-
Notifications
You must be signed in to change notification settings - Fork 11
/
configuring-sys-image-registry.html.md.erb
185 lines (135 loc) · 7.81 KB
/
configuring-sys-image-registry.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
---
title: Configuring Your System Image Registry
owner: Tanzu Application Service Release Engineering
---
This topic describes how to relocate VMware <%= vars.app_runtime_full %>
(<%= vars.app_runtime_short %>) images to a private container image registry.
## <a id='prerequisites'></a> Prerequisites
Before installing <%= vars.app_runtime_short %>, complete the following:
* Ensure you have a [VMware Tanzu Network](https://network.pivotal.io/) account to
use to download container images from the VMware Tanzu Network Registry.
Ensure this account has a signed <%= vars.app_runtime_short %> End-User License Agreement (EULA).
* Follow the procedures in:
* [Preparing to Install <%= vars.app_runtime_full %>](preparing-to-install-tas-for-kubernetes.html)
* [Configuring Installation Values](configuring-installation-values.html)
* If installing <%= vars.app_runtime_short %> from a private container image registry:
* Grant write access to your private container image registry.
## <a id='overview'></a> Overview
In Kubernetes, containers can be re-created at various times and a system image for the new container will be pulled
from your system registry. The system registry you use for <%= vars.app_runtime_short %> must always be available when a container is started on a new host.
You can use either the VMware Tanzu Network or a private container image registry as your system registry:
* To configure the VMware Tanzu Network as your system registry, follow the procedures in
[Configure the VMware Tanzu Network as Your System Registry](#configure-for-tanzu-network).
* To configure a private container image registry as your system registry, follow the procedures in
[Configure a Private Container Image Registry as Your System Registry](#configure-for-private).
<br>
Install from a private container image registry for the following situations:
* Your deployment has limited network egress because of firewall or network bandwidth.
* You want to reduce the external runtime dependencies of your <%= vars.app_runtime_short %> installation.
<br>
## <a id='configure-for-tanzu-network'></a> Configure the VMware Tanzu Network as Your System Registry
<%= vars.app_runtime_short %> requires a registered
[VMware Tanzu Network](https://network.pivotal.io) account to pull container images for
system components from the [VMware Tanzu Network container registry](https://registry.pivotal.io/).
To configure <%= vars.app_runtime_short %> with VMware Tanzu Network user credentials:
1. Navigate to the `configuration-values` directory you created earlier.
1. Open the `values.yml` file.
1. Populate the `system_registry` section in the `values.yml` file with the following:
```yaml
system_registry:
hostname: registry.pivotal.io
username: "USERNAME"
password: "PASSWORD"
```
Where:
* `USERNAME` is the username of the account to use to download container images from the VMware Tanzu Network Registry, which will ensure that this account has a signed <%= vars.app_runtime_short %> EULA.
* `PASSWORD` is the password for the account you specified.
## <a id='configure-for-private'></a> Configure a Private Container Image Registry as Your System Registry
Before installing <%= vars.app_runtime_short %> from a private container image registry,
you must relocate the <%= vars.app_runtime_short %> image from the VMware Tanzu Network Registry to the private container image registry.
To relocate the <%= vars.app_runtime_short %> image to a private container image registry:
* [Download the <%= vars.app_runtime_short %> Images](#downloading-the-images)
* [Upload the <%= vars.app_runtime_short %> Images to the Private Container Image Registry](#uploading-the-images)
* [Customize Your Configuration to Use Your Private System Registry](#configure-for-private-registry)
### <a id='downloading-the-images'></a> Download the <%= vars.app_runtime_short %> Images
To download the <%= vars.app_runtime_short %> Images from the VMware Tanzu Network Registry:
1. In your terminal, navigate to the `tanzu-application-service` directory.
1. Log in to the VMware Tanzu Network Registry.
```
docker login registry.pivotal.io \
-u USERNAME \
-p PASSWORD
```
Where:
* `USERNAME` is a VMware Tanzu Network user account.
* `PASSWORD` is the password for the VMware Tanzu Network user account.
1. Package the images into a tarball.
```
kbld package -f <(ytt \
-f config/image-overrides.yml \
-f config/_values.yml ) \
--output /tmp/images.tar
```
Packaging the image takes about 5 minutes to complete.
### <a id='uploading-the-images'></a> Upload the <%= vars.app_runtime_short %> Images to the Private Container Image Registry
To upload the <%= vars.app_runtime_short %> images to the private container image registry:
1. Log in to the private container image registry.
```
docker login PRIVATE_REPOSITORY \
-u USERNAME \
-p PASSWORD
```
Where:
* `PRIVATE-REPOSITORY` is the FQDN or IP address for the private container image registry repository to log in to.
* `USERNAME` is a user account with write access to the registry.
* `PASSWORD` is the password for the user account.
1. Unpackage the image tarball and upload to the private container image registry.
* If your client has the private container image registry CA certificates:
```
kbld unpackage -f <(ytt -f config/image-overrides.yml \
-f config/_values.yml) \
-i /tmp/images.tar \
-r PRIVATE-REPOSITORY/PROJECT/IMAGE \
--lock-output relocated_images.yml
```
Where:
* `PRIVATE-REPOSITORY` is the FQDN or IP address for the private container image registry repository to log in to.
* `PROJECT` is the project name in the registry.
* `IMAGE` is the image name to reallocate the images.
<br>
* If your client does not have the private container image registry CA certificates:
```
kbld unpackage -f <(ytt -f config/image-overrides.yml \
-f config/_values.yml) \
-i /tmp/images.tar \
-r PRIVATE-REPOSITORY/PROJECT/IMAGE \
--lock-output relocated_images.yml \
--registry-verify-certs=false
```
Where:
* `PRIVATE-REPOSITORY` is the FQDN or IP address for the private container image registry repository to log in to.
* `PROJECT` is the project name in your private registry
* `IMAGE` is the image name to reallocate the images.
<p class="note"><strong>Note:</strong>All of the required TAS images you upload have the same image name, but different SHAs.</p>
### <a id='configure-for-private-registry'></a> Customize Your Configuration to Use Your Private System Registry
To customize your configuration files for your private registry:
1. Move the `config/image-overrides.yml` file to the `config-optional` directory.
1. Open `configuration-values/values.yml` in a text editor.
1. To point the system registry variables to the private registry,
configure the `system_registry` section:
```
#@data/values
---
system_registry:
hostname: "REGISTRY-HOSTNAME"
username: "REGISTRY-USERNAME"
password: "REGISTRY-PASSWORD"
```
Where:
* `REGISTRY-HOSTNAME` is the hostname of your private registry.
* `REGISTRY-USERNAME` is a user account with write access to the private registry.
* `REGISTRY-PASSWORD` is the password for the user account.
1. Save the `values.yml` file.
## <a id="next"></a> Next Steps
After you complete this procedure, proceed to
[Configuring Your System Databases](configuring-system-databases.html).