127 lines
4.6 KiB
Bash
Executable File
127 lines
4.6 KiB
Bash
Executable File
#!/bin/bash
|
||
|
||
# =============================================================================
|
||
# Create Docker Hub Image Pull Secret
|
||
# =============================================================================
|
||
# This script creates a Kubernetes secret for pulling images from Docker Hub.
|
||
# The secret is used by both:
|
||
# 1. bakery-ia namespace deployments (Tilt + Kustomize)
|
||
# 2. Signoz Helm deployment
|
||
#
|
||
# Usage:
|
||
# ./create-dockerhub-secret.sh
|
||
#
|
||
# Prerequisites:
|
||
# - kubectl configured with access to the cluster
|
||
# - DOCKERHUB_USERNAME and DOCKERHUB_PASSWORD environment variables set
|
||
# - OR Docker CLI logged in (docker login)
|
||
# =============================================================================
|
||
|
||
set -e
|
||
|
||
echo "🔐 Creating Docker Hub Image Pull Secret"
|
||
echo "=========================================="
|
||
echo ""
|
||
|
||
# Check for required environment variables
|
||
if [ -z "$DOCKERHUB_USERNAME" ] || [ -z "$DOCKERHUB_PASSWORD" ]; then
|
||
echo "⚠️ DOCKERHUB_USERNAME and DOCKERHUB_PASSWORD environment variables not set"
|
||
echo ""
|
||
echo "Checking if Docker CLI is logged in..."
|
||
|
||
# Try to extract credentials from Docker config
|
||
if [ -f "$HOME/.docker/config.json" ]; then
|
||
# Check if using credential store
|
||
if grep -q "credsStore" "$HOME/.docker/config.json"; then
|
||
echo "⚠️ Docker is using a credential store. Please set environment variables manually:"
|
||
echo ""
|
||
echo " export DOCKERHUB_USERNAME='your-username'"
|
||
echo " export DOCKERHUB_PASSWORD='your-password-or-token'"
|
||
echo ""
|
||
exit 1
|
||
fi
|
||
|
||
# Try to extract from base64 encoded auth
|
||
AUTH=$(cat "$HOME/.docker/config.json" | jq -r '.auths["https://index.docker.io/v1/"].auth // empty' 2>/dev/null)
|
||
if [ -n "$AUTH" ]; then
|
||
echo "✅ Found Docker Hub credentials in Docker config"
|
||
DOCKERHUB_USERNAME=$(echo "$AUTH" | base64 -d | cut -d: -f1)
|
||
DOCKERHUB_PASSWORD=$(echo "$AUTH" | base64 -d | cut -d: -f2-)
|
||
else
|
||
echo "❌ Could not find Docker Hub credentials"
|
||
echo ""
|
||
echo "Please either:"
|
||
echo " 1. Run 'docker login' first, OR"
|
||
echo " 2. Set environment variables:"
|
||
echo " export DOCKERHUB_USERNAME='your-username'"
|
||
echo " export DOCKERHUB_PASSWORD='your-password-or-token'"
|
||
echo ""
|
||
exit 1
|
||
fi
|
||
else
|
||
echo "❌ Docker config not found and environment variables not set"
|
||
echo ""
|
||
echo "Please set environment variables:"
|
||
echo " export DOCKERHUB_USERNAME='your-username'"
|
||
echo " export DOCKERHUB_PASSWORD='your-password-or-token'"
|
||
echo ""
|
||
exit 1
|
||
fi
|
||
fi
|
||
|
||
echo "Using Docker Hub username: $DOCKERHUB_USERNAME"
|
||
echo ""
|
||
|
||
# Function to create secret in a namespace
|
||
create_secret_in_namespace() {
|
||
local NAMESPACE=$1
|
||
|
||
echo "📦 Creating secret in namespace: $NAMESPACE"
|
||
|
||
# Create namespace if it doesn't exist
|
||
if ! kubectl get namespace "$NAMESPACE" &>/dev/null; then
|
||
echo " Creating namespace $NAMESPACE..."
|
||
kubectl create namespace "$NAMESPACE"
|
||
fi
|
||
|
||
# Delete existing secret if it exists
|
||
if kubectl get secret dockerhub-creds -n "$NAMESPACE" &>/dev/null; then
|
||
echo " Deleting existing secret..."
|
||
kubectl delete secret dockerhub-creds -n "$NAMESPACE"
|
||
fi
|
||
|
||
# Create the secret
|
||
kubectl create secret docker-registry dockerhub-creds \
|
||
--docker-server=https://index.docker.io/v1/ \
|
||
--docker-username="$DOCKERHUB_USERNAME" \
|
||
--docker-password="$DOCKERHUB_PASSWORD" \
|
||
--docker-email="${DOCKERHUB_EMAIL:-noreply@bakery-ia.local}" \
|
||
-n "$NAMESPACE"
|
||
|
||
echo " ✅ Secret created successfully"
|
||
echo ""
|
||
}
|
||
|
||
# Create secret in bakery-ia namespace (for Tilt deployments)
|
||
create_secret_in_namespace "bakery-ia"
|
||
|
||
# Create secret in signoz namespace (for Signoz Helm deployment - if namespace exists)
|
||
if kubectl get namespace signoz &>/dev/null; then
|
||
create_secret_in_namespace "signoz"
|
||
else
|
||
echo "ℹ️ Signoz namespace not found, skipping (will be created on Helm install)"
|
||
echo ""
|
||
fi
|
||
|
||
echo "✅ Docker Hub secrets created successfully!"
|
||
echo ""
|
||
echo "The secret 'dockerhub-creds' is now available in:"
|
||
echo " - bakery-ia namespace (for Tilt/Kustomize deployments)"
|
||
if kubectl get namespace signoz &>/dev/null; then
|
||
echo " - signoz namespace (for Signoz Helm deployment)"
|
||
fi
|
||
echo ""
|
||
echo "All pods with imagePullSecrets: dockerhub-creds will now use these credentials"
|
||
echo "to pull images from Docker Hub."
|
||
echo ""
|