Skip to main content

Fetching installation artifacts

1. Before fetching

  1. Make sure the preparation for installation is completed.

  2. Collect the necessary information that was set or retrieved on previous steps:

    ObjectExample valueHow to get value
    On-Premise licenseDEMO-KEY-DGCTL-AAAAAA-BBBBBBSee Preparation for installation

2. Configure hosts

docker.example.com

This host will serve the Docker Registry. The host must be available in the public network, see Preparation for installaion.

To configure the host:

  1. Install an operating system: see the list of supported operating systems.

  2. Install Docker Registry: see the list of supported versions and registry size requirements.

    The registry must be available at https://docker.example.com:5000/.

  3. Configure authentication in the registry by username and password.

    Example:

    • Username: registry
    • Password: DOCKERregistryP@ssW0rd

artifacts.example.com

This host will serve the S3 compatible installation artifacts storage. The host must be available in the public network, see Preparation for installation.

To configure the host:

  1. Install an operating system: see the list of supported operating systems.

  2. Install an S3 compatible storage that fits your needs. It is recommended to use Ceph: see the list of supported versions and storage size requirements.

    The storage must be available at https://artifacts.example.com:443/.

  3. In the installed storage, create the onpremise-artifacts bucket of the needed size.

  4. Set a service account with read and write permissions to the bucket.

    Generate a key for this account, which will be be used to access the bucket.

    Example:

    • Access key: AKIAIOSFODNN7EXAMPLE
    • Secret key: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

example.com

This host will serve the DGCLI utility. The host must be available in the public network, see Preparation for installation.

To configure the host:

  1. Install an operating system: see the list of supported operating systems.

  2. Install Docker Engine: see the list of supported versions.

  3. Ensure that the previously configured services are available:

    • https://docker.example.com:5000/
    • https://artifacts.example.com:443/

3. Fetch installation artifacts

  1. Log in to example.com via SSH.

  2. Create the dgctl-config.yaml configuration file. See here for more details on the available settings.

    dgctl-config.yaml
    key: DEMO-KEY-DGCTL-AAAAAA-BBBBBB
    log-format: json

    storage:
        type: s3

        host: artifacts.example.com:443
        bucket: onpremise-artifacts
        access-key: AKIAIOSFODNN7EXAMPLE
        secret-key: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

    docker:
        registry:
            username: registry
            password: DOCKERregistryP@ssW0rd
            server-address: https://docker.example.com:5000
            image-prefix: /

  3. Run the DGCLI utility:

        docker run --rm \
        -v $(pwd)/dgctl-config.yaml:/dgctl-config.yaml \
        -v /mnt/dgctl-source:/dgctl-source \
        -v /var/run/docker.sock:/var/run/docker.sock \
        -v $(pwd)/values:/values \
        --user $(id -u):$(id -g) \
        2gis/dgctl:latest \
        pull --config=/dgctl-config.yaml --version=1.32.0 --apps-to-registry --generate-values

    Fetching artifacts can take a long time. When the process is finished, the command output contains the path to a manifest file. Example: manifests/1640661259.json.

    If the --generate-values flag is used, the general.yaml file with configuration parameters is generated and stored in the local directory that is specified in the -v <path>:/values argument (-v $(pwd)/values:/values in the example). If the path is not specified, the file is deleted after running the utility.

4. Create infrastructure mirrors in the private network

Create mirrors of the following resources in the private network:

ResourceHost in public networkMirror host in private network
Docker Registrydocker.example.comdocker.storage.example.local
S3 compatible installation artifacts storageartifacts.example.comartifacts.storage.example.local

The endpoints for the mirrors in the private network will differ from the endpoints in the public network.

Example:

  • Registry mirror endpoint: docker.storage.example.local:5000
  • Storage mirror endpoint: artifacts.storage.example.local:443

5. Create a Kubernetes secret for accessing Docker Registry

This secret is required so that Helm, which is used for installing On-Premise services, can access the Docker images located in the Registry. Without a secret, any operation involving the Registry will fail.

Example:

kubectl create secret docker-registry onpremise-registry-creds \
    --docker-server=docker.storage.example.local:5000 \
    --docker-username=registry \
    --docker-password=DOCKERregistryP@ssW0rd

What's next?