2026-01-19 11:55:17 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
# Base Image Pre-Pull Script for Bakery-IA
|
|
|
|
|
# This script pre-pulls all required base images to reduce Docker Hub usage
|
|
|
|
|
# Run this script before building services to cache base images locally
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
echo "=========================================="
|
|
|
|
|
echo "Bakery-IA Base Image Pre-Pull Script"
|
|
|
|
|
echo "=========================================="
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
# Docker Hub credentials (use the same as in your Kubernetes setup)
|
|
|
|
|
DOCKER_USERNAME="uals"
|
|
|
|
|
DOCKER_PASSWORD="dckr_pat_zzEY5Q58x1S0puraIoKEtbpue3A"
|
|
|
|
|
|
|
|
|
|
# Authenticate with Docker Hub
|
|
|
|
|
echo "Authenticating with Docker Hub..."
|
|
|
|
|
docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
|
|
|
|
|
echo "✓ Authentication successful"
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
# Define all base images used in the project
|
|
|
|
|
# All images are cached in local registry for dev environment
|
|
|
|
|
BASE_IMAGES=(
|
|
|
|
|
# Service base images
|
|
|
|
|
"python:3.11-slim"
|
|
|
|
|
# Database images
|
|
|
|
|
"postgres:17-alpine"
|
|
|
|
|
"redis:7.4-alpine"
|
|
|
|
|
"rabbitmq:4.1-management-alpine"
|
|
|
|
|
# Utility images
|
|
|
|
|
"busybox:1.36"
|
|
|
|
|
"curlimages/curl:latest"
|
|
|
|
|
"bitnami/kubectl:latest"
|
|
|
|
|
# Alpine variants
|
|
|
|
|
"alpine:3.18"
|
|
|
|
|
"alpine:3.19"
|
|
|
|
|
"alpine/git:2.43.0"
|
|
|
|
|
# CI/CD images
|
|
|
|
|
"gcr.io/kaniko-project/executor:v1.23.0"
|
|
|
|
|
"gcr.io/go-containerregistry/crane:latest"
|
|
|
|
|
"registry.k8s.io/kustomize/kustomize:v5.3.0"
|
|
|
|
|
# Storage images
|
|
|
|
|
"minio/minio:RELEASE.2024-11-07T00-52-20Z"
|
|
|
|
|
"minio/mc:RELEASE.2024-11-17T19-35-25Z"
|
|
|
|
|
# Geocoding
|
|
|
|
|
"mediagis/nominatim:4.4"
|
|
|
|
|
# Mail server (Mailu - from GHCR)
|
|
|
|
|
"ghcr.io/mailu/nginx:2024.06"
|
|
|
|
|
"ghcr.io/mailu/admin:2024.06"
|
|
|
|
|
"ghcr.io/mailu/postfix:2024.06"
|
|
|
|
|
"ghcr.io/mailu/dovecot:2024.06"
|
|
|
|
|
"ghcr.io/mailu/rspamd:2024.06"
|
|
|
|
|
)
|
|
|
|
|
|
2026-01-19 22:28:53 +01:00
|
|
|
# Registry configuration
|
|
|
|
|
# Read from environment variables (set by Tiltfile or manually)
|
|
|
|
|
# USE_LOCAL_REGISTRY=true to push images to local registry after pulling
|
|
|
|
|
# USE_GITEA_REGISTRY=true to push images to Gitea registry after pulling
|
2026-01-20 07:20:56 +01:00
|
|
|
USE_LOCAL_REGISTRY="${USE_LOCAL_REGISTRY:-false}"
|
|
|
|
|
USE_GITEA_REGISTRY="${USE_GITEA_REGISTRY:-true}"
|
2026-01-19 22:28:53 +01:00
|
|
|
|
|
|
|
|
echo "Registry configuration:"
|
|
|
|
|
echo " USE_LOCAL_REGISTRY=$USE_LOCAL_REGISTRY"
|
|
|
|
|
echo " USE_GITEA_REGISTRY=$USE_GITEA_REGISTRY"
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
# Check if Gitea registry should be used instead
|
|
|
|
|
if [ "$USE_GITEA_REGISTRY" = "true" ]; then
|
|
|
|
|
# Gitea registry is accessed via HTTPS on the registry subdomain (TLS terminated at ingress)
|
|
|
|
|
# Docker push/pull should use: registry.bakery-ia.local
|
|
|
|
|
# The registry serves on port 443 (HTTPS via ingress) but Docker defaults to 443 for HTTPS
|
|
|
|
|
REGISTRY="registry.bakery-ia.local"
|
|
|
|
|
echo "Testing Gitea registry accessibility at $REGISTRY..."
|
|
|
|
|
|
|
|
|
|
# Test if Gitea registry is accessible (try HTTPS first, then HTTP)
|
2026-01-20 07:20:56 +01:00
|
|
|
# Note: Gitea registry might return 401 Unauthorized when not authenticated, which is expected
|
|
|
|
|
# We're just checking if the service is reachable
|
|
|
|
|
if curl -sk -o /dev/null -w "%{http_code}" https://$REGISTRY/v2/ | grep -q "^[234]"; then
|
2026-01-19 22:28:53 +01:00
|
|
|
echo "✓ Gitea registry accessible via HTTPS"
|
2026-01-20 07:20:56 +01:00
|
|
|
|
|
|
|
|
# Authenticate with Gitea registry if accessible
|
|
|
|
|
echo "Authenticating with Gitea registry..."
|
|
|
|
|
echo "Note: For self-signed certificates, you may need to configure Docker to trust the registry:"
|
|
|
|
|
echo " 1. Add to /etc/docker/daemon.json:"
|
|
|
|
|
echo " {\"insecure-registries\": [\"$REGISTRY\"]}"
|
|
|
|
|
echo " 2. Restart Docker: sudo systemctl restart docker"
|
|
|
|
|
echo " 3. Or use: docker --insecure-registry $REGISTRY login $REGISTRY"
|
|
|
|
|
|
|
|
|
|
# Try to authenticate (this may fail due to certificate issues)
|
|
|
|
|
if ! docker login $REGISTRY; then
|
|
|
|
|
echo "Warning: Failed to authenticate with Gitea registry"
|
|
|
|
|
echo "This could be due to:"
|
|
|
|
|
echo " - Self-signed certificate issues (see above)"
|
|
|
|
|
echo " - Incorrect credentials"
|
|
|
|
|
echo " - Registry not properly configured"
|
|
|
|
|
echo "You may need to run: docker login $REGISTRY"
|
|
|
|
|
echo "Falling back to local registry"
|
|
|
|
|
REGISTRY="localhost:5000"
|
|
|
|
|
USE_GITEA_REGISTRY="false"
|
|
|
|
|
else
|
|
|
|
|
echo "✓ Gitea registry authentication successful"
|
|
|
|
|
fi
|
|
|
|
|
elif curl -s -o /dev/null -w "%{http_code}" http://$REGISTRY/v2/ | grep -q "^[234]"; then
|
2026-01-19 22:28:53 +01:00
|
|
|
echo "✓ Gitea registry accessible via HTTP"
|
2026-01-20 07:20:56 +01:00
|
|
|
|
|
|
|
|
# Authenticate with Gitea registry if accessible
|
|
|
|
|
echo "Authenticating with Gitea registry..."
|
|
|
|
|
echo "Note: For self-signed certificates, you may need to configure Docker to trust the registry:"
|
|
|
|
|
echo " 1. Add to /etc/docker/daemon.json:"
|
|
|
|
|
echo " {\"insecure-registries\": [\"$REGISTRY\"]}"
|
|
|
|
|
echo " 2. Restart Docker: sudo systemctl restart docker"
|
|
|
|
|
echo " 3. Or use: docker --insecure-registry $REGISTRY login $REGISTRY"
|
|
|
|
|
|
|
|
|
|
# Try to authenticate (this may fail due to certificate issues)
|
|
|
|
|
if ! docker login $REGISTRY; then
|
|
|
|
|
echo "Warning: Failed to authenticate with Gitea registry"
|
|
|
|
|
echo "This could be due to:"
|
|
|
|
|
echo " - Self-signed certificate issues (see above)"
|
|
|
|
|
echo " - Incorrect credentials"
|
|
|
|
|
echo " - Registry not properly configured"
|
|
|
|
|
echo "You may need to run: docker login $REGISTRY"
|
|
|
|
|
echo "Falling back to local registry"
|
|
|
|
|
REGISTRY="localhost:5000"
|
|
|
|
|
USE_GITEA_REGISTRY="false"
|
|
|
|
|
else
|
|
|
|
|
echo "✓ Gitea registry authentication successful"
|
|
|
|
|
fi
|
2026-01-19 22:28:53 +01:00
|
|
|
else
|
|
|
|
|
echo "Warning: Gitea registry at $REGISTRY is not accessible, falling back to local registry"
|
2026-01-20 07:20:56 +01:00
|
|
|
echo "This could be because:"
|
|
|
|
|
echo " 1. Gitea is not running or not properly configured"
|
|
|
|
|
echo " 2. The ingress is not properly routing to Gitea"
|
|
|
|
|
echo " 3. The registry service is not exposed"
|
2026-01-19 22:28:53 +01:00
|
|
|
REGISTRY="localhost:5000"
|
2026-01-20 07:20:56 +01:00
|
|
|
USE_GITEA_REGISTRY="false"
|
2026-01-19 22:28:53 +01:00
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
REGISTRY="localhost:5000"
|
|
|
|
|
fi
|
2026-01-19 11:55:17 +01:00
|
|
|
|
|
|
|
|
echo "Base images to pre-pull:"
|
|
|
|
|
echo "----------------------------------------"
|
|
|
|
|
for image in "${BASE_IMAGES[@]}"; do
|
|
|
|
|
echo " - $image"
|
|
|
|
|
done
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
echo "Starting pre-pull process..."
|
|
|
|
|
echo "----------------------------------------"
|
|
|
|
|
|
|
|
|
|
# Pull each base image
|
|
|
|
|
for image in "${BASE_IMAGES[@]}"; do
|
|
|
|
|
echo "Pulling: $image"
|
|
|
|
|
|
|
|
|
|
# Pull the image
|
|
|
|
|
docker pull "$image"
|
|
|
|
|
|
2026-01-19 22:28:53 +01:00
|
|
|
# Tag for registry if enabled
|
|
|
|
|
if [ "$USE_LOCAL_REGISTRY" = "true" ] || [ "$USE_GITEA_REGISTRY" = "true" ]; then
|
2026-01-20 07:20:56 +01:00
|
|
|
if [ "$USE_GITEA_REGISTRY" = "true" ]; then
|
|
|
|
|
# Gitea registry requires format: registry/owner/package:tag
|
|
|
|
|
# Convert image name to package name:
|
|
|
|
|
# - Replace / with - (e.g., gcr.io/kaniko-project/executor -> gcr.io-kaniko-project-executor)
|
|
|
|
|
# - Keep the tag if present, otherwise use original tag
|
|
|
|
|
# Example: gcr.io/kaniko-project/executor:v1.23.0 -> bakery-admin/gcr.io-kaniko-project-executor:v1.23.0
|
|
|
|
|
image_name="${image%%:*}" # Remove tag
|
|
|
|
|
image_tag="${image#*:}" # Get tag
|
|
|
|
|
if [ "$image_name" = "$image_tag" ]; then
|
|
|
|
|
image_tag="latest" # No tag in original, use latest
|
|
|
|
|
fi
|
|
|
|
|
# Convert image name: replace / with - and lowercase
|
|
|
|
|
package_name="$(echo $image_name | sed 's|/|-|g' | tr '[:upper:]' '[:lower:]')"
|
|
|
|
|
registry_image="$REGISTRY/bakery-admin/${package_name}:${image_tag}"
|
|
|
|
|
else
|
|
|
|
|
# Local registry format: replace / and : with _
|
|
|
|
|
local_repo="$(echo $image | sed 's|/|_|g' | sed 's|:|_|g' | tr '[:upper:]' '[:lower:]')"
|
|
|
|
|
registry_image="$REGISTRY/${local_repo}:latest"
|
|
|
|
|
fi
|
|
|
|
|
|
2026-01-19 22:28:53 +01:00
|
|
|
docker tag "$image" "$registry_image"
|
|
|
|
|
echo " Tagged as: $registry_image"
|
|
|
|
|
|
|
|
|
|
# Push to registry
|
|
|
|
|
docker push "$registry_image"
|
|
|
|
|
if [ "$USE_GITEA_REGISTRY" = "true" ]; then
|
|
|
|
|
echo " Pushed to Gitea registry"
|
|
|
|
|
else
|
|
|
|
|
echo " Pushed to local registry"
|
|
|
|
|
fi
|
2026-01-19 11:55:17 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo " ✓ Successfully pulled $image"
|
|
|
|
|
echo ""
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
echo "=========================================="
|
|
|
|
|
echo "Base Image Pre-Pull Complete!"
|
|
|
|
|
echo "=========================================="
|
|
|
|
|
echo ""
|
|
|
|
|
echo "Summary:"
|
|
|
|
|
echo " - Total images pulled: ${#BASE_IMAGES[@]}"
|
2026-01-19 22:28:53 +01:00
|
|
|
if [ "$USE_GITEA_REGISTRY" = "true" ]; then
|
|
|
|
|
echo " - Gitea registry enabled: $USE_GITEA_REGISTRY"
|
|
|
|
|
echo " - Registry URL: $REGISTRY"
|
|
|
|
|
else
|
|
|
|
|
echo " - Local registry enabled: $USE_LOCAL_REGISTRY"
|
|
|
|
|
echo " - Registry URL: $REGISTRY"
|
|
|
|
|
fi
|
2026-01-19 11:55:17 +01:00
|
|
|
echo ""
|
|
|
|
|
|
2026-01-19 22:28:53 +01:00
|
|
|
if [ "$USE_LOCAL_REGISTRY" = "true" ] || [ "$USE_GITEA_REGISTRY" = "true" ]; then
|
|
|
|
|
if [ "$USE_GITEA_REGISTRY" = "true" ]; then
|
|
|
|
|
echo "Gitea registry contents:"
|
|
|
|
|
# Note: Gitea registry API might be different, using the standard registry API for now
|
|
|
|
|
# If Gitea registry is not accessible, this might fail
|
|
|
|
|
curl -s http://$REGISTRY/v2/_catalog | jq . 2>/dev/null || echo "Could not access registry contents (Gitea registry may not support this endpoint)"
|
|
|
|
|
else
|
|
|
|
|
echo "Local registry contents:"
|
|
|
|
|
curl -s http://$REGISTRY/v2/_catalog | jq . 2>/dev/null || echo "Could not access registry contents"
|
|
|
|
|
fi
|
2026-01-19 11:55:17 +01:00
|
|
|
echo ""
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo "Next steps:"
|
|
|
|
|
echo " 1. Run your service builds - they will use cached images"
|
|
|
|
|
echo " 2. For Kubernetes: Consider setting up a pull-through cache"
|
|
|
|
|
echo " 3. For CI/CD: Run this script before your build pipeline"
|
|
|
|
|
echo ""
|
|
|
|
|
|
2026-01-19 22:28:53 +01:00
|
|
|
echo "To use registry in your builds:"
|
|
|
|
|
if [ "$USE_GITEA_REGISTRY" = true ]; then
|
|
|
|
|
echo " - Update Dockerfiles to use: $REGISTRY/..."
|
|
|
|
|
echo " - Gitea registry URL: $REGISTRY"
|
|
|
|
|
else
|
|
|
|
|
echo " - Update Dockerfiles to use: $REGISTRY/..."
|
|
|
|
|
echo " - Local registry URL: $REGISTRY"
|
|
|
|
|
fi
|
|
|
|
|
echo " - Or configure Docker daemon to use registry as mirror"
|
2026-01-19 11:55:17 +01:00
|
|
|
echo ""
|
|
|
|
|
|
2026-01-19 22:28:53 +01:00
|
|
|
# Optional: Configure Docker daemon to use registry as mirror
|
|
|
|
|
if [ "$USE_LOCAL_REGISTRY" = "true" ] || [ "$USE_GITEA_REGISTRY" = "true" ]; then
|
|
|
|
|
if [ "$USE_GITEA_REGISTRY" = "true" ]; then
|
|
|
|
|
echo "To configure Docker daemon to use Gitea registry as mirror:"
|
|
|
|
|
echo ""
|
|
|
|
|
cat << EOF
|
|
|
|
|
{
|
|
|
|
|
"registry-mirrors": ["https://registry.bakery-ia.local"],
|
|
|
|
|
"insecure-registries": ["registry.bakery-ia.local"]
|
|
|
|
|
}
|
|
|
|
|
EOF
|
2026-01-20 07:20:56 +01:00
|
|
|
echo ""
|
|
|
|
|
echo "IMPORTANT: For Gitea registry to work properly:"
|
|
|
|
|
echo " 1. Gitea must be running and accessible at gitea.bakery-ia.local"
|
|
|
|
|
echo " 2. The registry subdomain must be properly configured in your ingress"
|
|
|
|
|
echo " 3. You may need to authenticate with Docker:"
|
|
|
|
|
echo " docker login registry.bakery-ia.local"
|
|
|
|
|
echo " 4. Check that the Gitea registry service is exposed on port 3000"
|
2026-01-19 22:28:53 +01:00
|
|
|
else
|
|
|
|
|
echo "To configure Docker daemon to use local registry as mirror:"
|
|
|
|
|
echo ""
|
|
|
|
|
cat << 'EOF'
|
2026-01-19 11:55:17 +01:00
|
|
|
{
|
|
|
|
|
"registry-mirrors": ["http://localhost:5000"]
|
|
|
|
|
}
|
|
|
|
|
EOF
|
2026-01-19 22:28:53 +01:00
|
|
|
fi
|
2026-01-19 11:55:17 +01:00
|
|
|
echo ""
|
|
|
|
|
echo "Add this to /etc/docker/daemon.json and restart Docker"
|
|
|
|
|
fi
|
