Grant Rok Access to Private Docker Registry¶
This guide will walk you through granting Rok access to Arrikto’s Google Cloud Container Registry.
The Arrikto provided dockerconfig.json
file contains a token with pull
access to the arrikto-deploy
Google Cloud Container Registry. In order to
pull container images for Rok and its components, you need to copy this file in
certain locations under the kustomization tree of the GitOps repository.
Fast Forward
If you have already copied the dockerconfig.json
file to the appropriate
locations, expand this box to fast-forward.
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsSave your state:
root@rok-tools:~/ops/deployments# rok-j2 deploy/env.pullsecrets.j2 \ > -o deploy/env.pullsecretsCommit your changes:
root@rok-tools:~/ops/deployments# git commit \ > -am "Grant Rok Access to Private Docker Registry"Proceed to the Verify section.
Choose one of the following options to give Rok access to arrikto-deploy
:
- Option 1: Grant Rok Access to Private Docker Registry Automatically (preferred).
- Option 2: Grant Rok Access to Private Docker Registry Manually.
Air Gapped
Follow Option 2 and proceed with the manual installation.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- Access to Arrikto’s Private Registry.
Option 1: Grant Rok Access to Private Docker Registry Automatically (preferred)¶
Grant Rok access to the arrikto-deploy
container registry by following the
on-screen instructions on the rok-deploy
user interface.
If rok-deploy
is not already running, start it with:

Proceed to the Summary section.
Option 2: Grant Rok Access to Private Docker Registry Manually¶
If you want to grant Rok access to the arikto-deploy
container registry
manually, follow the instructions below.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsCopy
dockerconfig.json
to the following locations:root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-cluster/overlays/deploy/secrets/dockerconfig.jsonroot@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-operator/overlays/deploy/secrets/dockerconfig.jsonroot@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json\ > rok/rok-disk-manager/overlays/deploy/secrets/dockerconfig.jsonroot@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-kmod/overlays/deploy/secrets/dockerconfig.jsonroot@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-scheduler-webhook/overlays/deploy/secrets/dockerconfig.jsonSave your state:
root@rok-tools:~/ops/deployments# rok-j2 deploy/env.pullsecrets.j2 \ > -o deploy/env.pullsecretsCommit your changes:
root@rok-tools:~/ops/deployments# git commit \ > -am "Grant Rok Access to Private Docker Registry"
Note
Kustomize will read these files, auto-generate Secrets, and pass them to
individual Rok components, so that they can pull from the arrikto-deploy
container registry on your behalf.
Air Gapped
Since you will end up using the mirrored images from your internal registry instead of the Arrikto-provided ones, the ImagePullSecrets that you configured above will remain unused.
Verify¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsBuild the manifests for each one of the five Rok components and make sure the
.dockerconfigjson
fields are not empty:root@rok-tools:~/ops/deployments# kustomize build rok/rok-cluster/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...root@rok-tools:~/ops/deployments# kustomize build rok/rok-operator/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...root@rok-tools:~/ops/deployments# kustomize build rok/rok-disk-manager/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...root@rok-tools:~/ops/deployments# kustomize build rok/rok-kmod/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...root@rok-tools:~/ops/deployments# kustomize build rok/rok-scheduler-webhook/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...