Grant Rok Registry Access to Private Docker Registry¶
In this section we will guide you through granting Rok Registry access to Arrikto’s GCP Container Registry.
The Arrikto-provided dockerconfig.json
file contains a token with pull
access to the arrikto-deploy
GCP Container Registry. In order to pull
container images for Rok Registry and its components, you need to copy this
file in certain locations under the kustomization tree of the GitOps repository.
Choose one of the following options in order to grant Rok Registry access
to arrikto-deploy
:
- Option 1: Grant Rok Registry Access to Private Docker Registry Automatically (preferred).
- Option 2: Grant Rok Registry Access to Private Docker Registry Manually.
Air Gapped
Follow Option 2 and proceed with the manual installation.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- Access to Arrikto’s Private Registry.
Option 1: Grant Rok Registry Access to Private Docker Registry Automatically (preferred)¶
Rok Registry does not currently support automatically gaining access to Arrikto’s private container registry. Please follow the instructions in Option 2: Grant Rok Registry Access to Private Docker Registry Manually to grant Rok access to the private container Registry.
Option 2: Grant Rok Registry Access to Private Docker Registry Manually¶
If you want to grant Rok Registry access to Arrikto’s GCP private container registry manually, follow the instructions below.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsCopy the
dockerconfig.json
fromdeploy/dockerconfig.json
to the following locations:root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json rok/rok-registry-cluster/overlays/deploy/secrets/dockerconfig.json root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json rok/rok-operator/overlays/registry/deploy/secrets/dockerconfig.jsonCommit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Add credentials for Arrikto's private registry"
Note
Kustomize will read these files, auto-generate Secrets, and pass them to
individual Rok Registry components, so that they can pull from the
arrikto-deploy
container registry on your behalf.
Air Gapped
Since you will end up using the mirrored images from your internal registry instead of the Arrikto-provided ones, the ImagePullSecrets that you configured above will remain unused.
Summary¶
You have successfully granted Rok Registry access to Arrikto’s private GCP Container Registry.
What’s Next¶
The next step is to set up the default user for Rok Registry.