Fetching installation artifacts
1. Before fetching
-
Make sure the preparation for installation is completed.
-
Collect the necessary information that was set or retrieved on previous steps:
Object Example value How to get value On-Premise license DEMO-KEY-DGCTL-AAAAAA-BBBBBB
See Preparation for installation
2. Configure hosts
docker.example.com
This host will serve the Docker Registry. The host must be available in the public network, see Preparation for installaion.
To configure the host:
-
Install an operating system: see the list of supported operating systems.
-
Install Docker Registry: see the list of supported versions and registry size requirements.
The registry must be available at
https://docker.example.com:5000/
. -
Configure authentication in the registry by username and password.
Example:
- Username:
registry
- Password:
DOCKERregistryP@ssW0rd
- Username:
artifacts.example.com
This host will serve the S3 compatible installation artifacts storage. The host must be available in the public network, see Preparation for installation.
To configure the host:
-
Install an operating system: see the list of supported operating systems.
-
Install an S3 compatible storage that fits your needs. It is recommended to use Ceph: see the list of supported versions and storage size requirements.
The storage must be available at
https://artifacts.example.com:443/
. -
In the installed storage, create the
onpremise-artifacts
bucket of the needed size. -
Set a service account with read and write permissions to the bucket.
Generate a key for this account, which will be be used to access the bucket.
Example:
- Access key:
AKIAIOSFODNN7EXAMPLE
- Secret key:
wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY
- Access key:
example.com
This host will serve the DGCLI utility. The host must be available in the public network, see Preparation for installation.
To configure the host:
-
Install an operating system: see the list of supported operating systems.
-
Install Docker Engine: see the list of supported versions.
-
Ensure that the previously configured services are available:
https://docker.example.com:5000/
https://artifacts.example.com:443/
3. Fetch installation artifacts
-
Log in to
example.com
via SSH. -
Create the
dgctl-config.yaml
configuration file. See here for more details on the available settings.dgctl-config.yaml
key: DEMO-KEY-DGCTL-AAAAAA-BBBBBB log-format: json storage: type: s3 host: artifacts.example.com:443 bucket: onpremise-artifacts access-key: AKIAIOSFODNN7EXAMPLE secret-key: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY docker: registry: username: registry password: DOCKERregistryP@ssW0rd server-address: https://docker.example.com:5000 image-prefix: /
-
Run the DGCLI utility:
docker run --rm \ -v $(pwd)/dgctl-config.yaml:/dgctl-config.yaml \ -v /mnt/dgctl-source:/dgctl-source \ -v /var/run/docker.sock:/var/run/docker.sock \ -v $(pwd)/values:/values \ --user $(id -u):$(id -g) \ 2gis/dgctl:latest \ pull --config=/dgctl-config.yaml --version=1.32.0 --apps-to-registry --generate-values
Fetching artifacts can take a long time. When the process is finished, the command output contains the path to a manifest file. Example:
manifests/1640661259.json
.If the
--generate-values
flag is used, thegeneral.yaml
file with configuration parameters is generated and stored in the local directory that is specified in the-v <path>:/values
argument (-v $(pwd)/values:/values
in the example). If the path is not specified, the file is deleted after running the utility.
4. Create infrastructure mirrors in the private network
Create mirrors of the following resources in the private network:
Resource | Host in public network | Mirror host in private network |
---|---|---|
Docker Registry | docker.example.com |
docker.storage.example.local |
S3 compatible installation artifacts storage | artifacts.example.com |
artifacts.storage.example.local |
The endpoints for the mirrors in the private network will differ from the endpoints in the public network.
Example:
- Registry mirror endpoint:
docker.storage.example.local:5000
- Storage mirror endpoint:
artifacts.storage.example.local:443
5. Create a Kubernetes secret for accessing Docker Registry
This secret is required so that Helm, which is used for installing On-Premise services, can access the Docker images located in the Registry. Without a secret, any operation involving the Registry will fail.
Example:
kubectl create secret docker-registry onpremise-registry-creds \
--docker-server=docker.storage.example.local:5000 \
--docker-username=registry \
--docker-password=DOCKERregistryP@ssW0rd