[kots]: add firewall check for the pull registry

Simon Emms · Simon Emms · commit 2397f1954b6d · 2022-07-04T11:05:11.000Z
diff --git a/install/kots/manifests/kots-preflight.yaml b/install/kots/manifests/kots-preflight.yaml
@@ -44,6 +44,31 @@ spec:
           - '{{repl ConfigOption "store_s3_access_key_id" }}' # S3_ACCESS_KEY_ID
           - '{{repl ConfigOption "store_s3_secret_access_key" }}' # S3_SECRET_ACCESS_KEY
           - '{{repl ConfigOption "store_s3_bucket" }}' # S3_BUCKET_NAME
+    - run:
+        collectorName: ping-registry
+        image: alpine/curl
+        name: ping-registry
+        command:
+          - /bin/sh
+          - -c
+        args:
+          - |
+            set -e
+
+            URL="https://eu.gcr.io/v2/"
+            if [ '{{repl HasLocalRegistry }}' = "true" ];
+            then
+              URL="{{repl LocalRegistryAddress }}"
+            fi
+
+            echo "URL: ${URL}"
+
+            if curl --silent --max-time 5 "${URL}" > /dev/null;
+            then
+              echo "connection: ok"
+            else
+              echo "connection: error"
+            fi
   analyzers:
     - clusterVersion:
         outcomes:
@@ -206,3 +231,13 @@ spec:
               message: Object storage connection is valid
           - fail:
               message: Object storage connection is invalid. Please check your settings and that the resource is accessible from your cluster
+    - textAnalyze:
+        checkName: Pull registry is accessible from cluster
+        fileName: ping-registry/ping-registry.log
+        regexGroups: 'connection: (?P<Connection>\w+)'
+        outcomes:
+          - pass:
+              when: "Connection == ok"
+              message: Registry is accessible
+          - fail:
+              message: Registry is inaccessible. Please check your network and firewall settings
diff --git a/install/kots/manifests/kots-support-bundle.yaml b/install/kots/manifests/kots-support-bundle.yaml
@@ -35,6 +35,31 @@ spec:
           - '{{repl ConfigOption "store_s3_access_key_id" }}' # S3_ACCESS_KEY_ID
           - '{{repl ConfigOption "store_s3_secret_access_key" }}' # S3_SECRET_ACCESS_KEY
           - '{{repl ConfigOption "store_s3_bucket" }}' # S3_BUCKET_NAME
+    - run:
+        collectorName: ping-registry
+        image: alpine/curl
+        name: ping-registry
+        command:
+          - /bin/sh
+          - -c
+        args:
+          - |
+            set -e
+
+            URL="https://eu.gcr.io/v2/"
+            if [ '{{repl HasLocalRegistry }}' = "true" ];
+            then
+              URL="{{repl LocalRegistryAddress }}/v2"
+            fi
+
+            echo "URL: ${URL}"
+
+            if curl --silent --max-time 5 "${URL}" > /dev/null;
+            then
+              echo "connection: ok"
+            else
+              echo "connection: error"
+            fi
     - clusterInfo: {}
     - clusterResources: {}
     - logs:
