Last active
September 15, 2023 17:41
-
-
Save nickistre/4982565a0c966c32046b4f79fe95bb9f to your computer and use it in GitHub Desktop.
Files to help with air-gapped Kubernetes environments
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Registry name to transfer to | |
| REGISTRY="${1:?Registry name is required as argument}" | |
| # Check that this actually looks like a registry host and not an image URL. | |
| if [[ $REGISTRY == *"/"* ]]; then | |
| echo "\"${REGISTRY}\" looks like an image location, not the registry host. Exiting." | |
| exit 1 | |
| fi | |
| shift | |
| # This should be the arguments of source images to transfer | |
| # This list could be retrieved from an existing setup with: | |
| # kubectl get pods -n ${NAMESPACE} -o jsonpath="{.items[*].spec.containers[*].image}" |tr -s '[[:space:]]' '\n'|sort |uniq |tr '\n' ' ' | |
| # Modified from: https://kubernetes.io/docs/tasks/access-application-cluster/list-all-running-container-images/#list-all-container-images-in-all-namespaces | |
| SOURCE_IMAGES="${@:?Sources should be entered as arguments}" | |
| # Convert string to an array, using space as delimiter | |
| IFS=' ' read -a SOURCE_IMAGES_ARRAY <<< "${SOURCE_IMAGES}" | |
| for SOURCE_IMAGE in "${SOURCE_IMAGES_ARRAY[@]}" | |
| do | |
| echo "source: ${SOURCE_IMAGE}" | |
| # Strip any registry name from the source image name | |
| REPO_IMAGE=$(echo "${SOURCE_IMAGE}" | sed -r -E 's/^(.*\/)?(.*\/.*(\:.*)?)$/\2/') | |
| DESTINATION_IMAGE="${REGISTRY}/${REPO_IMAGE}" | |
| echo "destination: ${DESTINATION_IMAGE}" | |
| # Pull source image with docker | |
| docker pull "${SOURCE_IMAGE}" | |
| # Tag image with destination | |
| docker tag "${SOURCE_IMAGE}" "${DESTINATION_IMAGE}" | |
| # Push image to destination registry | |
| docker push "${DESTINATION_IMAGE}" | |
| echo "---" | |
| done | |
| exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Shortcut to setting up docker login to ECR. | |
| aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin https://${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Shortcut to setting up helm login to ECR. | |
| aws ecr get-login-password --region ${AWS_REGION} | helm registry login \ | |
| --username AWS --password-stdin ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Shortcut to setting up image registry secret to ECR | |
| kubectl delete secret cnct-registry -n ${NAMESPACE} | |
| kubectl create secret docker-registry cnct-registry -n ${NAMESPACE} \ | |
| --docker-server=${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com \ | |
| --docker-username=AWS \ | |
| --docker-password=$(aws ecr get-login-password) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment