Grant Rok Access to Private Docker Registry

This guide will walk you through granting Rok access to Arrikto’s Google Cloud Container Registry.

The Arrikto provided dockerconfig.json file contains a token with pull access to the arrikto-deploy Google Cloud Container Registry. In order to pull container images for Rok and its components, you need to copy this file in certain locations under the kustomization tree of the GitOps repository.

Choose one of the following options to give Rok access to arrikto-deploy:

Option 1: Grant Rok Access to Private Docker Registry Automatically (preferred)

Grant Rok access to the arrikto-deploy container registry by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from pullsecrets
../../_images/pullsecrets.png

Proceed to the Summary section.

Option 2: Grant Rok Access to Private Docker Registry Manually

If you want to grant Rok access to the arikto-deploy container registry manually, follow the instructions below.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Copy dockerconfig.json to the following locations:

    root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-cluster/overlays/deploy/secrets/dockerconfig.json
    root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-operator/overlays/deploy/secrets/dockerconfig.json
    root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json\ > rok/rok-disk-manager/overlays/deploy/secrets/dockerconfig.json
    root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-kmod/overlays/deploy/secrets/dockerconfig.json
    root@rok-tools:~/ops/deployments# cp deploy/dockerconfig.json \ > rok/rok-scheduler-webhook/overlays/deploy/secrets/dockerconfig.json
  3. Save your state:

    root@rok-tools:~/ops/deployments# rok-j2 deploy/env.pullsecrets.j2 \ > -o deploy/env.pullsecrets
  4. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit \ > -am "Grant Rok Access to Private Docker Registry"

Note

Kustomize will read these files, auto-generate Secrets, and pass them to individual Rok components, so that they can pull from the arrikto-deploy container registry on your behalf.

Verify

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Build the manifests for each one of the five Rok components and make sure the .dockerconfigjson fields are not empty:

    root@rok-tools:~/ops/deployments# kustomize build rok/rok-cluster/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...
    root@rok-tools:~/ops/deployments# kustomize build rok/rok-operator/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...
    root@rok-tools:~/ops/deployments# kustomize build rok/rok-disk-manager/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...
    root@rok-tools:~/ops/deployments# kustomize build rok/rok-kmod/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...
    root@rok-tools:~/ops/deployments# kustomize build rok/rok-scheduler-webhook/overlays/deploy | \ > grep "\.dockerconfigjson" | cut -c -80 .dockerconfigjson: ezgGBltDd...

Summary

You have successfully granted Rok access to Arrikto’s private Google Cloud Container Registry.

What’s Next

The next step is to set up users and authentication for Rok.