Mirror Images to Internal Registry

To be able to deploy Arrikto EKF in an air gapped environment, you have to mirror all the necessary images to an internal registry. This guide will walk you through mirroring the required images to either a private Amazon Elastic Container Registry (ECR), or an internal, self-hosted container registry.

See also

What You’ll Need

Procedure

Important

You will clone your GitOps repository under a temporary directory and reset any custom changes, to ensure that you mirror all the official images.

  1. Switch to your management environment.

  2. Configure Docker to access Arrikto’s private registry:

    root@rok-tools:~# mkdir -p ~/.docker root@rok-tools:~# cp ~/ops/deployments/deploy/dockerconfig.json ~/.docker/config.json

  3. Configure Docker to access your internal registry. Choose one of the following options based on who hosts your internal registry.

    Amazon ECR

    Self-Hosted

    root@rok-tools:~# export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text) root@rok-tools:~# export AWS_DEFAULT_REGION=$(aws configure get region) root@rok-tools:~# aws ecr get-login-password | \ > docker login -u AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com

    Note

    This will use an ephemeral token that will last for 12 hours.

    root@rok-tools:~# docker login registry.example.com

  4. Specify where you want images to be mirrored, that is the internal registry along with an optional repository prefix. Choose one of the following options based on who hosts your internal registry.

    Amazon ECR

    Self-Hosted

    root@rok-tools:~# export INTERNAL_REGISTRY=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/arrikto
    root@rok-tools:~# export INTERNAL_REGISTRY=registry.example.com/arrikto

  5. Clone your local GitOps repository under a temporary location:

    root@rok-tools:~# mkdir -p ~/tmp root@rok-tools:~# git clone ~/ops/deployments ~/tmp/deployments

  6. Go to the temporary copy of your GitOps repository and reset any local changes:

    root@rok-tools:~# cd ~/tmp/deployments root@rok-tools:~/tmp/deployments# git checkout release-2.0 root@rok-tools:~/tmp/deployments# git reset --hard rok/release-2.0-l0-release-2.0.2

  7. Get the list of all the necessary images:

    root@rok-tools:~/tmp/deployments# rok-image-list -o images

  8. Pull the images locally:

    root@rok-tools:~/tmp/deployments# rok-image-pull --image-list images

  9. Mirror the images to your internal registry. Choose one of the following options based on who hosts your internal registry.

    Amazon ECR

    Self-Hosted

    root@rok-tools:~/tmp/deployments# rok-image-mirror --to ${INTERNAL_REGISTRY?} \ > --image-list images \ > --output-image-list mirrored-images \ > --push \ > --create-ecr-repositories
    root@rok-tools:~/tmp/deployments# rok-image-mirror --to ${INTERNAL_REGISTRY?} \ > --image-list images \ > --output-image-list mirrored-images \ > --push

  10. Optional

    Save images as tarballs locally:

    root@rok-tools:~/tmp/deployments# rok-image-mirror --to ${INTERNAL_REGISTRY?} \ > --image-list images \ > --output-image-list mirrored-images \ > --save \ > --save-dir /root/images

  11. Go to your GitOps repository and copy the generated list of images:

    root@rok-tools:~/tmp/deployments# cd ~/ops/deployments root@rok-tools:~/ops/deployments# cp ~/tmp/deployments/{images,mirrored-images} .

  12. Stage your changes:

    root@rok-tools:~/ops/deployments# git add images mirrored-images

  13. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Track list of images to mirror"

  14. Delete the temporary copy of your GitOps repository:

    root@rok-tools~/ops/deployments# rm -r ~/tmp/deployments

Summary

You have successfully mirrored all the necessary images to your internal Docker registry.

What’s Next

You may now go back and proceed with your installation or upgrade.