikube:"
-          minikube ssh -- docker images | grep a2a-cloud-deployment
-
-          # Modify deployment YAML to use imagePullPolicy: Never before applying
-          echo "Deploying agent with imagePullPolicy: Never..."
-          cat k8s/04-agent-deployment.yaml | \
-            sed 's/imagePullPolicy: Always/imagePullPolicy: Never/' | \
-            kubectl apply -f -
+          echo "Deploying agent..."
+          kubectl apply -f k8s/04-agent-deployment.yaml
 
-          # Wait for rollout to complete
           echo "Waiting for deployment rollout to complete..."
           kubectl rollout status deployment/a2a-agent -n a2a-demo --timeout=120s
 

examples/cloud-deployment/README.md

@@ -61,19 +61,22 @@ This example demonstrates deploying an A2A agent to Kubernetes with:
 
 ### 1. Start Minikube
 
-This example uses a local container registry on the host machine. Minikube must be configured to allow pulling from this insecure (HTTP) registry.
+This example uses Minikube's built-in registry addon for container image distribution.
 
 **With Docker:**
 ```bash
-minikube start --cpus=4 --memory=8192 --insecure-registry=192.168.49.1:5001
+minikube start --cpus=4 --memory=8192
 ```
 
-**With Podman:**
+**With Podman (rootful or rootless):**
 ```bash
-minikube start --cpus=4 --memory=8192 --driver=podman --insecure-registry=192.168.49.1:5001
+minikube start --cpus=4 --memory=8192 --driver=podman
 ```
 
-**Note**: The IP address `192.168.49.1` is the default host IP from Minikube's perspective. If your Minikube uses a different network range, adjust accordingly.
+**Note for rootless Podman users on Fedora/Linux**: Add `--container-runtime=containerd` if you encounter issues:
+```bash
+minikube start --cpus=4 --memory=8192 --driver=podman --container-runtime=containerd
+```
 
 ### 2. Deploy the Stack
 
@@ -88,6 +91,8 @@ cd scripts
 ```
 
 This script will:
+- Enable Minikube registry addon
+- Set up registry port forwarding (localhost:5000)
 - Install Strimzi Kafka operator
 - Deploy PostgreSQL
 - Deploy Kafka cluster
@@ -319,40 +324,45 @@ kubectl logs <pod-name> -n a2a-demo
 ```
 
 **Common issues:**
-- **ImagePullBackOff**: Image not built in Minikube's container environment
-  - Solution with Docker: Run `eval $(minikube docker-env)` before building
-  - Solution with Podman: Run `eval $(minikube podman-env)` before building
+- **ImagePullBackOff**: Image not pushed to Minikube registry
+  - Solution: Ensure registry port-forward is running and push completed successfully
+  - Check: `curl http://localhost:5000/v2/_catalog` should list the image
 - **CrashLoopBackOff**: Application startup failure
   - Check logs: `kubectl logs <pod-name> -n a2a-demo`
   - Common causes: Database not ready, Kafka not ready
 
-### Container Build Issues
+### Registry Issues
 
-**Image not found in Minikube:**
+**Registry not accessible:**
 
-The container image must be built inside Minikube's environment.
+The deploy.sh script sets up port forwarding automatically. If you need to set it up manually:
 
-**With Docker:**
+**On macOS:**
 ```bash
-eval $(minikube docker-env)
-docker build -t a2a-cloud-deployment:latest .
+# Using Docker or Podman
+docker run -d --name socat-registry --rm --network=host alpine \
+  ash -c "apk add socat && socat TCP-LISTEN:5000,reuseaddr,fork TCP:$(minikube ip):5000"
 ```
 
-**With Podman:**
+**On Linux:**
 ```bash
-eval $(minikube podman-env)
-podman build -t a2a-cloud-deployment:latest .
+kubectl port-forward --namespace kube-system service/registry 5000:80 &
 ```
 
-**Verify image exists:**
+**Verify registry is accessible:**
 ```bash
-# With Docker
-minikube ssh docker images | grep a2a-cloud-deployment
+curl http://localhost:5000/v2/
+# Should return: {}
 
-# With Podman
-minikube ssh podman images | grep a2a-cloud-deployment
+# List images in registry
+curl http://localhost:5000/v2/_catalog
 ```
 
+**Image push failures:**
+- Check port-forward is running: `ps aux | grep "port-forward.*registry"`
+- Restart port-forward if needed
+- For rootless Podman: Ensure you're not using sudo (should work without it)
+
 ### Database Connection Failures
 
 **Check PostgreSQL status:**

examples/cloud-deployment/k8s/04-agent-deployment.yaml

@@ -17,8 +17,8 @@ spec:
     spec:
       containers:
         - name: a2a-agent
-          image: 192.168.49.1:5001/a2a-cloud-deployment:latest
-          imagePullPolicy: Always
+          image: localhost:5000/a2a-cloud-deployment:latest
+          imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080
               name: http

examples/cloud-deployment/scripts/cleanup.sh

@@ -45,19 +45,25 @@ echo "Deleting namespace..."
 kubectl delete -f ../k8s/00-namespace.yaml --ignore-not-found=true
 
 echo ""
-echo "Cleaning up local registry container..."
-# Determine container tool
+echo "Stopping registry port forwarding..."
+# Kill any port-forward processes
+pkill -f "kubectl.*port-forward.*registry" > /dev/null 2>&1 || true
+
+# Determine container tool for stopping socat container on macOS
 CONTAINER_TOOL="docker"
 if command -v podman &> /dev/null; then
     CONTAINER_TOOL="podman"
 fi
 
-# Remove registry container if it exists
-$CONTAINER_TOOL rm -f kind-registry > /dev/null 2>&1 || true
+# Stop socat container if running (macOS)
+$CONTAINER_TOOL stop socat-registry > /dev/null 2>&1 || true
+$CONTAINER_TOOL rm socat-registry > /dev/null 2>&1 || true
 
 echo ""
 echo -e "${GREEN}Cleanup completed${NC}"
 echo ""
-echo -e "${YELLOW}Note: Strimzi operator was not removed${NC}"
+echo -e "${YELLOW}Note: Minikube registry addon and Strimzi operator were not removed${NC}"
+echo "To disable the registry addon, run:"
+echo "  minikube addons disable registry"
 echo "To remove Strimzi operator, run:"
 echo "  kubectl delete namespace kafka"

examples/cloud-deployment/scripts/deploy.sh

@@ -34,66 +34,84 @@ echo ""
 # Check if Minikube is running
 if ! minikube status > /dev/null 2>&1; then
     echo -e "${RED}Error: Minikube is not running${NC}"
-    echo "Please start Minikube first with insecure registry configuration:"
+    echo "Please start Minikube first:"
     echo ""
     echo "With Docker:"
-    echo "  minikube start --cpus=4 --memory=8192 --insecure-registry=192.168.49.1:5001"
+    echo "  minikube start --cpus=4 --memory=8192"
     echo ""
     echo "With Podman:"
-    echo "  minikube start --cpus=4 --memory=8192 --driver=podman --insecure-registry=192.168.49.1:5001"
+    echo "  minikube start --cpus=4 --memory=8192 --driver=podman"
+    echo ""
+    echo "With Podman (rootless):"
+    echo "  minikube start --cpus=4 --memory=8192 --driver=podman --container-runtime=containerd"
     exit 1
 fi
 
 echo -e "${GREEN}✓ Minikube is running${NC}"
 
-# Check if insecure registry is configured
-echo "Checking insecure registry configuration..."
-MINIKUBE_HOST_IP=$(minikube ssh "ip route | grep default | awk '{print \$3}'")
-if ! minikube profile list -o json | grep -q "InsecureRegistry"; then
-    echo -e "${RED}Error: Minikube is not configured for insecure registry${NC}"
-    echo ""
-    echo "Please delete and recreate Minikube with insecure registry support:"
-    echo "  minikube delete"
-    echo "  minikube start --cpus=4 --memory=8192 --driver=podman --insecure-registry=${MINIKUBE_HOST_IP}:5001"
-    exit 1
+# Enable Minikube registry addon if not already enabled
+echo ""
+echo "Checking Minikube registry addon..."
+if ! minikube addons list | grep -q "registry.*enabled"; then
+    echo "Enabling Minikube registry addon..."
+    minikube addons enable registry
+    # Wait a bit for registry to start
+    sleep 5
+    echo -e "${GREEN}✓ Registry addon enabled${NC}"
+else
+    echo -e "${GREEN}✓ Registry addon already enabled${NC}"
 fi
-echo -e "${GREEN}✓ Insecure registry configured (${MINIKUBE_HOST_IP}:5001)${NC}"
 
-# Set up local registry container on host
+# Set up port forwarding to registry
+# This makes the registry accessible at localhost:5000
 echo ""
-echo "Setting up local registry container..."
+echo "Setting up registry port forwarding..."
+
+# Detect OS
+if echo "$OSTYPE" | grep -q "^darwin"; then
+    # macOS - use socat in container for port forwarding
+    echo "macOS detected, using socat for port forwarding..."
 
-# Check if registry container is already running
-if $CONTAINER_TOOL ps --filter "name=kind-registry" --format '{{.Names}}' | grep -q kind-registry; then
-    echo "Registry container already running"
+    # Stop any existing port forwarder
+    $CONTAINER_TOOL stop socat-registry 2>/dev/null || true
+    $CONTAINER_TOOL rm socat-registry 2>/dev/null || true
+
+    # Pull alpine if needed
+    $CONTAINER_TOOL pull alpine 2>/dev/null || true
+
+    # Start socat container for port forwarding
+    $CONTAINER_TOOL run -d --name socat-registry --rm --network=host alpine \
+        ash -c "apk add socat && socat TCP-LISTEN:5000,reuseaddr,fork TCP:$(minikube ip):5000" \
+        > /dev/null 2>&1 &
+
+    echo -e "${GREEN}✓ Port forward started (socat container)${NC}"
 else
-    # Remove old container if it exists but is stopped
-    $CONTAINER_TOOL rm -f kind-registry > /dev/null 2>&1 || true
+    # Linux - use kubectl port-forward
+    echo "Linux detected, using kubectl port-forward..."
 
-    # Start registry container on host
-    echo "Starting registry container on host (port 5001)..."
-    $CONTAINER_TOOL run -d --restart=always -p "0.0.0.0:5001:5000" --name "kind-registry" registry:2
+    # Kill any existing port-forward processes
+    pkill -f "kubectl.*port-forward.*registry" || true
+
+    # Start port forward in background
+    kubectl port-forward --namespace kube-system service/registry 5000:80 > /dev/null 2>&1 &
+
+    echo -e "${GREEN}✓ Port forward started (kubectl)${NC}"
 fi
 
-# Verify registry is accessible
-echo "Verifying registry is accessible at localhost:5001..."
-for i in {1..10}; do
-    if curl -s http://localhost:5001/v2/ > /dev/null 2>&1; then
-        echo -e "${GREEN}✓ Registry accessible at localhost:5001${NC}"
+# Wait for registry to be accessible
+echo "Waiting for registry to be accessible at localhost:5000..."
+for i in {1..30}; do
+    if curl -s http://localhost:5000/v2/ > /dev/null 2>&1; then
+        echo -e "${GREEN}✓ Registry accessible at localhost:5000${NC}"
         break
     fi
-    if [ $i -eq 10 ]; then
-        echo -e "${RED}ERROR: Registry not accessible after 10 attempts${NC}"
+    if [ $i -eq 30 ]; then
+        echo -e "${RED}ERROR: Registry not accessible after 30 attempts${NC}"
         exit 1
     fi
-    echo "Attempt $i/10..."
     sleep 1
 done
 
-# Registry will be accessed from Minikube using host.minikube.internal
-REGISTRY="localhost:5001"
-echo "Using registry: $REGISTRY (host), host.minikube.internal:5001 (from Minikube)"
-
 # Build the project
 echo ""
 echo "Building the project..."
@@ -102,17 +120,18 @@ mvn clean package -DskipTests
 echo -e "${GREEN}✓ Project built successfully${NC}"
 
 # Build and push container image to Minikube registry
+REGISTRY="localhost:5000"
 echo ""
 echo "Building container image..."
 $CONTAINER_TOOL build -t ${REGISTRY}/a2a-cloud-deployment:latest .
 echo -e "${GREEN}✓ Container image built${NC}"
 
 echo "Pushing image to Minikube registry..."
-# Retry push a few times as it can be flaky with Podman
+# Retry push a few times as port-forward can be flaky
 MAX_RETRIES=3
 for attempt in $(seq 1 $MAX_RETRIES); do
     echo "Push attempt $attempt/$MAX_RETRIES..."
-    if $CONTAINER_TOOL push ${REGISTRY}/a2a-cloud-deployment:latest --tls-verify=false --retry=2 2>&1 | tee /tmp/push.log; then
+    if $CONTAINER_TOOL push ${REGISTRY}/a2a-cloud-deployment:latest 2>&1 | tee /tmp/push.log; then
         echo -e "${GREEN}✓ Image pushed to registry${NC}"
         break
     else
@@ -245,4 +264,4 @@ echo "To access the agent from outside the cluster:"
 echo "  kubectl port-forward -n a2a-demo svc/a2a-agent-service 8080:8080"
 echo ""
 echo "Then access the agent at:"
-echo "  http://localhost:8080/a2a/agent-card"
+echo "  http://localhost:8080/.well-known/agent-card.json"