bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
66dfd50fbc22de02f830bd721c0b6767cf82b2d5
bakery-ia/scripts/prepull-base-images-for-prod.sh

324 lines
10 KiB
Bash
Raw Normal View History

Add new infra architecture 12
2026-01-21 16:21:24 +01:00
#!/bin/bash
# Base Image Pre-Pull Script for Bakery-IA Production
# This script pre-pulls all required base images for production deployment
# Supports both local development and production environments with Gitea registry
set -e
# Function to display usage
usage() {
echo "Usage: $0 [options]"
echo ""
echo "Options:"
echo " -e, --environment ENV Set environment (dev|prod) - default: dev"
echo " -r, --registry REG Custom registry URL - default: localhost:5000 (dev) or gitea registry (prod)"
echo " --skip-auth Skip Docker Hub authentication"
echo " --push-images Push images to registry (default: true for dev, false for prod)"
echo " --no-push-images Don't push images to registry"
echo " -h, --help Show this help message"
echo ""
echo "Examples:"
echo " $0 # Run in dev mode with local registry"
echo " $0 -e prod # Run in production mode with Gitea registry"
echo " $0 -e prod -r registry.example.com:5000 # Run in production with custom registry"
echo " $0 --skip-auth # Skip Docker Hub auth (for air-gapped envs)"
exit 1
}
# Parse command line arguments
ENVIRONMENT="dev"
REGISTRY=""
SKIP_AUTH=false
PUSH_IMAGES=""
while [[ $# -gt 0 ]]; do
case $1 in
-e|--environment)
ENVIRONMENT="$2"
shift 2
;;
-r|--registry)
REGISTRY="$2"
shift 2
;;
--skip-auth)
SKIP_AUTH=true
shift
;;
--push-images)
PUSH_IMAGES=true
shift
;;
--no-push-images)
PUSH_IMAGES=false
shift
;;
-h|--help)
usage
;;
*)
echo "Unknown option: $1"
usage
;;
esac
done
# Function to check if required tools are available
check_required_tools() {
local missing_tools=()
# Check for required tools
for tool in docker curl jq kubectl; do
if ! command -v "$tool" &> /dev/null; then
missing_tools+=("$tool")
fi
done
if [ ${#missing_tools[@]} -gt 0 ]; then
echo "Error: Missing required tools: ${missing_tools[*]}"
echo "Please install them before running this script."
echo ""
echo "On macOS (with Homebrew):"
echo " brew install docker curl jq kubectl"
echo ""
echo "On Ubuntu/Debian:"
echo " sudo apt-get install docker.io curl jq kubectl"
echo ""
echo "On CentOS/RHEL:"
echo " sudo yum install docker curl jq kubectl"
exit 1
fi
}
# Check for required tools
check_required_tools
echo "=========================================="
echo "Bakery-IA Base Image Pre-Pull Script"
echo "Environment: $ENVIRONMENT"
echo "=========================================="
echo ""
# Set defaults based on environment
if [ "$ENVIRONMENT" = "prod" ]; then
# Production environment - use Gitea registry
if [ -z "$REGISTRY" ]; then
# Try to get Gitea registry from Kubernetes
if kubectl get secret gitea-registry-secret -n bakery-ia &>/dev/null; then
# Extract registry URL from the secret
REGISTRY_JSON=$(kubectl get secret gitea-registry-secret -n bakery-ia -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d)
REGISTRY=$(echo "$REGISTRY_JSON" | jq -r '.auths | keys[]' | head -n 1)
echo "Detected Gitea registry: $REGISTRY"
else
echo "Error: Could not detect Gitea registry automatically"
echo "Please specify the registry with -r/--registry option"
echo "Example: $0 -e prod -r gitea-http.gitea.svc.cluster.local:3000"
exit 1
fi
fi
# Default to not pushing images in production - they should be built by CI/CD
if [ -z "$PUSH_IMAGES" ]; then
PUSH_IMAGES=false
fi
elif [ "$ENVIRONMENT" = "dev" ]; then
# Development environment - use local registry
if [ -z "$REGISTRY" ]; then
REGISTRY="localhost:5000"
fi
# Default to pushing images in dev
if [ -z "$PUSH_IMAGES" ]; then
PUSH_IMAGES=true
fi
else
echo "Error: Invalid environment. Use 'dev' or 'prod'"
exit 1
fi
echo "Registry configuration:"
echo " Environment: $ENVIRONMENT"
echo " Registry: $REGISTRY"
echo " Push Images: $PUSH_IMAGES"
echo ""
# Docker Hub credentials (use environment variables or defaults)
DOCKER_USERNAME="${DOCKER_HUB_USERNAME:-uals}"
DOCKER_PASSWORD="${DOCKER_HUB_PASSWORD:-dckr_pat_zzEY5Q58x1S0puraIoKEtbpue3A}"
# Authenticate with Docker Hub if not skipping auth
if [ "$SKIP_AUTH" = false ]; then
echo "Authenticating with Docker Hub..."
if ! echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin; then
echo "⚠ Warning: Docker Hub authentication failed. Continuing anyway..."
else
echo "✓ Authentication successful"
fi
else
echo "Skipping Docker Hub authentication (--skip-auth flag set)"
fi
echo ""
# Define all base images used in the project
# These are the base images needed for the services
BASE_IMAGES=(
# Service base images (Python microservices)
"python:3.11-slim"
# Frontend base images (Node.js build + Nginx runtime)
"node:18-alpine"
"nginx:1.25-alpine"
# Database images
"postgres:17-alpine"
"redis:7.4-alpine"
"rabbitmq:4.1-management-alpine"
# Utility images
"busybox:1.36"
"curlimages/curl:latest"
"bitnami/kubectl:latest"
# Alpine variants
"alpine:3.18"
"alpine:3.19"
"alpine/git:2.43.0"
# CI/CD images
"gcr.io/kaniko-project/executor:v1.23.0"
"gcr.io/go-containerregistry/crane:latest"
"registry.k8s.io/kustomize/kustomize:v5.3.0"
# Storage images
"minio/minio:RELEASE.2024-11-07T00-52-20Z"
"minio/mc:RELEASE.2024-11-17T19-35-25Z"
# Geocoding
"mediagis/nominatim:4.4"
# Mail server (Mailu - from GHCR)
"ghcr.io/mailu/nginx:2024.06"
"ghcr.io/mailu/admin:2024.06"
"ghcr.io/mailu/postfix:2024.06"
"ghcr.io/mailu/dovecot:2024.06"
"ghcr.io/mailu/rspamd:2024.06"
)
# If using registry, verify it's running
if [ "$PUSH_IMAGES" = true ]; then
echo "Checking registry at $REGISTRY..."
if curl -s http://$REGISTRY/v2/ >/dev/null 2>&1; then
echo "✓ Registry is accessible"
elif curl -s https://$REGISTRY/v2/ >/dev/null 2>&1; then
echo "✓ Registry is accessible (HTTPS)"
# Update registry to use HTTPS if needed
REGISTRY="https://$REGISTRY"
else
echo "⚠ Registry is not accessible at $REGISTRY"
echo "Will only pull images locally (no registry push)"
PUSH_IMAGES=false
fi
fi
echo ""
echo "Base images to pre-pull:"
echo "----------------------------------------"
for image in "${BASE_IMAGES[@]}"; do
echo " - $image"
done
echo ""
echo "Starting pre-pull process..."
echo "----------------------------------------"
# Track success/failure
FAILED_IMAGES=()
SUCCESS_COUNT=0
# Pull each base image
for image in "${BASE_IMAGES[@]}"; do
echo "Pulling: $image"
# Pull the image
if ! docker pull "$image"; then
echo " ⚠ Failed to pull $image"
FAILED_IMAGES+=("$image")
continue
fi
# Tag for registry if enabled
if [ "$PUSH_IMAGES" = true ]; then
# Extract registry host and image name
if [[ "$REGISTRY" == https://* ]]; then
REGISTRY_HOST=${REGISTRY#https://}
else
REGISTRY_HOST=$REGISTRY
fi
# Format for registry: use bakery-admin namespace and preserve original name/tag
# Extract image name and tag
if [[ "$image" == *:* ]]; then
image_name="${image%:*}"
image_tag="${image#*:}"
else
image_name="$image"
image_tag="latest"
fi
# Replace slashes with underscores for repository name
repo_name="$(echo "$image_name" | sed 's|/|_|g' | tr '[:upper:]' '[:lower:]')"
# Use bakery-admin namespace and preserve original tag
registry_image="$REGISTRY_HOST/bakery-admin/${repo_name}:${image_tag}"
docker tag "$image" "$registry_image"
echo " Tagged as: $registry_image"
# Push to registry
if docker push "$registry_image"; then
echo " ✓ Pushed to registry"
else
echo " ⚠ Failed to push to registry (image still available locally)"
fi
fi
echo " ✓ Successfully pulled $image"
SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
echo ""
done
echo "=========================================="
echo "Base Image Pre-Pull Complete!"
echo "=========================================="
echo ""
echo "Summary:"
echo " - Total images: ${#BASE_IMAGES[@]}"
echo " - Successfully pulled: $SUCCESS_COUNT"
if [ ${#FAILED_IMAGES[@]} -gt 0 ]; then
echo " - Failed: ${#FAILED_IMAGES[@]}"
echo " - Failed images: ${FAILED_IMAGES[*]}"
fi
echo " - Environment: $ENVIRONMENT"
if [ "$PUSH_IMAGES" = true ]; then
echo " - Registry: $REGISTRY"
else
echo " - Registry: None (local Docker only)"
fi
echo ""
# Exit with error if any images failed
if [ ${#FAILED_IMAGES[@]} -gt 0 ]; then
echo "⚠ Some images failed to pull. This may be due to Docker Hub rate limits."
echo "Please try again later or configure Docker Hub credentials."
exit 1
fi
echo "✓ All images pulled successfully!"
if [ "$ENVIRONMENT" = "prod" ] && [ "$PUSH_IMAGES" = false ]; then
echo ""
echo "💡 Note: In production mode, images are not pushed to registry."
echo " Images should be built and pushed by your CI/CD pipeline."
echo " Make sure your CI/CD pipeline has built and pushed the required images."
echo ""
echo "💡 To build and push service images to Gitea registry:"
echo " 1. Ensure your CI/CD pipeline is running (Tekton)"
echo " 2. Push a commit to trigger the pipeline: git commit --allow-empty -m 'Trigger build'"
echo " 3. Or manually trigger a pipeline run"
echo ""
echo "💡 Check pipeline status:"
echo " kubectl get pipelineruns -n tekton-pipelines"
echo " kubectl get pods -n tekton-pipelines"
fi
Reference in New Issue Copy Permalink