Grant Kiwi Components Access to Arrikto’s Private Registry¶
This guide will walk you through granting Kiwi components access to Arrikto’s Google Cloud Container Registry.
The Arrikto provided dockerconfig.json
file contains a token with pull
access to the arrikto-deploy
Google Cloud Container Registry. In order to
pull container images for Kiwi and its components, you need to copy this file in
certain locations under the kustomization tree of the GitOps repository.
Fast Forward
If you have already copied the dockerconfig.json
file to the appropriate
locations, expand this box to fast-forward.
- Proceed to the Verify section.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- Access to Arrikto’s private registry.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsCopy
dockerconfig.json
into Kiwi’s Kustomization directory:root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/kiwi/overlays/deploy/secrets/dockerconfig.jsonCopy
dockerconfig.json
into the Kiwi Admission Webhook’s Kustomization directory:root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/kiwi-webhook/overlays/deploy/secrets/dockerconfig.jsonCommit your changes:
root@rok-tools:~/ops/deployments# git commit \ > -am "Grant Kiwi Components Access to Private Docker Registry"
Note
Kustomize will read these files, auto-generate Secrets, and pass them to
individual Kiwi components, so that they can pull from the arrikto-deploy
container registry on your behalf.
Air Gapped
Since you will end up using the mirrored images from your internal registry instead of the Arrikto-provided ones, the ImagePullSecrets that you configured above will remain unused.
Verify¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsBuild the manifests for Kiwi and make sure the
.dockerconfigjson
field is not empty:root@rok-tools:~/ops/deployments# kustomize build rok/kiwi/overlays/deploy \ > | grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...Build the manifests for the Kiwi Admission Webhook and make sure the
.dockerconfigjson
field is not empty:root@rok-tools:~/ops/deployments# kustomize build rok/kiwi-webhook/overlays/deploy \ > | grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...