Restricted Network installation for TVK on OCP (Openshift)

TVK installation guide for restricted Network on OCP (Openshift)
  1. Set up local registry - Ref Deploy a registry server

    1. Set up local registry on Ubuntu 20.04 deployed on AWS EC2

    2. Install docker

    3. Start docker registry (using one of the options below)

      1. Unsecured registry

      2. docker run -d -p 5000:5000 --restart=always --name registry registry:2
      3. A secured registry using TLS authentication (Valid certificates are required in “certs” dir)

      4. docker run -d --restart=always --name registry -v "$(pwd)"/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/skregistry.kulkarnisachin.ml.crt -e REGISTRY_HTTP_TLS_KEY=/certs/skregistry.kulkarnisachin.ml.key -p 443:443 registry:2
  2. By default, the registry stores its data on the local filesystem, whether you use a bind mount or a volume. You can store the registry data in an Amazon S3 bucket, Google Cloud Platform, or on another storage back-end by using storage drivers.

  3. Push images to local registry

    1. Pull TVK operator image from Quay or Google Cloud Platform

    2. docker pull quay.io/triliovault/k8s-triliovault-operator:v2.1.0
    3. Tag the image

    4. docker tag quay.io/triliovault/k8s-triliovault-operator:v2.1.0 skregistry.kulkarnisachin.ml/local-k8s-triliovault-operator
    5. Push the image

    6. docker push skregistry.kulkarnisachin.ml/local-k8s-triliovault-operator
    7. Repeat the same for all the images required for TVK (listed below)

    8. TVK operator images

      1. k8s-triliovault-operator
        operator-webhook-init
    9. TVK app images

      1. backup-scheduler
        control-plane
        datamover
        datastore-attacher
        metamover
        exporter
        trilio-webhook-init
        trilio-admission-webhook
        backup-cleaner
        resource-cleaner
        web
        web-backend
        backup-retention
        target-browser
        hook-executor
        analyzer
        ingress-controller
    10. The bash script below can be used to download and push images to local registry. Please check the list of images and tags required for given TVK version.

    11. #!/bin/bash
      ## Update below details as required for the specific TVK version
      ## TVK pkg list for v2.1.0
      pkg_list="k8s-triliovault-operator operator-webhook-init backup-scheduler control-plane datamover datastore-attacher metamover exporter trilio-webhook-init trilio-admission-webhook backup-cleaner resource-cleaner web web-backend backup-retention target-browser hook-executor analyzer ingress-controller"
      gcr_link="eu.gcr.io/amazing-chalice-243510"
      local_reg="skregistry.kulkarnisachin.ml"
      for pkg in ${pkg_list}
      do
      echo "Adding $pkg"
      docker pull ${gcr_link}/${pkg}:v2.1.0
      docker tag ${gcr_link}/${pkg}:v2.1.0 ${local_reg}/${pkg}:v2.1.0
      docker push ${local_reg}/${pkg}:v2.1.0
      done
      ## List all the pkgs
      docker image ls
  4. Update OCP to use the local Registry

  5. $ export LOCAL_DOCKER_REGISTRY=skregistry.kulkarnisachin.ml
    $ echo $LOCAL_DOCKER_REGISTRY
    skregistry.kulkarnisachin.ml
    $ oc patch image.config.openshift.io/cluster --type=merge -p '{"spec":{"registrySources":{"insecureRegistries":["'${LOCAL_DOCKER_REGISTRY}'"]}}}'
    image.config.openshift.io/cluster patched
    $
  6. Update CatalogSource with the image path of this local repo

  7. $ cat operator-local-v210.yaml
    apiVersion: operators.coreos.com/v1alpha1
    kind: CatalogSource
    metadata:
    name: k8s-triliovault-manifest-local
    namespace: openshift-marketplace
    spec:
    sourceType: grpc
    image: skregistry.kulkarnisachin.ml/local-tvk
    $
    $ oc create -f operator-local-v210.yaml
    catalogsource.operators.coreos.com/k8s-triliovault-manifest-local created
    $
  8. Install this operator using OCP UI.

  9. Continue using TVK following Getting Started Guide.