Skip to content

Commit

Permalink
refactor: lagoon.yml container-registry variable override checks (#310)
Browse files Browse the repository at this point in the history
  • Loading branch information
shreddedbacon authored May 17, 2024
1 parent f04c50f commit 40815e6
Showing 1 changed file with 148 additions and 96 deletions.
244 changes: 148 additions & 96 deletions legacy/build-deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -104,119 +104,171 @@ fi
##############################################
# we want to be able to support private container registries
# grab all the container-registries that are defined in the `.lagoon.yml` file
function getRegistryUsernameFromEnvironmentVariables() {
PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY="REGISTRY_${PRIVATE_CONTAINER_REGISTRY}_USERNAME"
PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY_SAFE="REGISTRY_${PRIVATE_CONTAINER_REGISTRY_SAFE}_USERNAME"
# check if we have an override password defined anywhere in the api using the supported `REGISTRY_${registry}_USERNAME` key
# where registry name can be the uppercased "SAFE" version
# ie,
# dockerhub, docker-hub, my-custom-registry
# become
# DOCKERHUB, DOCKER_HUB, MY_CUSTOM_REGISTRY
if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME" ]; then
PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME
PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME" ]; then
PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME
PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY"
fi
fi
# check newer "safe" key
if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY_SAFE'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME" ]; then
PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME
PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY_SAFE"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY_SAFE'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME" ]; then
PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME
PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY_SAFE"
fi
fi
}

function getRegistryPasswordFromEnvironmentVariables() {
# check if we have a password defined anywhere in the api first that a user has specified using the older method
# where the provided value in the password could also be an environment variable
# this method we should look to deprecate at some stage to not have to support it
# so maybe this could report a build warning in the future
if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_PASSWORD'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_PASSWORD"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_PASSWORD'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_PASSWORD"
fi
fi

PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY="REGISTRY_${PRIVATE_CONTAINER_REGISTRY}_PASSWORD"
PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY_SAFE="REGISTRY_${PRIVATE_CONTAINER_REGISTRY_SAFE}_PASSWORD"
# check if we have an override password defined anywhere in the api using the supported `REGISTRY_${registry}_USERNAME` key
# where registry name can be the uppercased "SAFE" version
# ie,
# dockerhub, docker-hub, my-custom-registry
# become
# DOCKERHUB, DOCKER_HUB, MY_CUSTOM_REGISTRY
if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY"
fi
fi
# check newer "safe" key
if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY_SAFE'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY_SAFE"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY_SAFE'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY_SAFE"
fi
fi
}

PRIVATE_CONTAINER_REGISTRIES=($(cat .lagoon.yml | shyaml keys container-registries 2> /dev/null || echo ""))
if [ ! -z $PRIVATE_CONTAINER_REGISTRIES ]; then
echo -e "##############################################\nBEGIN Custom Container Registries Setup\n##############################################"
sleep 0.5s
fi
for PRIVATE_CONTAINER_REGISTRY in "${PRIVATE_CONTAINER_REGISTRIES[@]}"
do
echo "Checking details for $PRIVATE_CONTAINER_REGISTRY";
echo "> Checking details for ${PRIVATE_CONTAINER_REGISTRY}"
PRIVATE_CONTAINER_REGISTRY_SAFE=$(echo ${PRIVATE_CONTAINER_REGISTRY} | tr '[:lower:]' '[:upper:]' | tr '-' '_')
# check if a url is set, if none set proceed against docker hub
PRIVATE_CONTAINER_REGISTRY_URL=$(cat .lagoon.yml | shyaml get-value container-registries.$PRIVATE_CONTAINER_REGISTRY.url false)
if [ $PRIVATE_CONTAINER_REGISTRY_URL == "false" ]; then
PRIVATE_CONTAINER_REGISTRY_URL=$(cat .lagoon.yml | shyaml get-value container-registries.$PRIVATE_CONTAINER_REGISTRY.url 2>/dev/null)

if [ -z $PRIVATE_CONTAINER_REGISTRY_URL ]; then
echo "No 'url' defined for registry $PRIVATE_CONTAINER_REGISTRY, will proceed against docker hub";
fi
# check the username and passwords are defined in yaml
PRIVATE_CONTAINER_REGISTRY_USERNAME=$(cat .lagoon.yml | shyaml get-value container-registries.$PRIVATE_CONTAINER_REGISTRY.username false)
if [ $PRIVATE_CONTAINER_REGISTRY_USERNAME == "false" ]; then
PRIVATE_CONTAINER_REGISTRY_USERNAME=""
PRIVATE_CONTAINER_REGISTRY_USERNAME=$(cat .lagoon.yml | shyaml get-value container-registries.$PRIVATE_CONTAINER_REGISTRY.username 2>/dev/null)

PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=""
getRegistryUsernameFromEnvironmentVariables

if [ -z $PRIVATE_CONTAINER_REGISTRY_USERNAME ] && [ -z $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME ]; then
echo "No 'username' defined for registry $PRIVATE_CONTAINER_REGISTRY"; exit 1;
fi
if [ $PRIVATE_CONTAINER_REGISTRY_USERNAME != "false" ]; then
# check if we have an override password defined anywhere in the api
PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=""
PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY="REGISTRY_${PRIVATE_CONTAINER_REGISTRY}_USERNAME"

if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME" ]; then
PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME
PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME" ]; then
PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=$TEMP_PRIVATE_REGISTRY_CREDENTIAL_USERNAME
PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_USERNAME_OVERRIDE_KEY"
fi
fi

if [ -z $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME ]; then
#if no password defined in the lagoon api, pass the one in `.lagoon.yml` as a password
PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=$PRIVATE_CONTAINER_REGISTRY_USERNAME
PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE=".lagoon.yml"
fi
if [ -z $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME ]; then
#if no password defined in the lagoon api, pass the one in `.lagoon.yml` as a password
PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME=$PRIVATE_CONTAINER_REGISTRY_USERNAME
PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE=".lagoon.yml"
fi
PRIVATE_CONTAINER_REGISTRY_PASSWORD=$(cat .lagoon.yml | shyaml get-value container-registries.$PRIVATE_CONTAINER_REGISTRY.password false)
if [[ $PRIVATE_CONTAINER_REGISTRY_PASSWORD == "false" ]]; then
PRIVATE_CONTAINER_REGISTRY_PASSWORD=""
PRIVATE_CONTAINER_REGISTRY_PASSWORD=$(cat .lagoon.yml | shyaml get-value container-registries.$PRIVATE_CONTAINER_REGISTRY.password 2>/dev/null)
PRIVATE_REGISTRY_CREDENTIAL=""
getRegistryPasswordFromEnvironmentVariables

if [ -z $PRIVATE_CONTAINER_REGISTRY_PASSWORD ] && [ -z $PRIVATE_REGISTRY_CREDENTIAL ]; then
echo "No 'password' defined for registry $PRIVATE_CONTAINER_REGISTRY"; exit 1;
fi
# if we have everything we need, we can proceed to logging in
if [ $PRIVATE_CONTAINER_REGISTRY_PASSWORD != "false" ]; then
PRIVATE_REGISTRY_CREDENTIAL=""
# check if we have a password defined anywhere in the api first
if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_PASSWORD'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_PASSWORD"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_PASSWORD'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_PASSWORD"
fi
fi

# check if we have an override password defined anywhere in the api
PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY="REGISTRY_${PRIVATE_CONTAINER_REGISTRY}_PASSWORD"

if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY"
fi
fi

if [ -z $PRIVATE_REGISTRY_CREDENTIAL ]; then
#if no password defined in the lagoon api, pass the one in `.lagoon.yml` as a password
PRIVATE_REGISTRY_CREDENTIAL=$PRIVATE_CONTAINER_REGISTRY_PASSWORD
PRIVATE_REGISTRY_CREDENTIAL_SOURCE=".lagoon.yml (we recommend using an environment variable, see the docs on container-registries for more information)"
fi
if [ -z "$PRIVATE_REGISTRY_CREDENTIAL" ]; then
echo -e "A private container registry was defined in the .lagoon.yml file, but no password could be found in either the .lagoon.yml or in the Lagoon API\n\nPlease check if the password has been set correctly."
exit 1
fi
if [ $PRIVATE_CONTAINER_REGISTRY_URL != "false" ]; then
echo "Attempting to log in to $PRIVATE_CONTAINER_REGISTRY_URL with user $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME from $PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE"
echo "Using password sourced from $PRIVATE_REGISTRY_CREDENTIAL_SOURCE"
docker login --username $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME --password $PRIVATE_REGISTRY_CREDENTIAL $PRIVATE_CONTAINER_REGISTRY_URL
kubectl create secret docker-registry "lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret" --docker-server=$PRIVATE_CONTAINER_REGISTRY_URL --docker-username=$PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME --docker-password=$PRIVATE_REGISTRY_CREDENTIAL --dry-run -o yaml | kubectl apply -f -
REGISTRY_SECRETS+=("lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret")
PRIVATE_REGISTRY_URLS+=($PRIVATE_CONTAINER_REGISTRY_URL)
PRIVATE_EXTERNAL_REGISTRY=1
let ++PRIVATE_REGISTRY_COUNTER
else
echo "Attempting to log in to docker hub with user $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME from $PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE"
echo "Using password sourced from $PRIVATE_REGISTRY_CREDENTIAL_SOURCE"
docker login --username $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME --password $PRIVATE_REGISTRY_CREDENTIAL
kubectl create secret docker-registry "lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret" --docker-server="https://index.docker.io/v1/" --docker-username=$PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME --docker-password=$PRIVATE_REGISTRY_CREDENTIAL --dry-run -o yaml | kubectl apply -f -
REGISTRY_SECRETS+=("lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret")
PRIVATE_REGISTRY_URLS+=("")
PRIVATE_DOCKER_HUB_REGISTRY=1
let ++PRIVATE_REGISTRY_COUNTER
fi
if [ -z $PRIVATE_REGISTRY_CREDENTIAL ]; then
#if no password defined in the lagoon api, pass the one in `.lagoon.yml` as a password
PRIVATE_REGISTRY_CREDENTIAL=$PRIVATE_CONTAINER_REGISTRY_PASSWORD
PRIVATE_REGISTRY_CREDENTIAL_SOURCE=".lagoon.yml (we recommend using an environment variable, see the docs on container-registries for more information)"
fi
if [ -z "$PRIVATE_REGISTRY_CREDENTIAL" ]; then
echo -e "A private container registry ${PRIVATE_CONTAINER_REGISTRY} was defined in the .lagoon.yml file, but no password could be found in either the .lagoon.yml or in the Lagoon API\n\nPlease check if the password has been set correctly."
exit 1
fi
if [ ! -z $PRIVATE_CONTAINER_REGISTRY_URL ]; then
echo "Attempting to log in to $PRIVATE_CONTAINER_REGISTRY_URL with user $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME from $PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE"
echo "Using password sourced from $PRIVATE_REGISTRY_CREDENTIAL_SOURCE"
docker login --username $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME --password $PRIVATE_REGISTRY_CREDENTIAL $PRIVATE_CONTAINER_REGISTRY_URL
kubectl create secret docker-registry "lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret" --docker-server=$PRIVATE_CONTAINER_REGISTRY_URL --docker-username=$PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME --docker-password=$PRIVATE_REGISTRY_CREDENTIAL --dry-run -o yaml | kubectl apply -f -
REGISTRY_SECRETS+=("lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret")
PRIVATE_REGISTRY_URLS+=($PRIVATE_CONTAINER_REGISTRY_URL)
PRIVATE_EXTERNAL_REGISTRY=1
let ++PRIVATE_REGISTRY_COUNTER
else
echo "Attempting to log in to docker hub with user $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME from $PRIVATE_CONTAINER_REGISTRY_USERNAME_SOURCE"
echo "Using password sourced from $PRIVATE_REGISTRY_CREDENTIAL_SOURCE"
docker login --username $PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME --password $PRIVATE_REGISTRY_CREDENTIAL
kubectl create secret docker-registry "lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret" --docker-server="https://index.docker.io/v1/" --docker-username=$PRIVATE_CONTAINER_REGISTRY_CREDENTIAL_USERNAME --docker-password=$PRIVATE_REGISTRY_CREDENTIAL --dry-run -o yaml | kubectl apply -f -
REGISTRY_SECRETS+=("lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret")
PRIVATE_REGISTRY_URLS+=("")
PRIVATE_DOCKER_HUB_REGISTRY=1
let ++PRIVATE_REGISTRY_COUNTER
fi
done
if [ ! -z $PRIVATE_CONTAINER_REGISTRIES ]; then
Expand Down

0 comments on commit 40815e6

Please sign in to comment.