Deploy Rok Registry Components

At this point, you have configured everything and you are ready to install the Rok Registry. In this section we will guide you through deploying Rok Registry. More specifically, you will create the Rok Registry namespaces and then deploy Rok Registry Operator, Rok Registry external services, and RokRegistryCluster CR.

Choose one of the following options in order to deploy Rok Registry:

Option 1: Deploy Rok Registry Components Automatically (preferred)

Rok Registry does not currently support automatic deployment of its components. Please follow Option 2: Deploy Rok Registry Components Manually to deploy Rok Registry.

Option 2: Deploy Rok Registry Components Manually

If you want to deploy Rok Registry manually, follow the instructions below.

Procedure

Air Gapped

Follow the Patch All Images for Your Deployment guide to patch all kustomizations to use the mirrored images from your internal Docker registry. Then, return to this guide.

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments

  2. Create the rok-registry and rok-registry-system namespaces needed to host Rok Registry and its system components:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-registry-namespaces/overlays/deploy

  3. Deploy the Rok Registry Operator:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-operator/overlays/registry/deploy

  4. Deploy Istio CRDs and resources in the istio-system namespace:

    root@rok-tools:~/ops/deployments# rok-deploy --apply install/istio

  5. Deploy etcd.

    1. Edit the kustomization manifest. Choose one of the following options, based on your platform:

      AWS

      Azure

      Google Cloud

      On Premises

      Edit rok/rok-external-services/etcd/overlays/registry/deploy/kustomization.yaml to use the eks overlay as base:

      bases: - ../eks

      This section is a work in progress.

      Edit rok/rok-external-services/etcd/overlays/registry/deploy/kustomization.yaml to use the gke overlay as base:

      bases: - ../gke

      1. Specify the storage class to use for etcd persistent volumes:

        root@rok-tools:~/ops/deployments# export REGISTRY_ETCD_STORAGE_CLASS=local-path

        Note

        In Bright Kubernetes clusters local-path storage class is available by default and backed by NFS.

      2. Configure the on-prem overlay:

        root@rok-tools:~/ops/deployments# rok-j2 \ > rok/rok-external-services/etcd/overlays/registry/on-prem/patches/pvc.yaml.j2 \ > -o rok/rok-external-services/etcd/overlays/registry/on-prem/patches/pvc.yaml

      3. Edit rok/rok-external-services/etcd/overlays/registry/deploy/kustomization.yaml to set the on-prem overlay as base:

        bases: - ../on-prem

    2. Commit your changes:

      root@rok-tools:~/ops/deployments# git commit -am "Configure Registry's etcd for our platform"

    3. Apply the manifests:

      root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-external-services/etcd/overlays/registry/deploy

  6. Deploy PostgreSQL.

    1. Edit the kustomization manifest. Choose one of the following options, based on your platform:

      AWS

      Azure

      Google Cloud

      On Premises

      Edit rok/rok-external-services/postgresql/overlays/registry/deploy/kustomization.yaml to use the eks overlay as base:

      bases: - ../eks

      This section is a work in progress.

      Edit rok/rok-external-services/postgresql/overlays/registry/deploy/kustomization.yaml to use the gke overlay as base:

      bases: - ../gke

      1. Specify the storage class to use for PostgreSQL persistent volumes:

        root@rok-tools:~/ops/deployments# export REGISTRY_PSQL_STORAGE_CLASS=local-path

        Note

        In Bright Kubernetes clusters local-path storage class is available by default and backed by NFS.

      2. Configure the on-prem overlay:

        root@rok-tools:~/ops/deployments# rok-j2 \ > rok/rok-external-services/postgresql/overlays/registry/on-prem/patches/pvc.yaml.j2 \ > -o rok/rok-external-services/postgresql/overlays/registry/on-prem/patches/pvc.yaml

      3. Edit rok/rok-external-services/postgresql/overlays/registry/deploy/kustomization.yaml to set the on-prem overlay as base:

        bases: - ../on-prem

    2. Commit your changes:

      root@rok-tools:~/ops/deployments# git commit -am "Configure Registry's PostgreSQL for our platform"

    3. Apply the manifests:

      root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-external-services/postgresql/overlays/registry/deploy

  7. Create the kubeflow namespace:

    root@rok-tools:~/ops/deployments# rok-deploy --apply kubeflow/manifests/common/kubeflow-namespace/overlays/deploy

  8. Deploy the Kubeflow gateway:

    root@rok-tools:~/ops/deployments# rok-deploy --apply kubeflow/manifests/common/istio-1-14/kubeflow-istio-resources/overlays/deploy

  9. Deploy Dex in the auth namespace:

    root@rok-tools:~/ops/deployments# rok-deploy --apply kubeflow/manifests/common/dex/overlays/deploy

  10. Delete the Dex Pod to reload any changed configuration:

    root@rok-tools:~/ops/deployments# kubectl delete pods -n auth -l app=dex

  11. Optional

    If you wish your Rok Registry cluster to trust one or more custom CAs, for example, to securely connect to an internal auth service, e.g., LDAP, you need to:

    1. Obtain the certificate authority (CA) bundle of your choice and copy it to your clipboard. For example, a CA bundle might look like this:

      -----BEGIN CERTIFICATE----- MIIDyjCCArKgAwIBAgIQKX7Wxtqubey4K/qRvAFCETANBgkqhkiG9w0BAQsFADBM MRUwEwYDVQQKEwxjZXJ0LW1hbmFnZXIxMzAxBgNVBAMTKmE0OTI0ODE5MzU5MjM0 ... -----END CERTIFICATE-----

    2. Edit rok/rok-registry-cluster/components/cacerts/cacerts and paste the contents of your certificate or certificate bundle. For example, the final result should look like this:

      -----BEGIN CERTIFICATE----- MIIDyjCCArKgAwIBAgIQKX7Wxtqubey4K/qRvAFCETANBgkqhkiG9w0BAQsFADBM MRUwEwYDVQQKEwxjZXJ0LW1hbmFnZXIxMzAxBgNVBAMTKmE0OTI0ODE5MzU5MjM0 ... -----END CERTIFICATE-----

    3. Enable the cacerts Kustomize component in the corresponding kustomization file if it is not already enabled. Edit rok/rok-registry-cluster/overlays/deploy/kustomization.yaml so that it contains the following lines:

      components: - ../../components/cacerts

    4. Commit your changes:

      root@rok-tools:~/ops/deployments# git commit -am "Specify trusted CA bundle on Rok Registry"

  12. Deploy the RokRegistryCluster CR:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-registry-cluster/overlays/deploy

Verify

  1. Verify that the Rok Registry cluster is up and running. Check that field HEALTH is OK:

    root@rok-tools:/# kubectl get rokregistrycluster -n rok-registry NAME VERSION HEALTH TOTAL MEMBERS READY MEMBERS PHASE AGE rok-registry l0-release-v1.1-pre-2-g6b0b76380 OK 1 1 Running 42m

  2. View events related to the newly deployed Rok Registry cluster:

    root@rok-tools:/# kubectl describe rokregistrycluster -n rok-registry rok-registry
Troubleshooting
Initialization failed

If, for any reason, the cluster initialization failed:

  1. Follow the Rok Cleanup guide and delete the existing Rok cluster along with its state.
  2. Re-deploy Rok Registry starting from step 5 of the above manual procedure (deploy the external services).

Summary

You have successfully deployed Rok Registry on Kubernetes.

See also

If you are planning to integrate Rok Registry with an external OIDC Provider follow the Rok Registry Authentication guide.

What’s Next

The next step is to test your Rok Registry installation.