IBM DataPower Operations Dashboard v1.0.19.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Loading Images to a Container Registry

DPOD Cloud Agent images are currently available for download from Passport Advantage (PPA) and need to be loaded to a container registry, so they can be pulled by your Kubernetes cluster. The container registry may be any private registry which is accessible to the cluster, or the cluster’s internal registry. In the future, the images will be available via IBM’s cp.icr.io/cp/dpod container registry.

This is the list of the image file names (as available on PPA) and their corresponding images names and tags:

Image File Name

Image Name and Tag

dpod-ca-operator-catalog-<DPOD-VERSION>.tgz

dpod-cloud-agent-operator-catalog:<OPERATOR-VERSION>-amd64

dpod-ca-operator-bundle-<DPOD-VERSION>.tgz

dpod-cloud-agent-operator-bundle:<OPERATOR-VERSION>-amd64

dpod-ca-operator-<DPOD-VERSION>.tgz

dpod-cloud-agent-operator:<OPERATOR-VERSION>-amd64

dpod-ca-api-proxy-<DPOD-VERSION>.tgz

dpod-cloud-agent-api-proxy:<DPOD-VERSION>-amd64

dpod-ca-http-ingester-<DPOD-VERSION>.tgz

dpod-cloud-agent-http-ingester:<DPOD-VERSION>-amd64

dpod-ca-manager-<DPOD-VERSION>.tgz

dpod-cloud-agent-manager:<DPOD-VERSION>-amd64

dpod-ca-messaging-broker-<DPOD-VERSION>.tgz

dpod-cloud-agent-messaging-broker:<DPOD-VERSION>-amd64

dpod-ca-syslog-ingester-<DPOD-VERSION>.tgz

dpod-cloud-agent-syslog-ingester:<DPOD-VERSION>-amd64

In order to preserve the images digests in the container registry we recommend using the skopeo utility (available as a package for most distributions: Installing Skopeo).

The skopeo syntax is as follows:

skopeo copy --all --dest-creds=<destination container registry credentials if needed> docker-archive:<image file full path> \
    docker://<destination container registry path>/<image name>:<image tag>

Loading Images to a Private Container Registry

Consider the following example for loading the images to a private container registry.

  1. Set variables with the source, destination, versions, etc.:

    CONTAINER_REGISTRY_PATH="my-container-registry.example.com/dpod-cloud-agent"
DPOD_CLOUD_AGENT_VERSION="1.0.19.0"
DPOD_CLOUD_AGENT_OPERATOR_VERSION="0.1.0"
DPOD_CLOUD_AGENT_IMAGE_TAG="${DPOD_CLOUD_AGENT_VERSION}-amd64"
DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG="${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64"
IMAGES_DIR="/tmp"
USER_ID="user"
USER_PASSWORD="password"

  2. Load the images to the container registry:

    skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-operator-catalog-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-operator-catalog:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-operator-bundle-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-operator-bundle:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG}	
skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-operator-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-operator:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-api-proxy-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-api-proxy:${DPOD_CLOUD_AGENT_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-http-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-http-ingester:${DPOD_CLOUD_AGENT_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-manager-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-manager:${DPOD_CLOUD_AGENT_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-messaging-broker-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-messaging-broker:${DPOD_CLOUD_AGENT_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-syslog-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-syslog-ingester:${DPOD_CLOUD_AGENT_IMAGE_TAG}

Loading Images to the OCP Internal Container Registry OPENSHIFT

Consider the following example for loading the images to the OpenShift (OCP) internal container registry.
In this example the operator catalog and bundle images are loaded into the openshift-marketplace namespace, the operator image is loaded into the openshift-operators namespace (assuming this is a cluster scope deployment), and the operand images are loaded into the dpod-cloud-agent application namespace.

  1. Set variables with the source, destination, versions, etc.:

    CONTAINER_REGISTRY="default-route-openshift-image-registry.apps.ocp4.mycluster.com"
DPOD_CLOUD_AGENT_NAMESPACE="dpod-cloud-agent"
DPOD_CLOUD_AGENT_VERSION="1.0.19.0"
DPOD_CLOUD_AGENT_OPERATOR_VERSION="0.1.0"
DPOD_CLOUD_AGENT_IMAGE_TAG=${DPOD_CLOUD_AGENT_VERSION}-amd64"
DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG="${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64"
IMAGES_DIR="/tmp"
USER_ID="admin"

  2. Load the images to the various namespaces:

    skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-catalog-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/openshift-marketplace/dpod-cloud-agent-operator-catalog:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-bundle-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/openshift-marketplace/dpod-cloud-agent-operator-bundle:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/openshift-operators/dpod-cloud-agent-operator:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-api-proxy-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-api-proxy:${DPOD_CLOUD_AGENT_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-http-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-http-ingester:${DPOD_CLOUD_AGENT_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-manager-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-manager:${DPOD_CLOUD_AGENT_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-messaging-broker-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-messaging-broker:${DPOD_CLOUD_AGENT_IMAGE_TAG}
skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-syslog-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-syslog-ingester:${DPOD_CLOUD_AGENT_IMAGE_TAG}

Mirroring Images from the Container Registry

The DPOD Cloud Agent operator will deploy containers with images referencing to IBM’s cp.icr.io/cp/dpod container registry. Since the images are currently loaded into a different container registry (a private one or OpenShift’s internal container registry instead of the IBM’s container registry), a mirroring needs to be configured so the Kubernetes cluster can fetch the images.

Without a proper mirroring the pods will fail on ImagePullBackOff error when trying to pull the images.

Configuring Mirroring with ImageContentSourcePolicy OPENSHIFT

In OCP, mirroring is achieved by configuring the ImageContentSourcePolicy resource.

Consider the following example which mirrors cp.icr.io/cp/dpod by the internal OCP registry namespace dpod-cloud-agent and by a private external registry my-container-registry.example.com/dpod-cloud-agent. Please adjust the mirrors entries according to the container registry that the images were loaded into.

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
  name: dpod-cloud-agent-registry-mirror
spec:
  repositoryDigestMirrors:
    - mirrors:
        - image-registry.openshift-image-registry.svc:5000/dpod-cloud-agent
        - my-container-registry.example.com/dpod-cloud-agent
      source: cp.icr.io/cp/dpod
    - mirrors:
        - image-registry.openshift-image-registry.svc:5000/dpod-cloud-agent
        - my-container-registry.example.com/dpod-cloud-agent
      source: cp.icr.io/cpopen

  • No labels

Copyright © 2015 MonTier Software (2015) Ltd.