OCCNE Docker Image Registry Configuration

Introduction

Prerequisites

References

To perform an installation without the system needing access to the internet, a local Docker registry must be created, and provisioned with the necessary docker images. These docker images are used to populate the Kubernetes pods once Kubernetes is installed, as well as providing the services installed during Common Services installation.

Docker images for OCCNE 1.2.0 release should be pulled to the executing system.
Docker is installed and docker commands can be run
Make sure docker registry is running by registry name provided
```
$ docker ps
```
If not then creating a local docker registry accessible by the target of the installation
```
$ docker run -d -p <port>:<port> --restart=always --name <registryname> registry:2
```
(For more directions refer: https://docs.docker.com/registry/deploying/)

https://docs.docker.com/registry/deploying/

https://docs.docker.com/registry/configuration/

Procedure Steps

Table A-4 Steps to configure OCCNE Docker Image Registry

Steps	Procedure	Description
1.	Provision the registry with the necessary images	On the repo server that can reach the internet AND reach the registry, populate the registry with the following images: Run the following commands on repo server to generate k8s install and configure dependencies Configure the registry: docker run --rm -it --network host --cap-add=NET_ADMIN -v /var/occne/<cluster>/:/host occne/<configure_install_image_name>:<1.2.0_tag> /getdeps/getdeps Generate k8s install: docker run --rm -it --network host --cap-add=NET_ADMIN -v /var/occne/<cluster>/:/host occne/<k8s_install_image_name>:<1.2.0_tag> /getdeps/getdeps Example docker run --rm -it --network host --cap-add=NET_ADMIN -v /var/occne/rainbow/:/host occne/configure:1.2.0 /getdeps/getdeps docker run --rm -it --network host --cap-add=NET_ADMIN -v /var/occne/rainbow/:/host occne/k8s_install:1.2.0 /getdeps/getdeps Once the above command is successfully executed, go to /var/occne/<cluster/artifacts directory and verify that there are retrieve_docker.sh script and k8s_docker_images.txt file in the directory and execute: sh /var/occne/<cluster>/artifacts/retrieve_docker.sh docker.io <registryaddress:port> < /var/occne/<cluster>/artifacts/k8s_docker_images.txt Once the above command is successfully executed, go to /var/occne/<cluster/artifacts directory and verify that there are retrieve_docker.sh script and config_docker_images.txt file in the directory and execute: sh /var/occne/<cluster>/artifacts/retrieve_docker.sh docker.io <registryaddress:port> < /var/occne/<cluster>/artifacts/config_docker_images.txt
2.	Verify the list of repositories in the docker registry	Access endpoint <dockerregistryhostip>:<dockerregistyport>/v2/_catalog using a browser or from any linux server with curl command available and can ping the repo server address, using curl command $ curl http://dockerregistryhostip:5000/v2/_catalog Sample Result: $ {"repositories":["coredns/coredns","docker.elastic.co/elasticsearch/elasticsearch-oss","docker.elastic.co/kibana/kibana-oss","gcr.io/google-containers/fluentd-elasticsearch","gcr.io/google-containers/kube-apiserver","gcr.io/google-containers/kube-controller-manager","gcr.io/google-containers/kube-proxy","gcr.io/google-containers/kube-scheduler","gcr.io/google-containers/pause","gcr.io/google_containers/cluster-proportional-autoscaler-amd64","gcr.io/google_containers/metrics-server-amd64","gcr.io/google_containers/pause-amd64","gcr.io/kubernetes-helm/tiller","grafana/grafana","jaegertracing/jaeger-agent","jaegertracing/jaeger-collector","jaegertracing/jaeger-query","jimmidyson/configmap-reload","justwatch/elasticsearch_exporter","k8s.gcr.io/addon-resizer","lachlanevenson/k8s-helm","metallb/controller","metallb/speaker","nginx","prom/alertmanager","prom/prometheus","prom/pushgateway","quay.io/calico/cni","quay.io/calico/ctl","quay.io/calico/kube-controllers","quay.io/calico/node","quay.io/coreos/etcd","quay.io/coreos/kube-state-metrics","quay.io/external_storage/local-volume-provisioner","quay.io/jetstack/cert-manager-controller","quay.io/pires/docker-elasticsearch-curator","quay.io/prometheus/node-exporter"]}
3.	Set hosts.ini variables	The hosts.ini inventory file for the cluster needs to have a few variables set in the [occne:vars] section to direct the installation logic to the registry, these variables need to be set to the your docker registry configuration: hosts.ini ... [occne:vars] ... occne_private_registry=winterfell occne_private_registry_address='10.75.216.114' occne_private_registry_port=5002 occne_helm_images_repo='winterfell:5002' ...

Steps

Procedure

Description

Provision the registry with the necessary images

On the repo server that can reach the internet AND reach the registry, populate the registry with the following images:

Run the following commands on repo server to generate k8s install and configure dependencies

Configure the registry:

docker run --rm -it --network host --cap-add=NET_ADMIN -v /var/occne/<cluster>/:/host occne/<configure_install_image_name>:<1.2.0_tag> /getdeps/getdeps

Generate k8s install:

docker run --rm -it --network host --cap-add=NET_ADMIN -v /var/occne/<cluster>/:/host occne/<k8s_install_image_name>:<1.2.0_tag> /getdeps/getdeps

Example

docker run --rm -it --network host --cap-add=NET_ADMIN -v /var/occne/rainbow/:/host occne/configure:1.2.0 /getdeps/getdeps
docker run --rm -it --network host --cap-add=NET_ADMIN -v /var/occne/rainbow/:/host occne/k8s_install:1.2.0 /getdeps/getdeps

Once the above command is successfully executed, go to /var/occne/<cluster/artifacts directory and verify that there are retrieve_docker.sh script and k8s_docker_images.txt file in the directory and execute:

sh /var/occne/<cluster>/artifacts/retrieve_docker.sh docker.io <registryaddress:port> < /var/occne/<cluster>/artifacts/k8s_docker_images.txt

Once the above command is successfully executed, go to /var/occne/<cluster/artifacts directory and verify that there are retrieve_docker.sh script and config_docker_images.txt file in the directory and execute:

sh /var/occne/<cluster>/artifacts/retrieve_docker.sh docker.io <registryaddress:port> < /var/occne/<cluster>/artifacts/config_docker_images.txt

Verify the list of repositories in the docker registry

Access endpoint <dockerregistryhostip>:<dockerregistyport>/v2/_catalog using a browser

from any linux server with curl command available and can ping the repo server address, using curl command

$ curl http://dockerregistryhostip:5000/v2/_catalog

Sample Result:

$ {"repositories":["coredns/coredns","docker.elastic.co/elasticsearch/elasticsearch-oss","docker.elastic.co/kibana/kibana-oss","gcr.io/google-containers/fluentd-elasticsearch","gcr.io/google-containers/kube-apiserver","gcr.io/google-containers/kube-controller-manager","gcr.io/google-containers/kube-proxy","gcr.io/google-containers/kube-scheduler","gcr.io/google-containers/pause","gcr.io/google_containers/cluster-proportional-autoscaler-amd64","gcr.io/google_containers/metrics-server-amd64","gcr.io/google_containers/pause-amd64","gcr.io/kubernetes-helm/tiller","grafana/grafana","jaegertracing/jaeger-agent","jaegertracing/jaeger-collector","jaegertracing/jaeger-query","jimmidyson/configmap-reload","justwatch/elasticsearch_exporter","k8s.gcr.io/addon-resizer","lachlanevenson/k8s-helm","metallb/controller","metallb/speaker","nginx","prom/alertmanager","prom/prometheus","prom/pushgateway","quay.io/calico/cni","quay.io/calico/ctl","quay.io/calico/kube-controllers","quay.io/calico/node","quay.io/coreos/etcd","quay.io/coreos/kube-state-metrics","quay.io/external_storage/local-volume-provisioner","quay.io/jetstack/cert-manager-controller","quay.io/pires/docker-elasticsearch-curator","quay.io/prometheus/node-exporter"]}

Set hosts.ini variables

The hosts.ini inventory file for the cluster needs to have a few variables set in the [occne:vars] section to direct the installation logic to the registry, these variables need to be set to the your docker registry configuration:

hosts.ini

...

[occne:vars]

...

occne_private_registry=winterfell

occne_private_registry_address='10.75.216.114'

occne_private_registry_port=5002

occne_helm_images_repo='winterfell:5002'

...