Configure Access to Arrikto’s Private Registry

Arrikto distributes container images via a private Container Registry on Google Cloud (gcr.io). This guide will walk you through configuring access to this private registry.

Choose one of the following options to configure access to Arrikto’s private registry:

What You’ll Need

  • Your clone of the Arrikto GitOps repository.

  • The encrypted Docker JSON configuration file, which is similar to the following:

    dockerconfig_dummy.asc
    1-----BEGIN PGP MESSAGE-----
    2
    3jA0ECQMCZYE2c+tkxZf00ocBYakv/K62OUtCVQz/P8Xq9j6FQK+2y/AsNFQZdnqT
    4-5
    4bOnutQa3iSeCjH9SPnaHWLAoyyULGxA8DWpnrjK6a0lkHyM8shyJufOL5kCgHHmq
    5ZZ9R5O8+6UgEPfzZZ8r2A8UcOpOY07L+K/K0eI0oRn0ShTPffVvfR+a5U6WqapF/
    63eeSgHnfY0w=
    7=6Ssd
    8-----END PGP MESSAGE-----
  • The passphrase to decrypt the above.

Contact Arrikto

If you don’t have any of the above items, please contact the Arrikto Tech Team to provide them to you.

Option 1: Configure Access to Arrikto’s Private Registry Automatically (preferred)

Configure access to Arrikto’s private registry by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from arriktoreg
../../_images/arriktoreg.png

Proceed to the Summary section.

Option 2: Configure Access to Arrikto’s Private Registry Manually

If you want to configure access to Arrikto’s private registry manually, follow this section.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Decrypt the Docker configuration file:

    root@rok-tools:~/ops/deployments# gpg -d > deploy/dockerconfig.json

    Caution

    This will save your Docker configuration file unencrypted in ~/ops/deployments/deploy/dockerconfig.json.

    Note

    The above command will appear to hang while it is waiting for the encrypted text. Proceed to the next step to give the necessary input.

  3. Copy the encrypted text from the email, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- lines.

  4. Paste the encrypted text into the terminal, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- lines.

  5. Enter the passphrase when gpg prompts you to.

  6. Press Ctrl+D to inform gpg that there is no more input.

  7. Save your state:

    root@rok-tools:~/ops/deployments# rok-j2 deploy/env.arriktoreg.j2 -o deploy/env.arriktoreg
  8. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit \ > -am "Configure Access to Arrikto's Private Registry"

Verify

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Set the GCR project and image tag which you will use to verify access to Arrikto’s private container registry:

    root@rok-tools:~/ops/deployments# export GCR_PROJECT=arrikto-deploy
    root@rok-tools:~/ops/deployments# export GCR_IMAGE_TAG=release-2.0-l0-release-2.0
  3. Get the authentication token from your dockerconfig.json file:

    root@rok-tools:~/ops/deployments# export TOKEN=$(cat deploy/dockerconfig.json \ > | jq -r '.auths ."gcr.io" .auth')
  4. Exchange the above token with a bearer token for the GCR project:

    root@rok-tools:~/ops/deployments# export REGISTRY_TOKEN=$(curl -s \ > --header "Authorization: Basic ${TOKEN?}" \ > "https://gcr.io/v2/token?service=gcr.io&scope=registry:${GCR_PROJECT?}/roke:pull" \ > | jq -r '.token')
  5. Access the image container registry by pulling the manifests of the image you specified at step 2:

    root@rok-tools:~/ops/deployments# curl -s \ > --header "Authorization: Bearer ${REGISTRY_TOKEN?}" \ > "https://gcr.io/v2/${GCR_PROJECT?}/roke/manifests/${GCR_IMAGE_TAG?}" \ > | jq -e '.config .digest' > /dev/null && echo OK OK

Summary

You have successfully configured access to Arrikto’s private container registry.

What’s Next

The next step is to create a VPC for your Kubernetes cluster.