From 651607223564f98b9962ae51086f1917de359a45 Mon Sep 17 00:00:00 2001 From: cdchris12 Date: Wed, 17 Feb 2021 22:48:30 -0600 Subject: [PATCH 1/2] Backporting fixes from #2516 to master branch --- .../build-deploy-docker-compose.sh | 37 ++++++++++++++++++- .../kubectl-build-deploy-dind/build-deploy.sh | 9 +++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh b/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh index 24017373e1..53623bf0e6 100755 --- a/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh +++ b/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh @@ -1427,7 +1427,42 @@ elif [ "$BUILD_TYPE" == "pullrequest" ] || [ "$BUILD_TYPE" == "branch" ]; then for IMAGE_NAME in "${!IMAGES_PULL[@]}" do PULL_IMAGE="${IMAGES_PULL[${IMAGE_NAME}]}" - . /kubectl-build-deploy/scripts/exec-kubernetes-copy-to-registry.sh + # Try to handle private registries first + if [ $PRIVATE_REGISTRY_COUNTER -gt 0]; then + if [ $PRIVATE_EXTERNAL_REGISTRY ]; then + EXTERNAL_REGISTRY=0 + for EXTERNAL_REGISTRY_URL in "${PRIVATE_REGISTRY_URLS[@]}" + do + # strip off "http://" or "https://" from registry url if present + bare_url = "${EXTERNAL_REGISTRY_URL#http://}" + bare_url = "${EXTERNAL_REGISTRY_URL#https://}" + + # Test registry to see if image is from an external registry or just private docker hub + case $bare_url in + "$PULL_IMAGE"*) + EXTERNAL_REGISTRY=1 + ;; + esac + done + + # If this image is hosted in an external registry, pull it from there + if [ $EXTERNAL_REGISTRY -eq 1 ] || ; then + skopeo copy --dest-tls-verify=false docker://${PULL_IMAGE} docker://${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} + # If this image is not from an external registry, but docker hub creds were supplied, pull it straight from Docker Hub + elif [ $PRIVATE_DOCKER_HUB_REGISTRY -eq 1 ]; then + skopeo copy --dest-tls-verify=false docker://${PULL_IMAGE} docker://${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} + # If image not from an external registry and no docker hub creds were supplied, pull image from the imagecache + else + skopeo copy --dest-tls-verify=false docker://${IMAGECACHE_REGISTRY}/${PULL_IMAGE} docker://${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} + fi + # If the private registry counter is 1 and no external registry was listed, we know a private docker hub was specified + else + skopeo copy --dest-tls-verify=false docker://${PULL_IMAGE} docker://${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} + fi + # If no private registries, use the imagecache + else + skopeo copy --dest-tls-verify=false docker://${IMAGECACHE_REGISTRY}/${PULL_IMAGE} docker://${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} + fi IMAGE_HASHES[${IMAGE_NAME}]=$(skopeo inspect docker://${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} --tls-verify=false | jq ".Name + \"@\" + .Digest" -r) done diff --git a/images/kubectl-build-deploy-dind/build-deploy.sh b/images/kubectl-build-deploy-dind/build-deploy.sh index 1b82c1987f..1ab870ed51 100755 --- a/images/kubectl-build-deploy-dind/build-deploy.sh +++ b/images/kubectl-build-deploy-dind/build-deploy.sh @@ -44,6 +44,11 @@ fi REGISTRY_SECRETS=() PRIVATE_REGISTRY_COUNTER=0 +PRIVATE_REGISTRY_URLS=() +PRIVATE_REGISTRY_USERNAMES=() +PRIVATE_REGISTRY_PASSWORDS=() +PRIVATE_DOCKER_HUB_REGISTRY=0 +PRIVATE_EXTERNAL_REGISTRY=0 set +x @@ -115,12 +120,16 @@ do docker login --username $PRIVATE_CONTAINER_REGISTRY_USERNAME --password $PRIVATE_REGISTRY_CREDENTIAL $PRIVATE_CONTAINER_REGISTRY_URL kubectl create secret docker-registry "lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret" --docker-server=$PRIVATE_CONTAINER_REGISTRY_URL --docker-username=$PRIVATE_CONTAINER_REGISTRY_USERNAME --docker-password=$PRIVATE_REGISTRY_CREDENTIAL --dry-run -o yaml | kubectl apply -f - REGISTRY_SECRETS+=("lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret") + PRIVATE_REGISTRY_URLS+=($PRIVATE_CONTAINER_REGISTRY_URL) + PRIVATE_EXTERNAL_REGISTRY=1 let ++PRIVATE_REGISTRY_COUNTER else echo "Attempting to log in to docker hub with user $PRIVATE_CONTAINER_REGISTRY_USERNAME - $PRIVATE_CONTAINER_REGISTRY_PASSWORD" docker login --username $PRIVATE_CONTAINER_REGISTRY_USERNAME --password $PRIVATE_REGISTRY_CREDENTIAL kubectl create secret docker-registry "lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret" --docker-server="https://index.docker.io/v1/" --docker-username=$PRIVATE_CONTAINER_REGISTRY_USERNAME --docker-password=$PRIVATE_REGISTRY_CREDENTIAL --dry-run -o yaml | kubectl apply -f - REGISTRY_SECRETS+=("lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret") + PRIVATE_REGISTRY_URLS+=("") + PRIVATE_DOCKER_HUB_REGISTRY=1 let ++PRIVATE_REGISTRY_COUNTER fi fi From 2bbfbb0d0234e931d28056bc3fcaaf2136263071 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 23 Feb 2021 14:07:42 +1100 Subject: [PATCH 2/2] fix erroneous OR in IF statement --- images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh b/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh index 1365b07228..3e09585955 100755 --- a/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh +++ b/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh @@ -1461,7 +1461,7 @@ elif [ "$BUILD_TYPE" == "pullrequest" ] || [ "$BUILD_TYPE" == "branch" ]; then done # If this image is hosted in an external registry, pull it from there - if [ $EXTERNAL_REGISTRY -eq 1 ] || ; then + if [ $EXTERNAL_REGISTRY -eq 1 ]; then skopeo copy --dest-tls-verify=false docker://${PULL_IMAGE} docker://${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} # If this image is not from an external registry, but docker hub creds were supplied, pull it straight from Docker Hub elif [ $PRIVATE_DOCKER_HUB_REGISTRY -eq 1 ]; then