01-create-isolated-kind-custer-and-registry.sh

#!/usr/bin/env bash
set -euo pipefail
IFS=$'\n\t'

if [ -z ${SCRIPT_DIR+x} ]; then
  SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
  readonly SCRIPT_DIR
fi

# shellcheck source=./variables.sh
source "${SCRIPT_DIR}/variables.sh"

pushd "${SCRIPT_DIR}" &>/dev/null

if ! docker network inspect "${DOCKER_NETWORK_NAME}" &>/dev/null; then
  docker network create --driver bridge --internal "${DOCKER_NETWORK_NAME}"
fi

set +e
CURL_OUTPUT="$(docker run --rm --network "${DOCKER_NETWORK_NAME}" alpine/curl -fsSL https://registry-1.docker.io 2>&1)"
if [ $? != 6 ]; then
  echo "Unexpected curl output: ${CURL_OUTPUT}"
  exit $?
fi
set -e

if ! docker container inspect "${REGISTRY_NAME}" &>/dev/null; then
  mkdir -p "${SCRIPT_DIR}/pki/"
  openssl req \
    -newkey rsa:4096 \
    -days 7 \
    -nodes \
    -x509 \
    -subj "/CN=${REGISTRY_NAME}" \
    -extensions SAN \
    -config <(cat "$([[ -f /System/Library/OpenSSL/openssl.cnf ]] && echo /System/Library/OpenSSL/openssl.cnf || echo /etc/ssl/openssl.cnf)" \
      <(printf "[SAN]\nsubjectAltName='DNS.1:%s,DNS.2:%s'" "${REGISTRY_NAME}" "registry")) \
    -keyout "${SCRIPT_DIR}/pki/registry.key" \
    -out "${SCRIPT_DIR}/pki/registry.crt"

  docker container run \
    -d --restart=always --name "${REGISTRY_NAME}" \
    -v "${SCRIPT_DIR}/pki/registry.key":/certs/tls.key \
    -v "${SCRIPT_DIR}/pki/registry.crt":/certs/tls.crt \
    -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/tls.crt \
    -e REGISTRY_HTTP_TLS_KEY=/certs/tls.key \
    -e REGISTRY_HTTP_PREFIX=/nested/subpath \
    -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
    -e REGISTRY_PROXY_USERNAME="${DOCKER_USERNAME}" \
    -e REGISTRY_PROXY_PASSWORD="${DOCKER_PASSWORD}" \
    -p 443:443 \
    registry:2
fi

if [ -z "$(docker container inspect "${REGISTRY_NAME}" \
          -f "{{with (index .NetworkSettings.Networks \"${DOCKER_NETWORK_NAME}\")}}true{{end}}")" ]; then
  docker network connect --alias registry "${DOCKER_NETWORK_NAME}" "${REGISTRY_NAME}"
fi

sed "s/REGISTRY_NAME/registry/g" "${SCRIPT_DIR}"/kind-config.yaml | \
  env KIND_EXPERIMENTAL_DOCKER_NETWORK="${DOCKER_NETWORK_NAME}" \
    kind create cluster --name "${KIND_CLUSTER_NAME}" --config - || true

popd &>/dev/null

99-cleanup.sh

#!/usr/bin/env bash
set -euo pipefail
IFS=$'\n\t'

if [ -z ${SCRIPT_DIR+x} ]; then
  SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
  readonly SCRIPT_DIR
fi

# shellcheck source=./variables.sh
source "${SCRIPT_DIR}/variables.sh"

pushd "${SCRIPT_DIR}" &>/dev/null

if kind get clusters | grep -Eo "^${KIND_CLUSTER_NAME}$" &>/dev/null; then
  kind delete cluster --name "${KIND_CLUSTER_NAME}"
fi

if docker container inspect "${REGISTRY_NAME}" &>/dev/null; then
  docker container rm -fv "${REGISTRY_NAME}"
fi

if docker network inspect "${DOCKER_NETWORK_NAME}" &>/dev/null; then
  docker network rm "${DOCKER_NETWORK_NAME}"
fi

rm -rf "${SCRIPT_DIR}/pki/"

popd &>/dev/null

kind-config.yaml

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
  - role: control-plane
    extraMounts:
    - hostPath: ./pki/
      containerPath: /etc/kubernetes/pki/kind/
containerdConfigPatches:
  - |-
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
      endpoint = ["https://REGISTRY_NAME/nested/subpath/v2"]
    [plugins."io.containerd.grpc.v1.cri".registry.configs."REGISTRY_NAME".tls]
      ca_file = "/etc/kubernetes/pki/kind/REGISTRY_NAME.crt"

variables.sh

#!/usr/bin/env bash

declare -rx KIND_CLUSTER_NAME="${KIND_CLUSTER_NAME:-kind-mirror-example}"
declare -rx DOCKER_NETWORK_NAME="${DOCKER_NETWORK_NAME:-${KIND_CLUSTER_NAME}}"
declare -r REGISTRY_NAME="${REGISTRY_NAME:-${KIND_CLUSTER_NAME}-registry}"