Cloning images to your private registry
These instructions explain how to install and deploy Vianai container images into a private registry. The intended audience is customers with air-gapped, private cloud, or on-premise deployments.
To perform these following steps your computer needs to be configured with python, the Docker engine, and Google SDK.
Requirements
Vianai provides:
-
Service account—A file containing credentials with read-only access for the Vianai container images in GCR (Google Cloud Registry).
-
Image map—A JSON-formatted file with a list of Vianai images.
-
Clone script—Python script to pull Vianai container images and transfer them to the target registry.
You provide:
-
Google SDK—Google Cloud binaries allowing authentication to Google Cloud services. See list of required software and versions.
-
Storage—Recommend 1TB of temporary storage for Docker container to be stored until the process completes.
Steps
Use the following steps to clone the Vianai container repository.
-
Extract the list of containers:
python generate-image-map.py --version <VERSION> --output-file vianai-<VERSION>.jsonwhere
VERSIONshould match the Vianai platform For example, for v2.1r3 the command may be:python generate-image-map.py --version 2.1r3 --output-file vianai-v2.1r3.jsonNote that you may not want or need all images provided in the image. Work with your Vianai Sales or Support representative if you want to remove unneeded images.
-
Make sure the private registry is set up and Docker is authenticated. See the section “Registry Authentication” (below) for instructions to create the private registry and set up authentication specific to the target cloud provider.
-
Tag and push the containers to the new private registry:
python import-images.py --map-file vianai-<VERSION>.json --dest-repo <DEST-REPO>where:
VERSIONshould match the Vianai platformDEST_REPOmust match the address for the target private registry
For example, for v2.1r3 the command for a test repo may be:
python import-images.py --map-file vianai-2.1r3.json --dest-repo testprivaterepo.azurecr.ioWhile the command for a production AWS repo may be:
python import-images.py --map-file vianai-2.1r3.json --dest-repo <AWS ACCT ID>.dkr.ecr.<REGION>.amazonaws.com -
Authorize access to the Vianai container repository:
gcloud auth activate-service-account <ACCOUNT-NAME> --key-file=<YOUR-SERVICE-ACCOUNT-CREDS>.json gcloud auth configure-docker us.gcr.iowhere:
ACCOUNT-NAMEis the value provided in the client_email field of your service account fileYOUR-SERVICE-ACCOUNT-CREDSis provided in your service account file
-
Set up WRITE access authorization for the private container registry.
-
Transfer Vianai mages using the clone script:
python import-images.py --map-file <VIANAI-PROVIDED-IMAGE-MAP-FILE> --dest-repo <PARTNER-CONTAINER-REGISTRY>where:
VIANAI-PROVIDED-IMAGE-MAP-FILEis the location of the Vianai-provided image map filePARTNER-CONTAINER-REGISTRYis provided in your service account file
Repository Authentication
Azure
- See instructions for creating a container registry in Azure.
- Authenticate via command line:
az login --use-device-code az acr login -n TESTPRIVATEREPO --expose-tokenwhere
TESTPRIVATEREPOis the name for your Azure container registry (replace with actual registry name)
AWS
- See instructions for creating a container registry in create ECS.
-
Authenticate via command line:
export AWS_ACCESS_KEY_ID=xxxxxx export AWS_SECRET_ACCESS_KEY=yyyyy aws ecr get-login-password --region REGION | docker login --username AWS --password-stdin AWS_ACCT_ID.dkr.ecr.REGION.amazonaws.comwhere:
REGIONmatches your ECS regionAWS_ACCT_IDidentifies your AWS account
GCP
- See instructions for creating a container registry in create GCP.
-
Authenticate via command line:
gcloud auth activate-service-account <ACCOUNT-NAME> --key-file=<YOUR-SERVICE-ACCOUNT-CREDS>.JSON gcloud auth configure-docker us.gcr.iowhere:
ACCOUNT-NAMEmatches your GCP registry account name regionYOUR-SERVICE-ACCOUNT-CREDSidentifies your GCP service account