Grant Kiwi Components Access to Arrikto’s Private Registry

This guide will walk you through granting Kiwi components access to Arrikto’s Google Cloud Container Registry.

The Arrikto provided dockerconfig.json file contains a token with pull access to the arrikto-deploy Google Cloud Container Registry. In order to pull container images for Kiwi and its components, you need to copy this file in certain locations under the kustomization tree of the GitOps repository.

Fast Forward

If you have already copied the dockerconfig.json file to the appropriate locations, expand this box to fast-forward.

1. Proceed to the Verify section.

What You’ll Need

• A configured management environment.
• Your clone of the Arrikto GitOps repository.
• Access to Arrikto’s private registry.

Procedure

1. Go to your GitOps repository, inside your rok-tools management environment:

   

   root@rok-tools:~# cd ~/ops/deployments

2. Copy dockerconfig.json into Kiwi’s Kustomization directory:

   

   root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/kiwi/overlays/deploy/secrets/dockerconfig.json

3. Copy dockerconfig.json into the Kiwi Admission Webhook’s Kustomization directory:

   

   root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/kiwi-webhook/overlays/deploy/secrets/dockerconfig.json

4. Commit your changes:

   

   root@rok-tools:~/ops/deployments# git commit \ > -am "Grant Kiwi Components Access to Private Docker Registry"

Note

Kustomize will read these files, auto-generate Secrets, and pass them to individual Kiwi components, so that they can pull from the arrikto-deploy container registry on your behalf.

Air Gapped

Since you will end up using the mirrored images from your internal registry instead of the Arrikto-provided ones, the ImagePullSecrets that you configured above will remain unused.

See also

• Set Up Cluster-Wide Authenticated Access to a Docker Registry

Verify

1. Go to your GitOps repository, inside your rok-tools management environment:

   

   root@rok-tools:~# cd ~/ops/deployments

2. Build the manifests for Kiwi and make sure the .dockerconfigjson field is not empty:

   

   root@rok-tools:~/ops/deployments# kustomize build rok/kiwi/overlays/deploy \ > | grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...

3. Build the manifests for the Kiwi Admission Webhook and make sure the .dockerconfigjson field is not empty:

   

   root@rok-tools:~/ops/deployments# kustomize build rok/kiwi-webhook/overlays/deploy \ > | grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...

Summary

You have successfully granted Kiwi access to Arrikto’s private Google Cloud Container Registry.

What’s Next

The next step is to deploy Kiwi components.

• Deploy Kiwi Components