registry is successfully bootstrapping

.gitignore

@@ -1,2 +1,3 @@
 artifacts
-transfer.sh
+airgap-scp.sh
+.vagrant

README.md

@@ -23,6 +23,13 @@
 ```
 WARNING- Work In Progress
 
+
+## Installing on an airgap network
+1) (Skip if you aren't using SELINUX) Install the `selinux` dependencies. `yum localinstall -y ./artifacts/yum/*`.
+2)  
+
+
+
 ## Charts to include
 * Rancher
 * Registry

k3ama.sh

@@ -17,7 +17,6 @@
 # k3ama - airgap migration assistant
 
 LOCAL_IMAGES_FILEPATH=/var/lib/rancher/k3s/agent/images
-
 ADDL_IMAGES=./artifacts/images
 
 copy_images(){
@@ -30,7 +29,7 @@ install_k3s(){
   ## Note: currently requires root
   mkdir -p ${LOCAL_IMAGES_FILEPATH}
   echo "copying ${AIRGAP_IMAGES_TAR} -> ${LOCAL_IMAGES_FILEPATH}"
-
+  cp artifacts/k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images
   # copy over the k3s binary
   cp ./artifacts/k3s /usr/local/bin/k3s
   chmod +x /usr/local/bin/k3s
@@ -40,7 +39,7 @@ install_k3s(){
 
 uninstall_k3s(){
   if [ -f "/usr/local/bin/k3s-uninstall.sh" ]; then
-    ./usr/local/bin/k3s-uninstall.sh
+    /usr/local/bin/k3s-uninstall.sh
   else
     echo "k3s is not installed"
   fi
@@ -61,8 +60,37 @@ usage () {
     echo "  [-h|--help] Usage message"
 }
 
+check_firewalld(){
+  if pgrep -x "firewalld" >/dev/null
+  then
+      echo "[FATAL] disable firewalld first"
+  fi
+}
+
+check_selinux(){
+  # yes i know we want selinux, but it's a pain in the ass right now and i will come back to it
+  SELINUXSTATUS=$(getenforce)
+  if [ "$SELINUXSTATUS" == "Permissive" ]; then
+      echo "[FATAL] disable selinux"
+      exit 1
+  else
+      echo "SELINUX disabled. continuing"
+  fi
+}
+
+
+copy_yaml_manifests(){
+  cp -r ./yaml/* /var/lib/rancher/k3s/server/manifests
+}
 
 ## TODO: Make this interactive with case statements
 # debug
+uninstall_k3s
+check_firewalld
+#check_selinux
 install_k3s ./artifacts/k3s-airgap-images-amd64.tar
 copy_images
+copy_yaml_manifests
+
+
+/usr/local/bin/k3s kubectl get pods -A -w

scripts/save-docker-image-tar.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+IMAGE_NAME="$1"
+SAVE_DIR="$2"
+
+if [ -z "${IMAGE_NAME}" ]; then
+  echo "[Usage] ./save-docker-image.sh <image_name>"
+  exit 1
+fi
+
+if [ -z "$2" ]; then
+  SAVE_DIR="."
+
+fi
+
+echo "Creating ${IMAGE_NAME} backup..."
+#docker save ${IMAGE_NAME} | gzip --stdout > ${SAVE_DIR}/${IMAGE_NAME}.tgz
+docker save ${IMAGE_NAME} > ${IMAGE_NAME}.tar

yaml/registry.yaml

@@ -0,0 +1,169 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: registry
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: docker-registry
+  namespace: registry
+data:
+  registry-config.yml: |
+    version: 0.1
+    log:
+      fields:
+        service: registry
+    storage:
+      cache:
+        blobdescriptor: inmemory
+      filesystem:
+        rootdirectory: /var/lib/registry
+    http:
+      addr: :5000
+      headers:
+        X-Content-Type-Options: [nosniff]
+    # auth:
+    #   htpasswd:
+    #     realm: basic-realm
+    #     path: /auth/htpasswd
+    health:
+      storagedriver:
+        enabled: true
+        interval: 10s
+        threshold: 3
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    cattle.io/creator: norman
+    workload.user.cattle.io/workloadselector: deployment-registry-registry
+  name: registry
+  namespace: registry
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      workload.user.cattle.io/workloadselector: deployment-registry-registry
+  template:
+    metadata:
+      labels:
+        workload.user.cattle.io/workloadselector: deployment-registry-registry
+    spec:
+      containers:
+      - image: registry:2
+        imagePullPolicy: Always
+        name: registry
+        resources: {}
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities: {}
+          privileged: false
+          readOnlyRootFilesystem: false
+          runAsNonRoot: false
+        stdin: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        tty: true
+        volumeMounts:
+        - mountPath: /var/lib/registry
+          name: registryvol
+        - name: config
+          mountPath: /etc/docker/registry
+          readOnly: true
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: registryvol
+        persistentVolumeClaim:
+          claimName: registryvol
+      - name: config
+        configMap:
+          name: docker-registry
+          items:
+            - key: registry-config.yml
+              path: config.yml
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    cattle.io/creator: norman
+  name: registryvol
+  namespace: registry
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    cattle.io/creator: norman
+  name: registrysvc
+  namespace: registry
+spec:
+  ports:
+  - name: httpregistry
+    port: 5000
+    protocol: TCP
+    targetPort: 5000
+  selector:
+    workload.user.cattle.io/workloadselector: deployment-registry-registry
+  sessionAffinity: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    cattle.io/creator: norman
+    foo: bar
+  name: registrynodeport
+  namespace: registry
+spec:
+  ports:
+  - name: http
+    nodePort: 30500
+    port: 5000
+    protocol: TCP
+    targetPort: 5000
+  selector:
+    workload.user.cattle.io/workloadselector: deployment-registry-registry
+  sessionAffinity: None
+  type: NodePort
+
+---
+
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  labels:
+    cattle.io/creator: norman
+  name: registryingress
+  namespace: registry
+spec:
+  rules:
+  - host: registry
+    http:
+      paths:
+      - backend:
+          serviceName: registrysvc
+          servicePort: 5000
+        pathType: ImplementationSpecific