Set Up Registry to Load Container Images

This page provides instructions for loading container images into the registry and explains how to configure authentication if your environment requires it.

Load the Container Images

Ensure that you have the following libraries, files, and network access:
  • skopeo 1.9 or higher
  • Image tar archives in the source directory. Example path: appd-images
  • Network access to the target registry.

Supported Registry Types

Any container registry that implements the OCI Distribution Specification is supported, provided it uses either anonymous access or username/password-based authentication.

Before deploying Virtual Appliance, load the container images into the registry.
Note:

Go to the directory where you have extracted the deployment files.

  1. Run the following command to load OCI images from archives to your container registry:
    Note: Ensure that ./scripts/load-images.sh has executable permissions.
    CODE 
    ./scripts/load-images.sh \
  --source-dir ./images \
  --registry <registry-url>
    Option Description Required
    --source-dir DIR Directory contains *-images-*.tar and *-image-list files. Yes
    --registry URL Target registry URL. Yes
    --username USER Enter the registry username if authentication is needed. No
    --password PASS Enter the registry password if authentication is needed. No
    --insecure Allow HTTP or self-signed certificates. No
    --force Overwrite existing images. No
    --dry-run Show what happens for the given command. No
    CODE 
    # Basic usage (anonymous registry)
./scripts/load-images.sh \
  --source-dir ./appd-images \
  --registry myregistry.example.com:5000

# With authentication
./scripts/load-images.sh \
  --source-dir ./appd-images \
  --registry myregistry.example.com:5000 \
  --username admin \
  --password secretpass

# Self-signed certificate or HTTP registry
./scripts/load-images.sh \
  --source-dir ./appd-images \
  --registry myregistry.example.com:5000 \
  --insecure

# Dry run to preview
./scripts/load-images.sh \
  --source-dir ./appd-images \
  --registry myregistry.example.com:5000 \
  --dry-run
  2. Update the globals.yaml.gotmpl file with the image registry URL.
    CODE 
    global:
  imageRegistry: "custom-registry-appd-registry.apps.rosa.mycluster.openshiftapps.com"
    The Virtual Appliance pods pull images from this registry URL, which is automatically accessible to chart templates

Create Pull Secrets in Namespaces

To streamline namespace access, set up passwordless authentication on your Kubernetes cluster.

If your registry requires authentication and passwordless authentication is not configured on your cluster, you must create pull secrets in all namespaces.
Note:

Go to the directory where you have extracted the deployment files.

  1. View ./config/namespaces.conf all the namespaces used in your deployment.
    CODE 
    vi namespaces.conf

    Example Output:

    CODE 
    =============================================================================
VA BYOK Namespace Configuration
=============================================================================
This file defines all namespaces required for the VA BYOK deployment.
Format: One namespace per line. Lines starting with # are comments.
Empty lines are ignored.
=============================================================================
-----------------------------------------------------------------------------
Operator Namespaces (deployed first)
These namespaces host the operators that manage other resources
-----------------------------------------------------------------------------

[operators]
cert-manager
elastic-system
mysql-operator
kafka-operator
pg-operator
-----------------------------------------------------------------------------
Infrastructure Namespaces
Core infrastructure services
-----------------------------------------------------------------------------

[infrastructure]
appd-cluster
replicator
cisco-coredns
monitoring
-----------------------------------------------------------------------------
Data Layer Namespaces
Databases, message queues, and data stores
-----------------------------------------------------------------------------

[data]
es
kafka
mysql
postgres
schema-registry
redis
-----------------------------------------------------------------------------
AppDynamics Core Namespaces
Main AppDynamics components
-----------------------------------------------------------------------------

[appd-core]
cisco-controller
cisco-events
cisco-eum
cisco-synthetic
-----------------------------------------------------------------------------
Authentication Namespaces
Auth services
-----------------------------------------------------------------------------

[auth]
authn
authz
-----------------------------------------------------------------------------
Feature Namespaces
Optional feature modules
-----------------------------------------------------------------------------

[features]
cisco-aiops
cisco-otis       # Disabled: OTIS not supported in BYOK
cisco-uil        # Disabled: UIL not supported in BYOK For now

cisco-secureapp
cisco-atd
  2. Pull secrets using a script.
    1. Update the ./config/pull-secret.conf file with the registry credentials.
      CODE 
      # Secret name (will be created in each namespace)
SECRET_NAME=appd-registry-secret

# Docker registry URL
REGISTRY_SERVER=myregistry.example.com:5000

# Registry credentials
REGISTRY_USERNAME=myuser
REGISTRY_PASSWORD=mypassword

# Optional email
REGISTRY_EMAIL=admin@example.com
    2. Run the ./scripts/create-pull-secrets.sh script.
      The following are the available options to run this script:
      Option Description
      --dry-run Shows you a preview without creating secrets.
      --server URL Overrides the registry server.
      --username USER Overrides the username.
      --password PASS Overrides the password.
      --secret-name NAME Overrides the secret name.
      Example:
      CODE 
      # Using config file
./scripts/create-pull-secrets.sh

# Override via command line
./scripts/create-pull-secrets.sh \
  --server myregistry.example.com:5000 \
  --username admin \
  --password secret123

# Dry run
./scripts/create-pull-secrets.sh --dry-run
    3. Specify the SECRET_NAME you entered in the pull-secret.conf file to link the registry from the globals.yaml.gotmpl file.
      CODE 
      global:
  imagePullSecrets:
    - name: appd-registry-secret