Mirror Images to Internal Registry

To be able to deploy Arrikto EKF in an air gapped environment, you have to mirror all the necessary images to an internal registry. This guide will walk you through mirroring the required images to either a private Amazon Elastic Container Registry (ECR), or an internal, self-hosted container registry.

See also

• Authenticating Docker to an Amazon ECR private registry.

What You'll Need

• A configured management environment.
• Access to Arrikto's Private Registry.
• Your clone of the Arrikto GitOps repository.
• Access to local Docker or running in a Docker-in-Docker environment on Kubernetes.
• Access to https://gcr.io/.
• Sufficient space (about 100 GB) for storing all images.

Procedure

1. Switch to your management environment.

2. Configure Docker to access Arrikto's private registry:

   root@rok-tools:~# mkdir -p ~/.docker
   root@rok-tools:~# cp ~/ops/deployments/deploy/dockerconfig.json ~/.docker/config.json
   

3. Configure Docker to access your internal registry. Choose one of the following options based on who hosts your internal registry.

   Amazon ECR

   Self-Hosted

   root@rok-tools:~# export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text)
   root@rok-tools:~# export AWS_DEFAULT_REGION=$(aws configure get region)
   root@rok-tools:~# aws ecr get-login-password | \
   >    docker login -u AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
   

   Note

   This will use an ephemeral token that will last for 12 hours.

   root@rok-tools:~# docker login registry.example.com
   

4. Switch to the deployments repository:

   root@rok-tools:~# cd ~/ops/deployments
   

5. Get the list of all the necessary images:

   root@rok-tools:~/ops/deployments# rok-image-list -o images
   

6. Pull the images locally:

   root@rok-tools:~/ops/deployments# rok-image-pull --image-list images
   

7. Specify where you want images to be mirrored, that is the internal registry along with an optional repository prefix. Choose one of the following options based on who hosts your internal registry.

   Amazon ECR

   Self-Hosted

   root@rok-tools:~/ops/deployments# export INTERNAL_REGISTRY=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/arrikto
   

   root@rok-tools:~/ops/deployments# export INTERNAL_REGISTRY=registry.example.com/arrikto
   

8. Mirror the images to your internal registry. Choose one of the following options based on who hosts your internal registry.

   Amazon ECR

   Self-Hosted

   root@rok-tools:~/ops/deployments# rok-image-mirror --to ${INTERNAL_REGISTRY?} \
   >     --image-list images \
   >     --push \
   >     --create-ecr-repositories
   

   root@rok-tools:~/ops/deployments# rok-image-mirror --to ${INTERNAL_REGISTRY?} \
   >     --image-list images \
   >     --push
   

9. (Optional) Save images as tarballs locally:

   root@rok-tools:~/ops/deployments# rok-image-mirror --to ${INTERNAL_REGISTRY?} \
   >     --image-list images \
   >     --save \
   >     --save-dir /root/images
   

10. Stage the list of images:

    root@rok-tools:~/ops/deployments# git add images
    

11. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Track list of images to mirror"
    

Summary

You have successfully mirrored all the necessary images to your internal Docker registry.

What's Next

You may now go back and proceed with deploying Rok.

• Deploy Rok