Introduction
Prerequisites
References
To perform an installation without the system needing access to the internet, a local Docker registry must be created, and provisioned with the necessary docker images. These docker images are used to populate the Kubernetes pods once Kubernetes is installed, as well as providing the services installed during Common Services installation.
$ docker run -d -p <port>:<port> --restart=always --name <registryname> registry:2
(For more directions refer: https://docs.docker.com/registry/deploying/)
$ docker ps
Procedure Steps
Table A-4 Steps to configure OCCNE Docker Image Registry
Steps | Procedure | Description |
---|---|---|
1.
|
Provision the registry with the necessary images |
On a machine that can reach the internet AND reach the registry, populate the registry with the following images: The images are listed in the text file deploy/docker_images.txt included here, get the file and put it in a docker_images.txt file ################################################################################ # # # Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved. # # # ################################################################################ # # Kubespray Images k8s.gcr.io/addon-resizer:1.8.3 coredns/coredns:1.2.6 gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.3.0 quay.io/calico/kube-controllers:v3.1.3 quay.io/calico/node:v3.1.3 quay.io/calico/cni:v3.1.3 quay.io/calico/ctl:v3.1.3 gcr.io/google-containers/kube-apiserver:v1.12.5 gcr.io/google-containers/kube-controller-manager:v1.12.5 gcr.io/google-containers/kube-proxy:v1.12.5 gcr.io/google-containers/kube-scheduler:v1.12.5 nginx:1.13 quay.io/external_storage/local-volume-provisioner:v2.2.0 gcr.io/kubernetes-helm/tiller:v2.11.0 lachlanevenson/k8s-helm:v2.11.0 quay.io/jetstack/cert-manager-controller:v0.5.2 gcr.io/google-containers/pause:3.1 gcr.io/google_containers/pause-amd64:3.1 quay.io/coreos/etcd:v3.2.24 # # Common Services Helm Chart Images quay.io/pires/docker-elasticsearch-curator:5.5.4 docker.elastic.co/elasticsearch/elasticsearch-oss:6.7.0 justwatch/elasticsearch_exporter:1.0.2 grafana/grafana:6.1.6 docker.elastic.co/kibana/kibana-oss:6.7.0 gcr.io/google-containers/fluentd-elasticsearch:v2.3.2 metallb/controller:v0.7.3 metallb/speaker:v0.7.3 jimmidyson/configmap-reload:v0.2.2 quay.io/coreos/kube-state-metrics:v1.5.0 quay.io/prometheus/node-exporter:v0.17.0 prom/pushgateway:v0.6.0 prom/alertmanager:v0.15.3 prom/prometheus:v2.7.1 jaegertracing/jaeger-agent:1.9.0 jaegertracing/jaeger-collector:1.9.0 jaegertracing/jaeger-query:1.9.0 gcr.io/google_containers/metrics-server-amd64:v0.3.1 |
2.
|
Create a script named below with name 'retrieve_docker.sh' |
deploy/retrieve_docker.sh #!/bin/bash ################################################################################ # # # Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved. # # # ################################################################################ usage() { echo "Pull, tag, and push images to a private image repo." 2>&1 echo "Expected 1 argument: repo_name:port " 2>&1 echo "run with image list piped in: $0 repo_name:port < docker_images.txt" 2>&1 exit 1 } [[ "$#" -ne "1" ]] && usage # # Kubespray Images while read line; do if [[ $line =~ ^'#'(.*) ]]; then echo "${BASH_REMATCH[1]}" # comment, ignore elif [[ $line =~ ^'`'(.*) ]]; then echo "markdown" # markdown code delimiter, ignore elif [[ ! -z "$line" ]]; then echo "Provisioning $line" docker pull $line docker tag $line $1/$line docker push $1/$line fi done This can be facilitated by using the above script, such as this example: $ retrieve_docker.sh repositoryaddr:port < occne/deploy/docker_images.txt |
3.
|
Verify the list of repositories in the docker registry |
Access endpoint <dockerregistryhostip>:<dockerregistyport>/v2/_catalog using a browser or using curl $ curl http://dockerregistryhostip:5000/v2/_catalog Sample Result: $ {"repositories":["coredns/coredns","docker.elastic.co/elasticsearch/elasticsearch-oss","docker.elastic.co/kibana/kibana-oss","gcr.io/google-containers/fluentd-elasticsearch","gcr.io/google-containers/kube-apiserver","gcr.io/google-containers/kube-controller-manager","gcr.io/google-containers/kube-proxy","gcr.io/google-containers/kube-scheduler","gcr.io/google-containers/pause","gcr.io/google_containers/cluster-proportional-autoscaler-amd64","gcr.io/google_containers/metrics-server-amd64","gcr.io/google_containers/pause-amd64","gcr.io/kubernetes-helm/tiller","grafana/grafana","jaegertracing/jaeger-agent","jaegertracing/jaeger-collector","jaegertracing/jaeger-query","jimmidyson/configmap-reload","justwatch/elasticsearch_exporter","k8s.gcr.io/addon-resizer","lachlanevenson/k8s-helm","metallb/controller","metallb/speaker","nginx","prom/alertmanager","prom/prometheus","prom/pushgateway","quay.io/calico/cni","quay.io/calico/ctl","quay.io/calico/kube-controllers","quay.io/calico/node","quay.io/coreos/etcd","quay.io/coreos/kube-state-metrics","quay.io/external_storage/local-volume-provisioner","quay.io/jetstack/cert-manager-controller","quay.io/pires/docker-elasticsearch-curator","quay.io/prometheus/node-exporter"]} |
4.
|
Set hosts.ini variables |
The hosts.ini inventory file for the cluster needs to have a few variables set in the [occne:vars] section to direct the installation logic to the registry, these variables need to be set to the your docker registry configuration: hosts.ini ... [occne:vars] ... occne_private_registry=winterfell occne_private_registry_address='10.75.216.114' occne_private_registry_port=5002 occne_helm_images_repo='winterfell:5002' ... |
5.
|
If error is encountered during execution of retrieve_images.sh script |
In case a 500 error is encountered with message that states: 'no space left' during run of bash script listed above, please use following commands and re run to see if error is fixed: Docker clean up commands
$ docker ps --filter status=dead --filter status=exited -aq | xargs -r docker rm -v
$ docker images --no-trunc | grep '<none>' | awk '{ print $3 }' | xargs -r docker rmi
|