Created
November 22, 2021 03:44
-
-
Save Vertiwell/a3d5e3495368ca7aad8d1cb4ee7256fa to your computer and use it in GitHub Desktop.
docker-registry-ext-access-registry.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### Docker Registry Access | |
## Set Variables: | |
# Set a domain to use (needs to be real if you want to access this externally from the internet) | |
echo "Provide a common name to use for browsing to (i.e: app.example.com):" | |
read DOMAIN | |
# Get the Cert-Manager Issuer | |
CI=$(kubectl get clusterissuer --output=jsonpath={.items..metadata.name}) | |
PS3='Please select a Cluster Issuer to provide certificates: ' | |
options=($CI) | |
select ISSUER in "${options[@]}" | |
do | |
echo "Using $ISSUER as the Cluster Issuer"; export ISSUER=$ISSUER; break | |
done | |
# Get the Namespace | |
NS=$(kubectl get namespaces --output=jsonpath={.items..metadata.name}) | |
PS3='Please select the Namespace in which the application lives: ' | |
options=($NS) | |
select NAMESPACE in "${options[@]}" | |
do | |
echo "Using $NAMESPACE as the Namespace"; export NAMESPACE=$NAMESPACE; break | |
done | |
# Get the Service | |
SE=$(kubectl get svc -n $NAMESPACE --output=jsonpath={.items..metadata.name}) | |
PS3='Please select the Service you want the Ingress to target: ' | |
options=($SE) | |
select SERVICE in "${options[@]}" | |
do | |
echo "Using $SERVICE as the Service"; export SERVICE=$SERVICE; break | |
done | |
# Create the Certificate (standard template against name.whatever.com your domain is) | |
cat <<EOF >$SERVICE-dashboard-cert.yaml | |
apiVersion: cert-manager.io/v1 | |
kind: Certificate | |
metadata: | |
name: $SERVICE-dashboard-cert | |
namespace: $NAMESPACE | |
spec: | |
commonName: $DOMAIN | |
secretName: $SERVICE-dashboard-cert | |
dnsNames: | |
- $DOMAIN | |
issuerRef: | |
name: $ISSUER | |
kind: ClusterIssuer | |
EOF | |
# Create the IngressRoute to direct traffic to your application | |
cat <<EOF >$SERVICE-dashboard-ingress.yaml | |
apiVersion: traefik.containo.us/v1alpha1 | |
kind: IngressRoute | |
metadata: | |
name: $SERVICE-dashboard-ingress | |
namespace: $NAMESPACE | |
spec: | |
entryPoints: | |
- websecure | |
routes: | |
- match: Host(\`$DOMAIN\`) && PathPrefix(\`/\`) | |
kind: Rule | |
services: | |
- name: $SERVICE | |
port: 5000 | |
tls: | |
secretName: $SERVICE-dashboard-cert | |
EOF | |
# Deploy Certificate and Ingress to cluster | |
kubectl apply -f $SERVICE-dashboard-cert.yaml && kubectl apply -f $SERVICE-dashboard-ingress.yaml && \ | |
## Test | |
# Add host entry if required (if not comment out) | |
printf "192.168.1.150 "$DOMAIN"" >> /etc/hosts && \ | |
# Grab username and password | |
export DUSER=$(cat temp-pass-registry | sed -n -e 's/^.*Registry Username: //p') && \ | |
export DPASS=$(cat temp-pass-registry | sed -n -e 's/^.*Registry Password: //p') && \ | |
echo $DPASS | docker login https://$DOMAIN --username $DUSER --password-stdin && \ | |
# Cleanup | |
rm $SERVICE-* | |
# Provide the user the URL | |
echo "URL is https://$DOMAIN" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment