#!/bin/bash # Base Image Pre-Pull Script for Bakery-IA # This script pre-pulls all required base images to reduce Docker Hub usage # Run this script before building services to cache base images locally set -e echo "==========================================" echo "Bakery-IA Base Image Pre-Pull Script" echo "==========================================" echo "" # Docker Hub credentials (use the same as in your Kubernetes setup) DOCKER_USERNAME="uals" DOCKER_PASSWORD="dckr_pat_zzEY5Q58x1S0puraIoKEtbpue3A" # Authenticate with Docker Hub echo "Authenticating with Docker Hub..." docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" echo "✓ Authentication successful" echo "" # Define all base images used in the project # All images are cached in local registry for dev environment BASE_IMAGES=( # Service base images "python:3.11-slim" # Database images "postgres:17-alpine" "redis:7.4-alpine" "rabbitmq:4.1-management-alpine" # Utility images "busybox:1.36" "curlimages/curl:latest" "bitnami/kubectl:latest" # Alpine variants "alpine:3.18" "alpine:3.19" "alpine/git:2.43.0" # CI/CD images "gcr.io/kaniko-project/executor:v1.23.0" "gcr.io/go-containerregistry/crane:latest" "registry.k8s.io/kustomize/kustomize:v5.3.0" # Storage images "minio/minio:RELEASE.2024-11-07T00-52-20Z" "minio/mc:RELEASE.2024-11-17T19-35-25Z" # Geocoding "mediagis/nominatim:4.4" # Mail server (Mailu - from GHCR) "ghcr.io/mailu/nginx:2024.06" "ghcr.io/mailu/admin:2024.06" "ghcr.io/mailu/postfix:2024.06" "ghcr.io/mailu/dovecot:2024.06" "ghcr.io/mailu/rspamd:2024.06" ) # Registry configuration # Read from environment variables (set by Tiltfile or manually) # USE_LOCAL_REGISTRY=true to push images to local registry after pulling # USE_GITEA_REGISTRY=true to push images to Gitea registry after pulling USE_LOCAL_REGISTRY="${USE_LOCAL_REGISTRY:-false}" USE_GITEA_REGISTRY="${USE_GITEA_REGISTRY:-true}" echo "Registry configuration:" echo " USE_LOCAL_REGISTRY=$USE_LOCAL_REGISTRY" echo " USE_GITEA_REGISTRY=$USE_GITEA_REGISTRY" echo "" # Check if Gitea registry should be used instead if [ "$USE_GITEA_REGISTRY" = "true" ]; then # Gitea registry is accessed via HTTPS on the registry subdomain (TLS terminated at ingress) # Docker push/pull should use: registry.bakery-ia.local # The registry serves on port 443 (HTTPS via ingress) but Docker defaults to 443 for HTTPS REGISTRY="registry.bakery-ia.local" echo "Testing Gitea registry accessibility at $REGISTRY..." # Test if Gitea registry is accessible (try HTTPS first, then HTTP) # Note: Gitea registry might return 401 Unauthorized when not authenticated, which is expected # We're just checking if the service is reachable if curl -sk -o /dev/null -w "%{http_code}" https://$REGISTRY/v2/ | grep -q "^[234]"; then echo "✓ Gitea registry accessible via HTTPS" # Authenticate with Gitea registry if accessible echo "Authenticating with Gitea registry..." echo "Note: For self-signed certificates, you may need to configure Docker to trust the registry:" echo " 1. Add to /etc/docker/daemon.json:" echo " {\"insecure-registries\": [\"$REGISTRY\"]}" echo " 2. Restart Docker: sudo systemctl restart docker" echo " 3. Or use: docker --insecure-registry $REGISTRY login $REGISTRY" # Try to authenticate (this may fail due to certificate issues) if ! docker login $REGISTRY; then echo "Warning: Failed to authenticate with Gitea registry" echo "This could be due to:" echo " - Self-signed certificate issues (see above)" echo " - Incorrect credentials" echo " - Registry not properly configured" echo "You may need to run: docker login $REGISTRY" echo "Falling back to local registry" REGISTRY="localhost:5000" USE_GITEA_REGISTRY="false" else echo "✓ Gitea registry authentication successful" fi elif curl -s -o /dev/null -w "%{http_code}" http://$REGISTRY/v2/ | grep -q "^[234]"; then echo "✓ Gitea registry accessible via HTTP" # Authenticate with Gitea registry if accessible echo "Authenticating with Gitea registry..." echo "Note: For self-signed certificates, you may need to configure Docker to trust the registry:" echo " 1. Add to /etc/docker/daemon.json:" echo " {\"insecure-registries\": [\"$REGISTRY\"]}" echo " 2. Restart Docker: sudo systemctl restart docker" echo " 3. Or use: docker --insecure-registry $REGISTRY login $REGISTRY" # Try to authenticate (this may fail due to certificate issues) if ! docker login $REGISTRY; then echo "Warning: Failed to authenticate with Gitea registry" echo "This could be due to:" echo " - Self-signed certificate issues (see above)" echo " - Incorrect credentials" echo " - Registry not properly configured" echo "You may need to run: docker login $REGISTRY" echo "Falling back to local registry" REGISTRY="localhost:5000" USE_GITEA_REGISTRY="false" else echo "✓ Gitea registry authentication successful" fi else echo "Warning: Gitea registry at $REGISTRY is not accessible, falling back to local registry" echo "This could be because:" echo " 1. Gitea is not running or not properly configured" echo " 2. The ingress is not properly routing to Gitea" echo " 3. The registry service is not exposed" REGISTRY="localhost:5000" USE_GITEA_REGISTRY="false" fi else REGISTRY="localhost:5000" fi echo "Base images to pre-pull:" echo "----------------------------------------" for image in "${BASE_IMAGES[@]}"; do echo " - $image" done echo "" echo "Starting pre-pull process..." echo "----------------------------------------" # Pull each base image for image in "${BASE_IMAGES[@]}"; do echo "Pulling: $image" # Pull the image docker pull "$image" # Tag for registry if enabled if [ "$USE_LOCAL_REGISTRY" = "true" ] || [ "$USE_GITEA_REGISTRY" = "true" ]; then if [ "$USE_GITEA_REGISTRY" = "true" ]; then # Gitea registry requires format: registry/owner/package:tag # Convert image name to package name: # - Replace / with - (e.g., gcr.io/kaniko-project/executor -> gcr.io-kaniko-project-executor) # - Keep the tag if present, otherwise use original tag # Example: gcr.io/kaniko-project/executor:v1.23.0 -> bakery-admin/gcr.io-kaniko-project-executor:v1.23.0 image_name="${image%%:*}" # Remove tag image_tag="${image#*:}" # Get tag if [ "$image_name" = "$image_tag" ]; then image_tag="latest" # No tag in original, use latest fi # Convert image name: replace / with - and lowercase package_name="$(echo $image_name | sed 's|/|-|g' | tr '[:upper:]' '[:lower:]')" registry_image="$REGISTRY/bakery-admin/${package_name}:${image_tag}" else # Local registry format: replace / and : with _ local_repo="$(echo $image | sed 's|/|_|g' | sed 's|:|_|g' | tr '[:upper:]' '[:lower:]')" registry_image="$REGISTRY/${local_repo}:latest" fi docker tag "$image" "$registry_image" echo " Tagged as: $registry_image" # Push to registry docker push "$registry_image" if [ "$USE_GITEA_REGISTRY" = "true" ]; then echo " Pushed to Gitea registry" else echo " Pushed to local registry" fi fi echo " ✓ Successfully pulled $image" echo "" done echo "==========================================" echo "Base Image Pre-Pull Complete!" echo "==========================================" echo "" echo "Summary:" echo " - Total images pulled: ${#BASE_IMAGES[@]}" if [ "$USE_GITEA_REGISTRY" = "true" ]; then echo " - Gitea registry enabled: $USE_GITEA_REGISTRY" echo " - Registry URL: $REGISTRY" else echo " - Local registry enabled: $USE_LOCAL_REGISTRY" echo " - Registry URL: $REGISTRY" fi echo "" if [ "$USE_LOCAL_REGISTRY" = "true" ] || [ "$USE_GITEA_REGISTRY" = "true" ]; then if [ "$USE_GITEA_REGISTRY" = "true" ]; then echo "Gitea registry contents:" # Note: Gitea registry API might be different, using the standard registry API for now # If Gitea registry is not accessible, this might fail curl -s http://$REGISTRY/v2/_catalog | jq . 2>/dev/null || echo "Could not access registry contents (Gitea registry may not support this endpoint)" else echo "Local registry contents:" curl -s http://$REGISTRY/v2/_catalog | jq . 2>/dev/null || echo "Could not access registry contents" fi echo "" fi echo "Next steps:" echo " 1. Run your service builds - they will use cached images" echo " 2. For Kubernetes: Consider setting up a pull-through cache" echo " 3. For CI/CD: Run this script before your build pipeline" echo "" echo "To use registry in your builds:" if [ "$USE_GITEA_REGISTRY" = true ]; then echo " - Update Dockerfiles to use: $REGISTRY/..." echo " - Gitea registry URL: $REGISTRY" else echo " - Update Dockerfiles to use: $REGISTRY/..." echo " - Local registry URL: $REGISTRY" fi echo " - Or configure Docker daemon to use registry as mirror" echo "" # Optional: Configure Docker daemon to use registry as mirror if [ "$USE_LOCAL_REGISTRY" = "true" ] || [ "$USE_GITEA_REGISTRY" = "true" ]; then if [ "$USE_GITEA_REGISTRY" = "true" ]; then echo "To configure Docker daemon to use Gitea registry as mirror:" echo "" cat << EOF { "registry-mirrors": ["https://registry.bakery-ia.local"], "insecure-registries": ["registry.bakery-ia.local"] } EOF echo "" echo "IMPORTANT: For Gitea registry to work properly:" echo " 1. Gitea must be running and accessible at gitea.bakery-ia.local" echo " 2. The registry subdomain must be properly configured in your ingress" echo " 3. You may need to authenticate with Docker:" echo " docker login registry.bakery-ia.local" echo " 4. Check that the Gitea registry service is exposed on port 3000" else echo "To configure Docker daemon to use local registry as mirror:" echo "" cat << 'EOF' { "registry-mirrors": ["http://localhost:5000"] } EOF fi echo "" echo "Add this to /etc/docker/daemon.json and restart Docker" fi