allamand/Readme.md

## Readme.md

      
    Raw
  

              Readme.md
            
          
    Copy to ECR

To Copy datas into ou out from China region, we need Data Transfer Hub.
https://aws.amazon.com/solutions/implementations/data-transfer-hub/
Sometimes it is necessary to copy public docker images to private ECR repo.
We can manually do this using manual scripts.
This script will list all running docker image in a Kubernetes cluster, and create a file with all the images
./list-docker-images.sh
Will Download and tag all images listed in the file to be stored on the new registry.
./copy-to-ecr.sh
Debug images on EKS hosts

Connect with SSM to an EKS host and try do download docker images
Debug connection

Authenticate on Registry
ECR=376520866342.dkr.ecr.cn-north-1.amazonaws.com.cn/kubernetes
aws ecr get-login-password --region cn-north-1 | docker login --username AWS --password-stdin $ECR
Retrieve docker credential
ECR_CRED=$(cat ~/.docker/config.json | jq '.auths."376520866342.dkr.ecr.cn-north-1.amazonaws.com.cn".auth' -r | base64 -d)
#nerdctl pull 048912060910.dkr.ecr.cn-northwest-1.amazonaws.com.cn/quay/argoproj/argocd:1.8.0
#ctr image pull 048912060910.dkr.ecr.cn-northwest-1.amazonaws.com.cn/gcr/google_containers:0.7.5

  
## copy-to-ecr.sh
#!/bin/bash

# New registry URL
new_region=cn-north-1
new_account=xxx
new_registry="${new_account}.dkr.ecr.${new_region}.amazonaws.com.cn/kubernetes"

#authenticate on registry
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin 602401143452.dkr.ecr.$AWS_REGION.amazonaws.com
# Input file containing images
input_file="images.txt"
output_file="images_to_push.txt"

rm $output_file

# Ensure the input file exists
if [ ! -f "$input_file" ]; then
    echo "Input file $input_file does not exist."
    exit 1
fi

# Read each line in the input file
while IFS= read -r image; do
    # Skip empty lines
    if [ -z "$image" ]; then
        continue
    fi

    new_image="$new_registry/$(basename "$image")"

      # Pull the Docker image
    docker pull "$image"

    # Tag the image with the new registry URL
    docker tag "$image" "$new_image"

    # Push the tagged image to the new registry
    #docker push "$new_image"
    echo "$new_image" >> $output_file

    echo "Image $image has been pulled, tagged as $new_image, and pushed to the new registry."
done < "$input_file"

## list-docker-images.sh
#!/bin/bash

# Nom du fichier de sortie
tmp_file="/tmp/images.tmp"
output_file="images.txt"
rm $tmp_file

# Efface le fichier de sortie s'il existe déjà
if [ -e "$output_file" ]; then
    rm "$output_file"
fi

# Obtient la liste des pods dans le cluster
pods=$(kubectl get pods --all-namespaces -o custom-columns="NAMESPACE:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].image" --no-headers)

# Parcours chaque ligne de la liste des pods
while IFS= read -r line; do
    namespace=$(echo "$line" | awk '{print $1}')
    pod_name=$(echo "$line" | awk '{print $2}')
    images=$(echo "$line" | awk '{print $3}')

    # Parcours chaque image dans le pod
    # for image in $images; do
    #     echo "$namespace/$pod_name: $image"
    #     echo $image >> $tmp_file
    # done

    # Split images by comma and put them on separate lines
    IFS=',' read -ra image_array <<< "$images"
    for image in "${image_array[@]}"; do
        echo "$namespace/$pod_name: $image"
        echo $image >> $tmp_file
    done
done <<< "$pods"

cat $tmp_file | sort | uniq > $output_file
echo "Liste des images Docker enregistrée dans $output_file"

## push_to_ecr.sh
#!/bin/bash

export AWS_ACCOUNT_ID=xxxx
export AWS_ACCOUNT=$AWS_ACCOUNT_ID
export AWS_REGION=cn-north-1
export AWS_DEFAULT_REGION=$AWS_REGION
export CDK_DEFAULT_REGION=$AWS_REGION

new_registry="${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com.cn/kubernetes"

aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin $new_registry

# Input file containing images
input_file="images_to_push.txt"

# Ensure the input file exists
if [ ! -f "$input_file" ]; then
    echo "Input file $input_file does not exist."
    exit 1
fi

# Read each line in the input file
while IFS= read -r image; do
    # Skip empty lines
    if [ -z "$image" ]; then
        continue
    fi

    docker push "$image"

    echo "Image $image has been pushed to the new registry."
done < "$input_file"
	#!/bin/bash

	# New registry URL
	new_region=cn-north-1
	new_account=xxx
	new_registry="${new_account}.dkr.ecr.${new_region}.amazonaws.com.cn/kubernetes"

	#authenticate on registry
	aws ecr get-login-password --region $AWS_REGION \| docker login --username AWS --password-stdin 602401143452.dkr.ecr.$AWS_REGION.amazonaws.com
	# Input file containing images
	input_file="images.txt"
	output_file="images_to_push.txt"

	rm $output_file

	# Ensure the input file exists
	if [ ! -f "$input_file" ]; then
	echo "Input file $input_file does not exist."
	exit 1
	fi

	# Read each line in the input file
	while IFS= read -r image; do
	# Skip empty lines
	if [ -z "$image" ]; then
	continue
	fi

	new_image="$new_registry/$(basename "$image")"

	# Pull the Docker image
	docker pull "$image"

	# Tag the image with the new registry URL
	docker tag "$image" "$new_image"

	# Push the tagged image to the new registry
	#docker push "$new_image"
	echo "$new_image" >> $output_file

	echo "Image $image has been pulled, tagged as $new_image, and pushed to the new registry."
	done < "$input_file"
	#!/bin/bash

	# Nom du fichier de sortie
	tmp_file="/tmp/images.tmp"
	output_file="images.txt"
	rm $tmp_file

	# Efface le fichier de sortie s'il existe déjà
	if [ -e "$output_file" ]; then
	rm "$output_file"
	fi

	# Obtient la liste des pods dans le cluster
	pods=$(kubectl get pods --all-namespaces -o custom-columns="NAMESPACE:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].image" --no-headers)

	# Parcours chaque ligne de la liste des pods
	while IFS= read -r line; do
	namespace=$(echo "$line" \| awk '{print $1}')
	pod_name=$(echo "$line" \| awk '{print $2}')
	images=$(echo "$line" \| awk '{print $3}')

	# Parcours chaque image dans le pod
	# for image in $images; do
	# echo "$namespace/$pod_name: $image"
	# echo $image >> $tmp_file
	# done

	# Split images by comma and put them on separate lines
	IFS=',' read -ra image_array <<< "$images"
	for image in "${image_array[@]}"; do
	echo "$namespace/$pod_name: $image"
	echo $image >> $tmp_file
	done
	done <<< "$pods"

	cat $tmp_file \| sort \| uniq > $output_file
	echo "Liste des images Docker enregistrée dans $output_file"
	#!/bin/bash

	export AWS_ACCOUNT_ID=xxxx
	export AWS_ACCOUNT=$AWS_ACCOUNT_ID
	export AWS_REGION=cn-north-1
	export AWS_DEFAULT_REGION=$AWS_REGION
	export CDK_DEFAULT_REGION=$AWS_REGION

	new_registry="${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com.cn/kubernetes"

	aws ecr get-login-password --region ${AWS_REGION} \| docker login --username AWS --password-stdin $new_registry

	# Input file containing images
	input_file="images_to_push.txt"

	# Ensure the input file exists
	if [ ! -f "$input_file" ]; then
	echo "Input file $input_file does not exist."
	exit 1
	fi

	# Read each line in the input file
	while IFS= read -r image; do
	# Skip empty lines
	if [ -z "$image" ]; then
	continue
	fi

	docker push "$image"

	echo "Image $image has been pushed to the new registry."
	done < "$input_file"