Configuring Your System Image Registry

This topic describes how to relocate VMware Tanzu Application Service for Kubernetes (TAS for Kubernetes) images to a private container image registry.

Prerequisites

Before installing TAS for Kubernetes, complete the following:

Overview

In Kubernetes, containers can be re-created at various times and a system image for the new container will be pulled from your system registry. The system registry you use for TAS for Kubernetes must always be available when a container is started on a new host.

You can use either the VMware Tanzu Network or a private container image registry as your system registry:


Configure the VMware Tanzu Network as Your System Registry

TAS for Kubernetes requires a registered VMware Tanzu Network account to pull container images for system components from the VMware Tanzu Network container registry.

To configure TAS for Kubernetes with VMware Tanzu Network user credentials:

  1. Navigate to the configuration-values directory you created earlier.
  2. Open the values.yml file.

  3. Populate the system_registry section in the values.yml file with the following:

    system_registry:
  hostname: registry.pivotal.io
  username: "USERNAME"
  password: "PASSWORD"

    Where:

    • USERNAME is the username of the account to use to download container images from the VMware Tanzu Network Registry, which will ensure that this account has a signed TAS for Kubernetes EULA.
    • PASSWORD is the password for the account you specified.

Configure a Private Container Image Registry as Your System Registry

Before installing TAS for Kubernetes from a private container image registry, you must relocate the TAS for Kubernetes image from the VMware Tanzu Network Registry to the private container image registry.

To relocate the TAS for Kubernetes image to a private container image registry:

Download the TAS for Kubernetes Images

To download the TAS for Kubernetes Images from the VMware Tanzu Network Registry:

  1. In your terminal, navigate to the tanzu-application-service directory.

  2. Log in to the VMware Tanzu Network Registry.

    docker login registry.pivotal.io \
                   -u USERNAME \
                   -p PASSWORD

    Where:

    • USERNAME is a VMware Tanzu Network user account.
    • PASSWORD is the password for the VMware Tanzu Network user account.

  3. Package the images into a tarball.

    kbld package -f <(ytt \
               -f config/image-overrides.yml \
               -f config/_values.yml ) \
               --output /tmp/images.tar

    Packaging the image takes about 5 minutes to complete.

Upload the TAS for Kubernetes Images to the Private Container Image Registry

To upload the TAS for Kubernetes images to the private container image registry:

  1. Log in to the private container image registry.

    docker login PRIVATE_REPOSITORY \
                   -u USERNAME \
                   -p PASSWORD

    Where:

    • PRIVATE-REPOSITORY is the FQDN or IP address for the private container image registry repository to log in to.
    • USERNAME is a user account with write access to the registry.
    • PASSWORD is the password for the user account.

  2. Unpackage the image tarball and upload to the private container image registry.

    • If your client has the private container image registry CA certificates:

      kbld unpackage -f <(ytt -f config/image-overrides.yml \
                 -f config/_values.yml) \
                 -i /tmp/images.tar \
                 -r PRIVATE-REPOSITORY/PROJECT/IMAGE \
                 --lock-output relocated_images.yml

      Where:

      • PRIVATE-REPOSITORY is the FQDN or IP address for the private container image registry repository to log in to.
      • PROJECT is the project name in the registry.
      • IMAGE is the image name to reallocate the images.

    • If your client does not have the private container image registry CA certificates:

      kbld unpackage -f <(ytt -f config/image-overrides.yml \
                 -f config/_values.yml) \
                 -i /tmp/images.tar \
                 -r PRIVATE-REPOSITORY/PROJECT/IMAGE \
                 --lock-output relocated_images.yml \
                 --registry-verify-certs=false

      Where:

      • PRIVATE-REPOSITORY is the FQDN or IP address for the private container image registry repository to log in to.
      • PROJECT is the project name in your private registry
      • IMAGE is the image name to reallocate the images.

Note:All of the required TAS images you upload have the same image name, but different SHAs.

Customize Your Configuration to Use Your Private System Registry

To customize your configuration files for your private registry:

  1. Move the config/image-overrides.yml file to the config-optional directory.
  2. Open configuration-values/values.yml in a text editor.

  3. To point the system registry variables to the private registry, configure the system_registry section:

    #@data/values
---
system_registry:
  hostname: "REGISTRY-HOSTNAME"
  username: "REGISTRY-USERNAME"
  password: "REGISTRY-PASSWORD"

    Where:

    • REGISTRY-HOSTNAME is the hostname of your private registry.
    • REGISTRY-USERNAME is a user account with write access to the private registry.
    • REGISTRY-PASSWORD is the password for the user account.

  4. Save the values.yml file.

Next Steps

After you complete this procedure, proceed to Configuring Your System Databases.