bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new infra architecture 9

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-20 07:20:56 +01:00
parent 52b8abdc0e
commit bc00bab061
17 changed files with 284 additions and 276 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
scripts/prepull-base-images.sh
View File

@@ -59,8 +59,8 @@ BASE_IMAGES=(
# Read from environment variables (set by Tiltfile or manually)
# USE_LOCAL_REGISTRY=true to push images to local registry after pulling
# USE_GITEA_REGISTRY=true to push images to Gitea registry after pulling
USE_LOCAL_REGISTRY="${USE_LOCAL_REGISTRY:-true}"
USE_GITEA_REGISTRY="${USE_GITEA_REGISTRY:-false}"
USE_LOCAL_REGISTRY="${USE_LOCAL_REGISTRY:-false}"
USE_GITEA_REGISTRY="${USE_GITEA_REGISTRY:-true}"
echo "Registry configuration:"
echo " USE_LOCAL_REGISTRY=$USE_LOCAL_REGISTRY"
@@ -76,13 +76,66 @@ if [ "$USE_GITEA_REGISTRY" = "true" ]; then
echo "Testing Gitea registry accessibility at $REGISTRY..."
# Test if Gitea registry is accessible (try HTTPS first, then HTTP)
if curl -sk https://$REGISTRY/v2/ >/dev/null 2>&1; then
# Note: Gitea registry might return 401 Unauthorized when not authenticated, which is expected
# We're just checking if the service is reachable
if curl -sk -o /dev/null -w "%{http_code}" https://$REGISTRY/v2/ | grep -q "^[234]"; then
echo "✓ Gitea registry accessible via HTTPS"
elif curl -s http://$REGISTRY/v2/ >/dev/null 2>&1; then
# Authenticate with Gitea registry if accessible
echo "Authenticating with Gitea registry..."
echo "Note: For self-signed certificates, you may need to configure Docker to trust the registry:"
echo " 1. Add to /etc/docker/daemon.json:"
echo " {\"insecure-registries\": [\"$REGISTRY\"]}"
echo " 2. Restart Docker: sudo systemctl restart docker"
echo " 3. Or use: docker --insecure-registry $REGISTRY login $REGISTRY"
# Try to authenticate (this may fail due to certificate issues)
if ! docker login $REGISTRY; then
echo "Warning: Failed to authenticate with Gitea registry"
echo "This could be due to:"
echo " - Self-signed certificate issues (see above)"
echo " - Incorrect credentials"
echo " - Registry not properly configured"
echo "You may need to run: docker login $REGISTRY"
echo "Falling back to local registry"
REGISTRY="localhost:5000"
USE_GITEA_REGISTRY="false"
else
echo "✓ Gitea registry authentication successful"
fi
elif curl -s -o /dev/null -w "%{http_code}" http://$REGISTRY/v2/ | grep -q "^[234]"; then
echo "✓ Gitea registry accessible via HTTP"
# Authenticate with Gitea registry if accessible
echo "Authenticating with Gitea registry..."
echo "Note: For self-signed certificates, you may need to configure Docker to trust the registry:"
echo " 1. Add to /etc/docker/daemon.json:"
echo " {\"insecure-registries\": [\"$REGISTRY\"]}"
echo " 2. Restart Docker: sudo systemctl restart docker"
echo " 3. Or use: docker --insecure-registry $REGISTRY login $REGISTRY"
# Try to authenticate (this may fail due to certificate issues)
if ! docker login $REGISTRY; then
echo "Warning: Failed to authenticate with Gitea registry"
echo "This could be due to:"
echo " - Self-signed certificate issues (see above)"
echo " - Incorrect credentials"
echo " - Registry not properly configured"
echo "You may need to run: docker login $REGISTRY"
echo "Falling back to local registry"
REGISTRY="localhost:5000"
USE_GITEA_REGISTRY="false"
else
echo "✓ Gitea registry authentication successful"
fi
else
echo "Warning: Gitea registry at $REGISTRY is not accessible, falling back to local registry"
echo "This could be because:"
echo " 1. Gitea is not running or not properly configured"
echo " 2. The ingress is not properly routing to Gitea"
echo " 3. The registry service is not exposed"
REGISTRY="localhost:5000"
USE_GITEA_REGISTRY="false"
fi
else
REGISTRY="localhost:5000"
@@ -107,14 +160,26 @@ for image in "${BASE_IMAGES[@]}"; do
# Tag for registry if enabled
if [ "$USE_LOCAL_REGISTRY" = "true" ] || [ "$USE_GITEA_REGISTRY" = "true" ]; then
# Convert image name to registry format:
# - Replace / with _
# - Replace : with _
# - Convert to lowercase (Docker requires lowercase repository names)
# - Add :latest tag for Kustomize compatibility
# Example: gcr.io/kaniko-project/executor:v1.23.0 -> gcr.io_kaniko-project_executor_v1.23.0:latest
local_repo="$(echo $image | sed 's|/|_|g' | sed 's|:|_|g' | tr '[:upper:]' '[:lower:]')"
registry_image="$REGISTRY/${local_repo}:latest"
if [ "$USE_GITEA_REGISTRY" = "true" ]; then
# Gitea registry requires format: registry/owner/package:tag
# Convert image name to package name:
# - Replace / with - (e.g., gcr.io/kaniko-project/executor -> gcr.io-kaniko-project-executor)
# - Keep the tag if present, otherwise use original tag
# Example: gcr.io/kaniko-project/executor:v1.23.0 -> bakery-admin/gcr.io-kaniko-project-executor:v1.23.0
image_name="${image%%:*}" # Remove tag
image_tag="${image#*:}" # Get tag
if [ "$image_name" = "$image_tag" ]; then
image_tag="latest" # No tag in original, use latest
fi
# Convert image name: replace / with - and lowercase
package_name="$(echo $image_name | sed 's|/|-|g' | tr '[:upper:]' '[:lower:]')"
registry_image="$REGISTRY/bakery-admin/${package_name}:${image_tag}"
else
# Local registry format: replace / and : with _
local_repo="$(echo $image | sed 's|/|_|g' | sed 's|:|_|g' | tr '[:upper:]' '[:lower:]')"
registry_image="$REGISTRY/${local_repo}:latest"
fi
docker tag "$image" "$registry_image"
echo " Tagged as: $registry_image"
@@ -187,6 +252,13 @@ if [ "$USE_LOCAL_REGISTRY" = "true" ] || [ "$USE_GITEA_REGISTRY" = "true" ]; the
"insecure-registries": ["registry.bakery-ia.local"]
}
EOF
echo ""
echo "IMPORTANT: For Gitea registry to work properly:"
echo " 1. Gitea must be running and accessible at gitea.bakery-ia.local"
echo " 2. The registry subdomain must be properly configured in your ingress"
echo " 3. You may need to authenticate with Docker:"
echo " docker login registry.bakery-ia.local"
echo " 4. Check that the Gitea registry service is exposed on port 3000"
else
echo "To configure Docker daemon to use local registry as mirror:"
echo ""