Grant Rok Access to Private Docker Registry

This guide will walk you through granting Rok access to Arrikto’s Google Cloud Container Registry.

The Arrikto provided dockerconfig.json file contains a token with pull access to the arrikto-deploy Google Cloud Container Registry. In order to pull container images for Rok and its components, you need to copy this file in certain locations under the kustomization tree of the GitOps repository.

Fast Forward

If you have already copied the dockerconfig.json file to the appropriate locations, expand this box to fast-forward.

1. Go to your GitOps repository, inside your rok-tools management environment:

   

   root@rok-tools:~# cd ~/ops/deployments

2. Save your state:

   

   root@rok-tools:~/ops/deployments# rok-j2 deploy/env.pullsecrets.j2 \ > -o deploy/env.pullsecrets

3. Commit your changes:

   

   root@rok-tools:~/ops/deployments# git commit \ > -am "Grant Rok Access to Private Docker Registry"

4. Proceed to the Verify section.

Choose one of the following options to give Rok access to arrikto-deploy:

• Option 1: Grant Rok Access to Private Docker Registry Automatically (preferred).
• Option 2: Grant Rok Access to Private Docker Registry Manually.

Air Gapped

Follow Option 2 and proceed with the manual installation.

What You’ll Need

• A configured management environment.
• Your clone of the Arrikto GitOps repository.
• Access to Arrikto’s Private Registry.

Option 1: Grant Rok Access to Private Docker Registry Automatically (preferred)

Grant Rok access to the arrikto-deploy container registry by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from pullsecrets

Proceed to the Summary section.

Option 2: Grant Rok Access to Private Docker Registry Manually

If you want to grant Rok access to the arikto-deploy container registry manually, follow the instructions below.

Procedure

1. Go to your GitOps repository, inside your rok-tools management environment:

   

   root@rok-tools:~# cd ~/ops/deployments

2. Copy dockerconfig.json to the following locations:

   

   root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-cluster/overlays/deploy/secrets/dockerconfig.json
   

   root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-operator/overlays/deploy/secrets/dockerconfig.json
   

   root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json\ > rok/rok-disk-manager/overlays/deploy/secrets/dockerconfig.json
   

   root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-kmod/overlays/deploy/secrets/dockerconfig.json
   

   root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-scheduler-webhook/overlays/deploy/secrets/dockerconfig.json

3. Save your state:

   

   root@rok-tools:~/ops/deployments# rok-j2 deploy/env.pullsecrets.j2 \ > -o deploy/env.pullsecrets

4. Commit your changes:

   

   root@rok-tools:~/ops/deployments# git commit \ > -am "Grant Rok Access to Private Docker Registry"

Note

Kustomize will read these files, auto-generate Secrets, and pass them to individual Rok components, so that they can pull from the arrikto-deploy container registry on your behalf.

Air Gapped

Since you will end up using the mirrored images from your internal registry instead of the Arrikto-provided ones, the ImagePullSecrets that you configured above will remain unused.

See also

• Set Up Cluster-Wide Authenticated Access to a Docker Registry

Verify

1. Go to your GitOps repository, inside your rok-tools management environment:

   

   root@rok-tools:~# cd ~/ops/deployments

2. Build the manifests for each one of the five Rok components and make sure the .dockerconfigjson fields are not empty:

   

   root@rok-tools:~/ops/deployments# kustomize build rok/rok-cluster/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...
   

   root@rok-tools:~/ops/deployments# kustomize build rok/rok-operator/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...
   

   root@rok-tools:~/ops/deployments# kustomize build rok/rok-disk-manager/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...
   

   root@rok-tools:~/ops/deployments# kustomize build rok/rok-kmod/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...
   

   root@rok-tools:~/ops/deployments# kustomize build rok/rok-scheduler-webhook/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...

Summary

You have successfully granted Rok access to Arrikto’s private Google Cloud Container Registry.

What’s Next

The next step is to set up users and authentication for Rok.

• Set Up Users for Rok