Skip to content

Instantly share code, notes, and snippets.

@nickistre
Last active September 15, 2023 17:41
Show Gist options
  • Save nickistre/4982565a0c966c32046b4f79fe95bb9f to your computer and use it in GitHub Desktop.
Save nickistre/4982565a0c966c32046b4f79fe95bb9f to your computer and use it in GitHub Desktop.
Files to help with air-gapped Kubernetes environments
#!/usr/bin/env bash
# Registry name to transfer to
REGISTRY="${1:?Registry name is required as argument}"
# Check that this actually looks like a registry host and not an image URL.
if [[ $REGISTRY == *"/"* ]]; then
echo "\"${REGISTRY}\" looks like an image location, not the registry host. Exiting."
exit 1
fi
shift
# This should be the arguments of source images to transfer
# This list could be retrieved from an existing setup with:
# kubectl get pods -n ${NAMESPACE} -o jsonpath="{.items[*].spec.containers[*].image}" |tr -s '[[:space:]]' '\n'|sort |uniq |tr '\n' ' '
# Modified from: https://kubernetes.io/docs/tasks/access-application-cluster/list-all-running-container-images/#list-all-container-images-in-all-namespaces
SOURCE_IMAGES="${@:?Sources should be entered as arguments}"
# Convert string to an array, using space as delimiter
IFS=' ' read -a SOURCE_IMAGES_ARRAY <<< "${SOURCE_IMAGES}"
for SOURCE_IMAGE in "${SOURCE_IMAGES_ARRAY[@]}"
do
echo "source: ${SOURCE_IMAGE}"
# Strip any registry name from the source image name
REPO_IMAGE=$(echo "${SOURCE_IMAGE}" | sed -r -E 's/^(.*\/)?(.*\/.*(\:.*)?)$/\2/')
DESTINATION_IMAGE="${REGISTRY}/${REPO_IMAGE}"
echo "destination: ${DESTINATION_IMAGE}"
# Pull source image with docker
docker pull "${SOURCE_IMAGE}"
# Tag image with destination
docker tag "${SOURCE_IMAGE}" "${DESTINATION_IMAGE}"
# Push image to destination registry
docker push "${DESTINATION_IMAGE}"
echo "---"
done
exit 0
# Shortcut to setting up docker login to ECR.
aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin https://${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com
# Shortcut to setting up helm login to ECR.
aws ecr get-login-password --region ${AWS_REGION} | helm registry login \
--username AWS --password-stdin ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com
# Shortcut to setting up image registry secret to ECR
kubectl delete secret cnct-registry -n ${NAMESPACE}
kubectl create secret docker-registry cnct-registry -n ${NAMESPACE} \
--docker-server=${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com \
--docker-username=AWS \
--docker-password=$(aws ecr get-login-password)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment