Deploy Rok Registry Components¶
At this point, you have configured everything and you are ready to install the Rok Registry. In this section we will guide you through deploying Rok Registry. More specifically, you will create the Rok Registry namespaces and then deploy Rok Registry Operator, Rok Registry external services, and RokRegistryCluster CR.
Choose one of the following options in order to deploy Rok Registry:
- Option 1: Deploy Rok Registry Components Automatically (preferred).
- Option 2: Deploy Rok Registry Components Manually.
Overview
What You’ll Need¶
- A configured management environment.
- An existing Kubernetes cluster.
- Access to Arrikto’s private container registry.
- A configured Rok Registry default user.
Option 1: Deploy Rok Registry Components Automatically (preferred)¶
Rok Registry does not currently support automatic deployment of its components. Please follow Option 2: Deploy Rok Registry Components Manually to deploy Rok Registry.
Option 2: Deploy Rok Registry Components Manually¶
If you want to deploy Rok Registry manually, follow the instructions below.
Procedure¶
Air Gapped
Follow the Patch All Images for Your Deployment guide to patch all kustomizations to use the mirrored images from your internal Docker registry. Then, return to this guide.
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsCreate the
rok-registry
androk-registry-system
namespaces needed to host Rok Registry and its system components:root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-registry-namespaces/overlays/deployDeploy the Rok Registry Operator:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-operator/overlays/registry/deployDeploy Istio CRDs and resources in the
istio-system
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply install/istioDeploy etcd.
Edit the kustomization manifest. Choose one of the following options, based on your platform:
Edit
rok/rok-external-services/etcd/overlays/registry/deploy/kustomization.yaml
to use theeks
overlay as base:bases: - ../eksThis section is a work in progress.
Edit
rok/rok-external-services/etcd/overlays/registry/deploy/kustomization.yaml
to use thegke
overlay as base:bases: - ../gkeSpecify the storage class to use for etcd persistent volumes:
root@rok-tools:~/ops/deployments# export REGISTRY_ETCD_STORAGE_CLASS=local-pathNote
In Bright Kubernetes clusters
local-path
storage class is available by default and backed by NFS.Configure the
on-prem
overlay:root@rok-tools:~/ops/deployments# rok-j2 \ > rok/rok-external-services/etcd/overlays/registry/on-prem/patches/pvc.yaml.j2 \ > -o rok/rok-external-services/etcd/overlays/registry/on-prem/patches/pvc.yamlEdit
rok/rok-external-services/etcd/overlays/registry/deploy/kustomization.yaml
to set theon-prem
overlay as base:bases: - ../on-prem
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Configure Registry's etcd for our platform"Apply the manifests:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-external-services/etcd/overlays/registry/deploy
Deploy PostgreSQL.
Edit the kustomization manifest. Choose one of the following options, based on your platform:
Edit
rok/rok-external-services/postgresql/overlays/registry/deploy/kustomization.yaml
to use theeks
overlay as base:bases: - ../eksThis section is a work in progress.
Edit
rok/rok-external-services/postgresql/overlays/registry/deploy/kustomization.yaml
to use thegke
overlay as base:bases: - ../gkeSpecify the storage class to use for PostgreSQL persistent volumes:
root@rok-tools:~/ops/deployments# export REGISTRY_PSQL_STORAGE_CLASS=local-pathNote
In Bright Kubernetes clusters
local-path
storage class is available by default and backed by NFS.Configure the
on-prem
overlay:root@rok-tools:~/ops/deployments# rok-j2 \ > rok/rok-external-services/postgresql/overlays/registry/on-prem/patches/pvc.yaml.j2 \ > -o rok/rok-external-services/postgresql/overlays/registry/on-prem/patches/pvc.yamlEdit
rok/rok-external-services/postgresql/overlays/registry/deploy/kustomization.yaml
to set theon-prem
overlay as base:bases: - ../on-prem
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Configure Registry's PostgreSQL for our platform"Apply the manifests:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-external-services/postgresql/overlays/registry/deploy
Create the
kubeflow
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply kubeflow/manifests/common/kubeflow-namespace/overlays/deployDeploy the Kubeflow gateway:
root@rok-tools:~/ops/deployments# rok-deploy --apply kubeflow/manifests/common/istio-1-14/kubeflow-istio-resources/overlays/deployDeploy Dex in the
auth
namespace:root@rok-tools:~/ops/deployments# rok-deploy --apply kubeflow/manifests/common/dex/overlays/deployDelete the Dex Pod to reload any changed configuration:
root@rok-tools:~/ops/deployments# kubectl delete pods -n auth -l app=dexOptional
If you wish your Rok Registry cluster to trust one or more custom CAs, for example, to securely connect to an internal auth service, e.g., LDAP, you need to:
Obtain the certificate authority (CA) bundle of your choice and copy it to your clipboard. For example, a CA bundle might look like this:
-----BEGIN CERTIFICATE----- MIIDyjCCArKgAwIBAgIQKX7Wxtqubey4K/qRvAFCETANBgkqhkiG9w0BAQsFADBM MRUwEwYDVQQKEwxjZXJ0LW1hbmFnZXIxMzAxBgNVBAMTKmE0OTI0ODE5MzU5MjM0 ... -----END CERTIFICATE-----Edit
rok/rok-registry-cluster/components/cacerts/cacerts
and paste the contents of your certificate or certificate bundle. For example, the final result should look like this:-----BEGIN CERTIFICATE----- MIIDyjCCArKgAwIBAgIQKX7Wxtqubey4K/qRvAFCETANBgkqhkiG9w0BAQsFADBM MRUwEwYDVQQKEwxjZXJ0LW1hbmFnZXIxMzAxBgNVBAMTKmE0OTI0ODE5MzU5MjM0 ... -----END CERTIFICATE-----Enable the
cacerts
Kustomize component in the corresponding kustomization file if it is not already enabled. Editrok/rok-registry-cluster/overlays/deploy/kustomization.yaml
so that it contains the following lines:components: - ../../components/cacertsCommit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Specify trusted CA bundle on Rok Registry"
Deploy the RokRegistryCluster CR:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/rok-registry-cluster/overlays/deploy
Verify¶
Verify that the Rok Registry cluster is up and running. Check that field HEALTH is OK:
root@rok-tools:/# kubectl get rokregistrycluster -n rok-registry NAME VERSION HEALTH TOTAL MEMBERS READY MEMBERS PHASE AGE rok-registry l0-release-v1.1-pre-2-g6b0b76380 OK 1 1 Running 42mView events related to the newly deployed Rok Registry cluster:
root@rok-tools:/# kubectl describe rokregistrycluster -n rok-registry rok-registry
If, for any reason, the cluster initialization failed:
- Follow the Rok Cleanup guide and delete the existing Rok cluster along with its state.
- Re-deploy Rok Registry starting from step 5 of the above manual procedure (deploy the external services).
Summary¶
You have successfully deployed Rok Registry on Kubernetes.
See also
If you are planning to integrate Rok Registry with an external OIDC Provider follow the Rok Registry Authentication guide.