-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[kots]: add registry to preflight and support checks
This checks a connection can be made, based upon the configuration given.
- Loading branch information
Simon Emms
committed
Jul 1, 2022
1 parent
9a8ade8
commit 61b3502
Showing
11 changed files
with
460 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
packages: | ||
- name: app | ||
type: go | ||
srcs: | ||
- go.mod | ||
- go.sum | ||
- "**/*.go" | ||
env: | ||
- CGO_ENABLED=0 | ||
config: | ||
packaging: app | ||
buildCommand: ["go", "build", "-trimpath", "-ldflags", "-buildid= -w -s -X 'github.com/gitpod-io/gitpod/kots-config-check/registry/cmd.Version=commit-${__git_commit}'"] | ||
- name: docker | ||
type: docker | ||
deps: | ||
- :app | ||
argdeps: | ||
- imageRepoBase | ||
srcs: | ||
- entrypoint.sh | ||
config: | ||
buildArgs: | ||
VERSION: ${version} | ||
dockerfile: leeway.Dockerfile | ||
metadata: | ||
helm-component: kots-config-check.registry | ||
image: | ||
- ${imageRepoBase}/kots-config-check/registry:${version} | ||
- ${imageRepoBase}/kots-config-check/registry:commit-${__git_commit} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
// Copyright (c) 2022 Gitpod GmbH. All rights reserved. | ||
// Licensed under the GNU Affero General Public License (AGPL). | ||
// See License-AGPL.txt in the project root for license information. | ||
|
||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
"net/url" | ||
"strings" | ||
|
||
"github.com/heroku/docker-registry-client/registry" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
var checkOpts struct { | ||
Username string | ||
Password string | ||
ServerAddress string | ||
InCluster bool | ||
} | ||
|
||
var checkCmd = &cobra.Command{ | ||
Use: "check", | ||
Short: "Checks registry connection", | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
if !checkOpts.InCluster { | ||
serverAddress, err := url.Parse(checkOpts.ServerAddress) | ||
if err != nil { | ||
return err | ||
} | ||
if serverAddress.Scheme == "" { | ||
// If no scheme, default to HTTPS | ||
serverAddress.Scheme = "https" | ||
} | ||
fmt.Println(serverAddress) | ||
if strings.HasPrefix(serverAddress.Path, "gcr.io") && serverAddress.Path != "gcr.io" { | ||
// GCR must use gcr.io else the validation returns false | ||
return fmt.Errorf("google container registries must use the address gcr.io, not %s", serverAddress.Path) | ||
} | ||
|
||
_, err = registry.New(serverAddress.String(), checkOpts.Username, checkOpts.Password) | ||
if err != nil { | ||
return err | ||
} | ||
} | ||
|
||
return nil | ||
}, | ||
} | ||
|
||
func init() { | ||
rootCmd.AddCommand(checkCmd) | ||
|
||
checkCmd.Flags().StringVarP(&checkOpts.Username, "username", "u", "", "Registry username") | ||
checkCmd.Flags().StringVarP(&checkOpts.Password, "password", "p", "", "Registry password") | ||
checkCmd.Flags().StringVarP(&checkOpts.ServerAddress, "server-address", "s", "", "Registry server address") | ||
checkCmd.Flags().BoolVar(&checkOpts.InCluster, "in-cluster", false, "Registry in-cluster") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
// Copyright (c) 2022 Gitpod GmbH. All rights reserved. | ||
// Licensed under the GNU Affero General Public License (AGPL). | ||
// See License-AGPL.txt in the project root for license information. | ||
|
||
package cmd | ||
|
||
import ( | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
var ( | ||
// ServiceName is the name we use for tracing/logging | ||
ServiceName = "registry" | ||
// Version of this service - set during build | ||
Version = "" | ||
) | ||
|
||
// rootCmd represents the base command when called without any subcommands | ||
var rootCmd = &cobra.Command{ | ||
Use: ServiceName, | ||
Short: "This validates a Docker v2 registry connection string", | ||
} | ||
|
||
func Execute() { | ||
cobra.CheckErr(rootCmd.Execute()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
#!/bin/bash | ||
# Copyright (c) 2022 Gitpod GmbH. All rights reserved. | ||
# Licensed under the GNU Affero General Public License (AGPL). | ||
# See License-AGPL.txt in the project root for license information. | ||
|
||
set -euo pipefail | ||
|
||
REG_IN_CLUSTER_ENABLED="${1:-""}" | ||
REG_USERNAME="${2:-""}" | ||
REG_PASSWORD="${3:-""}" | ||
REG_URL="${4:-""}" | ||
REG_SERVER="${5:-""}" | ||
REG_IN_CLUSTER_S3_ENABLED="${6:-""}" | ||
REG_STORE_LOCATION="${7:-""}" | ||
REG_S3_ENDPOINT="${8:-""}" | ||
REG_S3_ACCESS_KEY_ID="${9:-""}" | ||
REG_S3_SECRET_ACCESS_KEY="${10:-""}" | ||
REG_S3_BUCKET_NAME="${11:-""}" | ||
|
||
connection="false" | ||
s3connection="false" | ||
|
||
REG_TYPE="incluster" | ||
if [ "${REG_IN_CLUSTER_ENABLED}" == "0" ]; then | ||
REG_TYPE="external" | ||
fi | ||
|
||
case "${REG_TYPE}" in | ||
external) | ||
echo "Using external registry" | ||
|
||
REG_SERVER_ADDRESS="${REG_URL}" | ||
if [ "${REG_SERVER}" != "" ]; then | ||
REG_SERVER_ADDRESS="${REG_SERVER}" | ||
fi | ||
|
||
# Check the registry connection | ||
result=$(/app/registry \ | ||
check \ | ||
--server-address="${REG_SERVER_ADDRESS}" \ | ||
--username="${REG_USERNAME}" \ | ||
--password="${REG_PASSWORD}" || echo "fail") | ||
|
||
if [ "${result}" != "fail" ]; then | ||
connection="true" | ||
fi | ||
s3connection="true" | ||
;; | ||
incluster) | ||
echo "Using in-cluster registry" | ||
connection="true" | ||
|
||
# This is "true" or "false" not "1" or "0" | ||
if [ "${REG_IN_CLUSTER_S3_ENABLED}" == "true" ]; then | ||
# The Azure and GCP arguments are ignored - use variable names so it's readable | ||
if bash /storage.sh \ | ||
"s3" \ | ||
"${REG_STORE_LOCATION}" \ | ||
"AZURE_ACCOUNT_NAME" \ | ||
"AZURE_ACCESS_KEY" \ | ||
"GCP_PROJECT_ID" \ | ||
"GCP_SERVICE_ACCOUNT_KEY" \ | ||
"${REG_S3_ENDPOINT}" \ | ||
"${REG_S3_ACCESS_KEY_ID}" \ | ||
"${REG_S3_SECRET_ACCESS_KEY}" \ | ||
"${REG_S3_BUCKET_NAME}"; then | ||
s3connection="true" | ||
fi | ||
else | ||
s3connection="true" | ||
fi | ||
;; | ||
*) | ||
echo "Unknown registry type: '${REG_TYPE}'" | ||
exit 1 | ||
;; | ||
esac | ||
|
||
if [ "${connection}" = "true" ]; then | ||
echo "registry: ok" | ||
else | ||
echo "registry: error" | ||
fi | ||
if [ "${s3connection}" = "true" ]; then | ||
echo "s3: ok" | ||
else | ||
echo "s3: error" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
module github.com/gitpod-io/gitpod/kots-config-check/registry | ||
|
||
go 1.18 | ||
|
||
require ( | ||
github.com/heroku/docker-registry-client v0.0.0-20211012143308-9463674c8930 | ||
github.com/spf13/cobra v1.5.0 | ||
) | ||
|
||
require ( | ||
github.com/docker/distribution v0.0.0-20171011171712-7484e51bf6af // indirect | ||
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect | ||
github.com/inconshreveable/mousetrap v1.0.0 // indirect | ||
github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect | ||
github.com/opencontainers/go-digest v1.0.0-rc1 // indirect | ||
github.com/sirupsen/logrus v1.4.2 // indirect | ||
github.com/spf13/pflag v1.0.5 // indirect | ||
golang.org/x/sys v0.0.0-20190422165155-953cdadca894 // indirect | ||
) |
Oops, something went wrong.