Kubectl create secret docker-registry quay-registry-secret -docker-server=quay.io -docker-username=YOUR-USERNAME -docker-password=YOUR-PASSWORD -n alfresco Choose Content Services version. Decide whether you want to install the latest version of Content Services (Enterprise) or a previous version, and follow the steps in the relevant section. Step 2: Pull the Docker image and push it to your private Harbor Registry. Next, pull the Docker image of the chart you want to add to your private repository. Then, you need to push it to Harbor to make it available in your project. Follow these steps: Execute the following command to obtain the latest Bitnami Ghost image. Minikube: Install Minikube; Helm: Install Helm; Run Kubernetes using Minikube Start Minikube with a generous helping of resources if you run large work loads. For me that means running 4 cpus, 6 GB of RAM and 100 GB Storage. Another key is to add an insecure registry flag so docker will push to our registry over plaintext http port 80. Applying the Pod Security Policies for Component Pack Install the k8s-psp helm chart to apply the. The Component Pack Helm charts use a Docker registry to pull the.
The section describes how to install an insecuredocker registry in Kubernetes, using the standard Kubernetes helm charts.
A local docker registry can be used to push container images directly to the cluster,which could be useful for example in the following cases:
The CORD POD has no Internet access, so container images cannot be downloaded directly from DockerHub to the POD.
You are developing new CORD components, or modifying existing ones. You may want to test your changes before uploading the image to the official docker repository. In this case, your workflow might be to build your new container and push it to the local registry.
More informations about docker registries can be found at https://docs.docker.com/registry/.
Note:Insecure registries can be used for development, POCs or lab trials. You should not use this in production. There are planty of documents online that guide you through secure registry setup.
Helm provides a default helm chart to deploy an insecure registry on yourKubernetes cluster. The following command deploys the registry and exposesthe port 30500. (You may want to change it with any value that fit yourdeployment needs.)
The registry can be queried at any time, for example:
For the images to be consumed on the Kubernetes cluster, they need tobe first tagged, and pushed to the local registry:
Supposing your docker-registry address is:
and that your original image name is called:
you'll need to tag the image as
For example, you can use the docker tag command to do this:
Now, you can push the image to the registry. For example, with docker push:
The image should now be in the local docker registry on your cluster.
Sometimes you may need to download, tag and push lots of images.This can become a long and error prone operation if done manually.For this reason, we provide an optional tool that automates the tagand push procedures. The script can be foundhere.
Now that your custom images are in the local docker registry on the Kubernetescluster, you can modify the CORD helm charts to instruct the system to consumethem instead of using the default images from DockerHub.
Image names and tags are specified in the values.yaml file of each chart(look in the main chart directory), or alternatively, in the configurationfiles in the config directory.
Simply modify the values as needed, uninstall the containers previously deployed,and deploy them again.
Note: It is better to extend the existing helm charts, rather than directly modifying them. This way you can keep the original configuration as it is, and just override some values when needed. You can do this by writing your additional configuration yaml file, and parsing it as needed, adding
-f my-additional-config.yml to your helm commands.
The full CORD helm charts reference documentation is available here.