Prerequisites for using private registry

For registries that require repositories to be created manually before pushing images, ensure that the necessary repositories are set up in advance. Additionally, when using a private registry with your Cloud Scale deployment, you must manually create a registry access secret in each relevant namespace, such as the operator and environment namespaces, to enable successful pushing and pulling of images and Helm charts.

To deploy trust-manager using private registry

Create kubernetes secret in trust-manager namespace using the following command:
kubectl create secret docker-registry demo-secret --namespace trust-manager --docker-server=nbk8s-bo.nbartifactory.rsv.ven.veritas.com --docker-username=<username_for_registry> --docker-password=<password_for_registry>
Run the following command to download the helm chart:
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm pull jetstack/trust-manager --version v0.19.0 (Download the Helm chart for trust-manager version v0.19.0 locally.)

Push the required images to your private registry:

Note:

Ensure that the docker login is done for the private registry prior to pushing the images.

Syntax (pull, tag, push):

docker pull <source-registry>/<image-name>:<tag>

docker tag <source-registry>/<image-name>:<tag> <target-registry>/<image-name>:<tag>

docker push <target-registry>/<image-name>:<tag>

For example:

docker pull quay.io/jetstack/cert-manager-package-debian:20210119.0
docker tag quay.io/jetstack/cert-manager-package-debian:20210119.0 nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-package-debian:20210119.0
docker push nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-package-debian:20210119.0
 
docker pull quay.io/jetstack/trust-manager:v0.19.0
docker tag quay.io/jetstack/trust-manager:v0.19.0 nbk8s-bo.nbartifactory.rsv.ven.veritas.com/trust-manager:v0.19.0
docker push nbk8s-bo.nbartifactory.rsv.ven.veritas.com/trust-manager:v0.19.0

Deploy trust-manager using the following command:
helm upgrade -i -n trust-manager trust-manager ./trust-manager-v0.19.0.tgz \
--set image.repository=nbk8s-bo.nbartifactory.rsv.ven.veritas.com/trust-manager \
--set image.tag=v0.19.0 \
--set imagePullSecrets[0].name=demo-secret \
--set app.trust.namespace=nbux \ --wait

Run the following commands to list and verify if the trust-manager is installed:

helm list -n trust-manager

NAME             NAMESPACE       REVISION  UPDATED            STATUS     CHART                  APP VERSION
trust-manager    trust-manager   1         <Date and Time>   deployed   trust-manager-v0.19.0    v0.19.0

kubectl get pods -n trust-manager

NAME                             READY   STATUS     RESTARTS    AGE 
trust-manager-####47cc6c-949v6   1/1     Running     0          26m

To deploy cert-manager using private registry

Create kubernetes secret in cert-manager namespace using the following command:
kubectl create secret docker-registry demo-secret --namespace cert-manager --docker-server=nbk8s-bo.nbartifactory.rsv.ven.veritas.com --docker-username=<username_for_registry> --docker-password=<password_for_registry>
Run the following command to download the helm chart:
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm pull jetstack/cert-manager --version 1.18.2 (Download the Helm chart for cert-manager version v1.18.2 locally.)

Push the required images to your private registry:

Note:

Ensure that the docker login is done for the private registry prior to pushing the images.

Syntax (pull, tag, push):

docker pull <source-registry>/<image-name>:<tag>

docker tag <source-registry>/<image-name>:<tag> <target-registry>/<image-name>:<tag>

docker push <target-registry>/<image-name>:<tag>

For example,

docker pull quay.io/jetstack/cert-manager-controller:v1.18.2
docker pull quay.io/jetstack/cert-manager-webhook:v1.18.2
docker pull quay.io/jetstack/cert-manager-cainjector:v1.18.2
 
docker tag quay.io/jetstack/cert-manager-controller:v1.18.2 nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-controller:v1.18.2
docker tag quay.io/jetstack/cert-manager-webhook:v1.18.2 nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-webhook:v1.18.2 
docker tag quay.io/jetstack/cert-manager-cainjector:v1.18.2 nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-cainjector:v1.18.2
 
docker push nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-controller:v1.18.2 
docker push nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-webhook:v1.18.2 
docker push nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-cainjector:v1.18.2

Deploy cert-manager using the following command:
helm upgrade -i -n cert-manager cert-manager ./cert-manager-v1.18.2.tgz \
--set image.repository=nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-controller \
--set image.tag=v1.18.2 \
--set webhook.image.repository=nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-webhook \
--set webhook.image.tag=v1.18.2 \
--set cainjector.image.repository=nbk8s-bo.nbartifactory.rsv.ven.veritas.com/cert-manager-cainjector \
--set cainjector.image.tag=v1.18.2 \
--set global.imagePullSecrets[0].name=demo-secret \
--set webhook.timeoutSeconds=30 \
--set installCRDs=true \
--wait

Run the following commands to list and verify if the cert-manager is installed:

helm list -n cert-manager

NAME             NAMESPACE       REVISION   UPDATED            STATUS     CHART                  APP VERSION
cert-manager     cert-manager    1         <Date and Time>     deployed   cert-manager-v1.18.2    v1.18.2
kubectl get pods -n trust-manager

NAME                             READY    STATUS     RESTARTS    AGE 
cert-manager-####4466d-lzgvg      1/1     Running     0          14m
cert-manager-####d7754-jrd8n      1/1     Running     0          14m
cert-manager-####d88bb-c79cc      1/1     Running     0          14m

Prerequisites for using private registry

Feedback

Feedback