Loading Images to a Container Registry
DPOD Cloud Agent images are currently available for download from Passport Advantage (PPA) and need to be loaded to a container registry, so they can be pulled by your Kubernetes cluster. The container registry may be any private registry which is accessible to the cluster, or the cluster’s internal registry. In the future, the images will be available via IBM’s cp.icr.io/cp/dpod
container registry.
This is the list of the image file names (as available on PPA) and their corresponding images names and tags:
Image File Name | Image Name and Tag |
---|---|
dpod-ca-operator-catalog-<DPOD-VERSION>.tgz | dpod-cloud-agent-operator-catalog:<OPERATOR-VERSION>-amd64 |
dpod-ca-operator-bundle-<DPOD-VERSION>.tgz | dpod-cloud-agent-operator-bundle:<OPERATOR-VERSION>-amd64 |
dpod-ca-operator-<DPOD-VERSION>.tgz | dpod-cloud-agent-operator:<OPERATOR-VERSION>-amd64 |
dpod-ca-api-proxy-<DPOD-VERSION>.tgz | dpod-cloud-agent-api-proxy:<DPOD-VERSION>-amd64 |
dpod-ca-http-ingester-<DPOD-VERSION>.tgz | dpod-cloud-agent-http-ingester:<DPOD-VERSION>-amd64 |
dpod-ca-manager-<DPOD-VERSION>.tgz | dpod-cloud-agent-manager:<DPOD-VERSION>-amd64 |
dpod-ca-messaging-broker-<DPOD-VERSION>.tgz | dpod-cloud-agent-messaging-broker:<DPOD-VERSION>-amd64 |
dpod-ca-syslog-ingester-<DPOD-VERSION>.tgz | dpod-cloud-agent-syslog-ingester:<DPOD-VERSION>-amd64 |
In order to preserve the images digests in the container registry we recommend using the skopeo
utility (available as a package for most distributions: Installing Skopeo).
The skopeo
syntax is as follows:
skopeo copy --all --dest-creds=<destination container registry credentials if needed> docker-archive:<image file full path> \ docker://<destination container registry path>/<image name>:<image tag>
Loading Images to a Private Container Registry
Consider the following example for loading the images to a private container registry.
Set variables with the source, destination, versions, etc.:
CONTAINER_REGISTRY_PATH="my-container-registry.example.com/dpod-cloud-agent" DPOD_CLOUD_AGENT_VERSION="1.0.19.0" DPOD_CLOUD_AGENT_OPERATOR_VERSION="0.1.0" DPOD_CLOUD_AGENT_IMAGE_TAG="${DPOD_CLOUD_AGENT_VERSION}-amd64" DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG="${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64" IMAGES_DIR="/tmp" USER_ID="user" USER_PASSWORD="password"
Load the images to the container registry:
skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-operator-catalog-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-operator-catalog:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-operator-bundle-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-operator-bundle:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-operator-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-operator:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-api-proxy-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-api-proxy:${DPOD_CLOUD_AGENT_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-http-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-http-ingester:${DPOD_CLOUD_AGENT_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-manager-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-manager:${DPOD_CLOUD_AGENT_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-messaging-broker-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-messaging-broker:${DPOD_CLOUD_AGENT_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:${USER_PASSWORD} docker-archive:${IMAGES_DIR}/dpod-ca-syslog-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY_PATH}/dpod-cloud-agent-syslog-ingester:${DPOD_CLOUD_AGENT_IMAGE_TAG}
Loading Images to the OCP Internal Container Registry OPENSHIFT
Consider the following example for loading the images to the OpenShift (OCP) internal container registry.
In this example the operator catalog and bundle images are loaded into the openshift-marketplace
namespace, the operator image is loaded into the openshift-operators
namespace (assuming this is a cluster scope deployment), and the operand images are loaded into the dpod-cloud-agent
application namespace.
Set variables with the source, destination, versions, etc.:
CONTAINER_REGISTRY="default-route-openshift-image-registry.apps.ocp4.mycluster.com" DPOD_CLOUD_AGENT_NAMESPACE="dpod-cloud-agent" DPOD_CLOUD_AGENT_VERSION="1.0.19.0" DPOD_CLOUD_AGENT_OPERATOR_VERSION="0.1.0" DPOD_CLOUD_AGENT_IMAGE_TAG=${DPOD_CLOUD_AGENT_VERSION}-amd64" DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG="${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64" IMAGES_DIR="/tmp" USER_ID="admin"
Load the images to the various namespaces:
skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-catalog-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/openshift-marketplace/dpod-cloud-agent-operator-catalog:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-bundle-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/openshift-marketplace/dpod-cloud-agent-operator-bundle:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/openshift-operators/dpod-cloud-agent-operator:${DPOD_CLOUD_AGENT_OPERATOR_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-api-proxy-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-api-proxy:${DPOD_CLOUD_AGENT_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-http-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-http-ingester:${DPOD_CLOUD_AGENT_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-manager-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-manager:${DPOD_CLOUD_AGENT_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-messaging-broker-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-messaging-broker:${DPOD_CLOUD_AGENT_IMAGE_TAG} skopeo copy --all --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-syslog-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-syslog-ingester:${DPOD_CLOUD_AGENT_IMAGE_TAG}
Mirroring Images from the Container Registry
The DPOD Cloud Agent operator will deploy containers with images referencing to IBM’s cp.icr.io/cp/dpod
container registry. Since the images are currently loaded into a different container registry (a private one or OpenShift’s internal container registry instead of the IBM’s container registry), a mirroring needs to be configured so the Kubernetes cluster can fetch the images.
Without a proper mirroring the pods will fail on ImagePullBackOff
error when trying to pull the images.
Configuring Mirroring with ImageContentSourcePolicy OPENSHIFT
In OCP, mirroring is achieved by configuring the ImageContentSourcePolicy
resource.
Consider the following example which mirrors cp.icr.io/cp/dpod
by the internal OCP registry namespace dpod-cloud-agent
and by a private external registry my-container-registry.example.com/dpod-cloud-agent
. Please adjust the mirrors
entries according to the container registry that the images were loaded into.
apiVersion: operator.openshift.io/v1alpha1 kind: ImageContentSourcePolicy metadata: name: dpod-cloud-agent-registry-mirror spec: repositoryDigestMirrors: - mirrors: - image-registry.openshift-image-registry.svc:5000/dpod-cloud-agent - my-container-registry.example.com/dpod-cloud-agent source: cp.icr.io/cp/dpod - mirrors: - image-registry.openshift-image-registry.svc:5000/dpod-cloud-agent - my-container-registry.example.com/dpod-cloud-agent source: cp.icr.io/cpopen