From 8786b7f2c610a9ffb75162b768d341565ba1c0b9 Mon Sep 17 00:00:00 2001 From: Ben Starmer-Smith Date: Wed, 2 Apr 2025 10:59:21 +0100 Subject: [PATCH 1/4] Added docs on pulling images from private registrys. --- charts/console/README.md | 91 +++++++++++++++++++++++++++++++--------- charts/gateway/README.md | 29 +++++++++++++ 2 files changed, 101 insertions(+), 19 deletions(-) diff --git a/charts/console/README.md b/charts/console/README.md index d255ce6..b5f1ad2 100644 --- a/charts/console/README.md +++ b/charts/console/README.md @@ -401,25 +401,44 @@ console, we recommend you to look at our ### Kubernetes configuration -- [Install with an enterprise license](#install-with-an-enterprise-license) -- [Install with a basic SSO configuration](#install-with-a-basic-sso-configuration) -- [Install with a Kafka cluster](#install-with-a-kafka-cluster) -- [Install with a Confluent Cloud cluster](#install-with-a-confluent-cloud-cluster) -- [Install without Conduktor monitoring](#install-without-conduktor-monitoring) -- [Provide the license as a Kubernetes Secret](#provide-the-license-as-a-kubernetes-secret) -- [Provide credentials configuration as a Kubernetes Secret](#provide-credentials-configuration-as-a-kubernetes-secret) -- [Provide monitoring configuration as a Kubernetes Secret](#provide-monitoring-configuration-as-a-kubernetes-secret) -- [Store platform data into a Persistent Volume](#store-platform-data-into-a-persistent-volume) -- [Install with a PodAffinity](#install-with-a-podaffinity) -- [Provide console configuration as a Kubernetes ConfigMap](#provide-console-configuration-as-a-kubernetes-configmap) -- [Provide additional credentials as a Kubernetes Secret](#provide-additional-credentials-as-a-kubernetes-secret) -- [Install with a toleration](#install-with-a-toleration) -- [Install with Self-Signed TLS certificate](#install-with-self-signed-tls-certificate) -- [Install with a custom TLS certificate on the platform Pod](#install-with-a-custom-tls-certificate-on-the-platform-pod) -- [Install with a custom service account](#install-with-a-custom-service-account) -- [Install with a AWS EKS IAM Role](#install-with-a-aws-eks-iam-role) -- [Install with Console technical monitoring](#install-with-console-technical-monitoring) -- [Install with custom certificates or keytab](#install-with-custom-certificates-or-keytab) +- [Conduktor Console](#conduktor-console) + - [TL;DR](#tldr) + - [Introduction](#introduction) + - [Prerequisites](#prerequisites) + - [Parameters](#parameters) + - [Global parameters](#global-parameters) + - [Common parameters](#common-parameters) + - [Platform product Parameters](#platform-product-parameters) + - [Platform Monitoring product Parameters](#platform-monitoring-product-parameters) + - [Platform Deployment Parameters](#platform-deployment-parameters) + - [Platform Metrics activation](#platform-metrics-activation) + - [Traffic Exposure Parameters](#traffic-exposure-parameters) + - [Other Parameters](#other-parameters) + - [Platform Cortex Parameters](#platform-cortex-parameters) + - [Snippets](#snippets) + - [Console configuration](#console-configuration) + - [Kubernetes configuration](#kubernetes-configuration) + - [Install with an enterprise license](#install-with-an-enterprise-license) + - [Install with a basic SSO configuration](#install-with-a-basic-sso-configuration) + - [Install with a Kafka cluster](#install-with-a-kafka-cluster) + - [Install with a Confluent Cloud cluster](#install-with-a-confluent-cloud-cluster) + - [Install without Conduktor monitoring](#install-without-conduktor-monitoring) + - [Provide the license as a Kubernetes Secret](#provide-the-license-as-a-kubernetes-secret) + - [Provide credentials configuration as a Kubernetes Secret](#provide-credentials-configuration-as-a-kubernetes-secret) + - [Provide monitoring configuration as a Kubernetes Secret](#provide-monitoring-configuration-as-a-kubernetes-secret) + - [Pulling from private registry using `global.imagePullSecrets`](#pulling-from-private-registry-using-globalimagepullsecrets) + - [Store platform data into a Persistent Volume](#store-platform-data-into-a-persistent-volume) + - [Install with a PodAffinity](#install-with-a-podaffinity) + - [Provide console configuration as a Kubernetes ConfigMap](#provide-console-configuration-as-a-kubernetes-configmap) + - [Provide additional credentials as a Kubernetes Secret](#provide-additional-credentials-as-a-kubernetes-secret) + - [Install with a toleration](#install-with-a-toleration) + - [Install with Self-Signed TLS certificate](#install-with-self-signed-tls-certificate) + - [Install with a custom TLS certificate on the platform Pod](#install-with-a-custom-tls-certificate-on-the-platform-pod) + - [Install with a custom service account](#install-with-a-custom-service-account) + - [Install with a AWS EKS IAM Role](#install-with-a-aws-eks-iam-role) + - [Install with Console technical monitoring](#install-with-console-technical-monitoring) + - [Install with custom certificates or keytab](#install-with-custom-certificates-or-keytab) + - [Troubleshooting](#troubleshooting) ### Install with an enterprise license @@ -655,6 +674,40 @@ data: CDK_MONITORING_STORAGE_S3_SECRETACCESSKEY: ``` + +### Pulling from private registry using `global.imagePullSecrets` + +To use the parameter `global.imagePullSecrets` you need to create a secret with the name you want to use in the parameter. To find out more [see offical documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). + +We need to ensure this secret is of type `docker-registry` and contains the following keys: +```bash +kubectl create secret docker-registry \ + --docker-server= \ + --docker-username= \ + --docker-password= \ + --docker-email= +``` + +Then in your `values.yaml` file, you can set the `global.imagePullSecrets` parameter to the name of the secret you created, you will also need to modify the `global.imageRegistry` parameters to use the same registry as the secret you created. + +This example blelow shows an example of how to set the `global.imagePullSecrets` parameter and the `global.imageRegistry` parameters to use a private harbor registry: +```yaml +global: + imageRegistry: harbor.local.example + imagePullSecrets: + - harbor-secret + +platform: + image: + repository: conduktor/conduktor-console + tag: nightly + +platformCortex: + image: + repository: conduktor/conduktor-console-cortex + tag: nightly +``` + ### Store platform data into a Persistent Volume ```yaml diff --git a/charts/gateway/README.md b/charts/gateway/README.md index 0ae0c66..52e331a 100644 --- a/charts/gateway/README.md +++ b/charts/gateway/README.md @@ -315,6 +315,35 @@ gateway: secretKey: "<256bits long string>" # if empty, a random key will be generated ``` + +#### Pulling from private registry using `global.imagePullSecrets` + +To use the parameter `global.imagePullSecrets` you need to create a secret with the name you want to use in the parameter. To find out more [see offical documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). + +We need to ensure this secret is of type `docker-registry` and contains the following keys: +```bash +kubectl create secret docker-registry \ + --docker-server= \ + --docker-username= \ + --docker-password= \ + --docker-email= +``` + +Then in your `values.yaml` file, you can set the `global.imagePullSecrets` parameter to the name of the secret you created, you will also need to modify the `gateway.image` parameters to use the same registry as the secret you created. + +This example blelow shows an example of how to set the `global.imagePullSecrets` parameter and the `gateway.image` parameters to use a private harbor registry: +```yaml +global: + imagePullSecrets: + - name: harbor-secret + +gateway: + image: + registry: harbor.local.example + repository: conduktor/conduktor-gateway + tag: nightly +``` + ### Ingress configuration examples #### Nginx Ingress without TLS From c1753bb574a300ce0c4ae06ca7ce1e5bc34c4208 Mon Sep 17 00:00:00 2001 From: Ben Starmer-Smith Date: Wed, 2 Apr 2025 11:07:19 +0100 Subject: [PATCH 2/4] Added additional README after viewing CUS ticket. --- charts/console/README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/charts/console/README.md b/charts/console/README.md index b5f1ad2..a721757 100644 --- a/charts/console/README.md +++ b/charts/console/README.md @@ -708,6 +708,26 @@ platformCortex: tag: nightly ``` +You can also specify the `global.imagePullSecrets` and `global.imageRegistry` parameters in the `platform` and `platformCortex` sections if you want to use different secrets and registry's for each of them. + +```yaml +platform: + image: + registry: harbor.local.example + repository: conduktor/conduktor-console + tag: nightly + pullSecrets: + - platform-secret + +platformCortex: + image: + registry: harbor.local.example + repository: conduktor/conduktor-console-cortex + tag: nightly + pullSecrets: + - platform-cortex-secret +``` + ### Store platform data into a Persistent Volume ```yaml From 16efafaaaefd482955cd271367593678314818eb Mon Sep 17 00:00:00 2001 From: Stu-conduktor <122447122+Stu-conduktor@users.noreply.github.com> Date: Wed, 2 Apr 2025 11:20:58 +0100 Subject: [PATCH 3/4] typos --- charts/console/README.md | 4 ++-- charts/gateway/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/console/README.md b/charts/console/README.md index a721757..fc79b33 100644 --- a/charts/console/README.md +++ b/charts/console/README.md @@ -690,7 +690,7 @@ kubectl create secret docker-registry \ Then in your `values.yaml` file, you can set the `global.imagePullSecrets` parameter to the name of the secret you created, you will also need to modify the `global.imageRegistry` parameters to use the same registry as the secret you created. -This example blelow shows an example of how to set the `global.imagePullSecrets` parameter and the `global.imageRegistry` parameters to use a private harbor registry: +The below example shows how to set the `global.imagePullSecrets` parameter and the `global.imageRegistry` parameters to use a private harbor registry: ```yaml global: imageRegistry: harbor.local.example @@ -708,7 +708,7 @@ platformCortex: tag: nightly ``` -You can also specify the `global.imagePullSecrets` and `global.imageRegistry` parameters in the `platform` and `platformCortex` sections if you want to use different secrets and registry's for each of them. +You can also specify the `global.imagePullSecrets` and `global.imageRegistry` parameters in the `platform` and `platformCortex` sections if you want to use different secrets and registries for each of them. ```yaml platform: diff --git a/charts/gateway/README.md b/charts/gateway/README.md index 52e331a..fab244d 100644 --- a/charts/gateway/README.md +++ b/charts/gateway/README.md @@ -331,7 +331,7 @@ kubectl create secret docker-registry \ Then in your `values.yaml` file, you can set the `global.imagePullSecrets` parameter to the name of the secret you created, you will also need to modify the `gateway.image` parameters to use the same registry as the secret you created. -This example blelow shows an example of how to set the `global.imagePullSecrets` parameter and the `gateway.image` parameters to use a private harbor registry: +The below example shows how to set the `global.imagePullSecrets` parameter and the `gateway.image` parameters to use a private harbor registry: ```yaml global: imagePullSecrets: From d1f691aa71ecaac33fb4484c4fe34929cc6fe809 Mon Sep 17 00:00:00 2001 From: Ben Starmer-Smith Date: Wed, 2 Apr 2025 11:53:45 +0100 Subject: [PATCH 4/4] Adjusted to Quentins suggestions (reverting ToC, making it generic not specific to harbor) --- charts/console/README.md | 83 ++++++++++++++++++---------------------- charts/gateway/README.md | 15 ++++++-- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/charts/console/README.md b/charts/console/README.md index a721757..ba7b7ec 100644 --- a/charts/console/README.md +++ b/charts/console/README.md @@ -54,6 +54,7 @@ Helm Chart to deploy Conduktor Console on Kubernetes. - [Provide the license as a Kubernetes Secret](#provide-the-license-as-a-kubernetes-secret) - [Provide credentials configuration as a Kubernetes Secret](#provide-credentials-configuration-as-a-kubernetes-secret) - [Provide monitoring configuration as a Kubernetes Secret](#provide-monitoring-configuration-as-a-kubernetes-secret) + - [Pulling from private registry using `global.imagePullSecrets`](#pulling-from-private-registry-using-globalimagepullsecrets) - [Store platform data into a Persistent Volume](#store-platform-data-into-a-persistent-volume) - [Install with a PodAffinity](#install-with-a-podaffinity) - [Provide console configuration as a Kubernetes ConfigMap](#provide-console-configuration-as-a-kubernetes-configmap) @@ -400,45 +401,26 @@ console, we recommend you to look at our ### Kubernetes configuration - -- [Conduktor Console](#conduktor-console) - - [TL;DR](#tldr) - - [Introduction](#introduction) - - [Prerequisites](#prerequisites) - - [Parameters](#parameters) - - [Global parameters](#global-parameters) - - [Common parameters](#common-parameters) - - [Platform product Parameters](#platform-product-parameters) - - [Platform Monitoring product Parameters](#platform-monitoring-product-parameters) - - [Platform Deployment Parameters](#platform-deployment-parameters) - - [Platform Metrics activation](#platform-metrics-activation) - - [Traffic Exposure Parameters](#traffic-exposure-parameters) - - [Other Parameters](#other-parameters) - - [Platform Cortex Parameters](#platform-cortex-parameters) - - [Snippets](#snippets) - - [Console configuration](#console-configuration) - - [Kubernetes configuration](#kubernetes-configuration) - - [Install with an enterprise license](#install-with-an-enterprise-license) - - [Install with a basic SSO configuration](#install-with-a-basic-sso-configuration) - - [Install with a Kafka cluster](#install-with-a-kafka-cluster) - - [Install with a Confluent Cloud cluster](#install-with-a-confluent-cloud-cluster) - - [Install without Conduktor monitoring](#install-without-conduktor-monitoring) - - [Provide the license as a Kubernetes Secret](#provide-the-license-as-a-kubernetes-secret) - - [Provide credentials configuration as a Kubernetes Secret](#provide-credentials-configuration-as-a-kubernetes-secret) - - [Provide monitoring configuration as a Kubernetes Secret](#provide-monitoring-configuration-as-a-kubernetes-secret) - - [Pulling from private registry using `global.imagePullSecrets`](#pulling-from-private-registry-using-globalimagepullsecrets) - - [Store platform data into a Persistent Volume](#store-platform-data-into-a-persistent-volume) - - [Install with a PodAffinity](#install-with-a-podaffinity) - - [Provide console configuration as a Kubernetes ConfigMap](#provide-console-configuration-as-a-kubernetes-configmap) - - [Provide additional credentials as a Kubernetes Secret](#provide-additional-credentials-as-a-kubernetes-secret) - - [Install with a toleration](#install-with-a-toleration) - - [Install with Self-Signed TLS certificate](#install-with-self-signed-tls-certificate) - - [Install with a custom TLS certificate on the platform Pod](#install-with-a-custom-tls-certificate-on-the-platform-pod) - - [Install with a custom service account](#install-with-a-custom-service-account) - - [Install with a AWS EKS IAM Role](#install-with-a-aws-eks-iam-role) - - [Install with Console technical monitoring](#install-with-console-technical-monitoring) - - [Install with custom certificates or keytab](#install-with-custom-certificates-or-keytab) - - [Troubleshooting](#troubleshooting) +- [Install with an enterprise license](#install-with-an-enterprise-license) +- [Install with a basic SSO configuration](#install-with-a-basic-sso-configuration) +- [Install with a Kafka cluster](#install-with-a-kafka-cluster) +- [Install with a Confluent Cloud cluster](#install-with-a-confluent-cloud-cluster) +- [Install without Conduktor monitoring](#install-without-conduktor-monitoring) +- [Provide the license as a Kubernetes Secret](#provide-the-license-as-a-kubernetes-secret) +- [Provide credentials configuration as a Kubernetes Secret](#provide-credentials-configuration-as-a-kubernetes-secret) +- [Provide monitoring configuration as a Kubernetes Secret](#provide-monitoring-configuration-as-a-kubernetes-secret) +- [Pulling from private registry using `global.imagePullSecrets`](#pulling-from-private-registry-using-globalimagepullsecrets) +- [Store platform data into a Persistent Volume](#store-platform-data-into-a-persistent-volume) +- [Install with a PodAffinity](#install-with-a-podaffinity) +- [Provide console configuration as a Kubernetes ConfigMap](#provide-console-configuration-as-a-kubernetes-configmap) +- [Provide additional credentials as a Kubernetes Secret](#provide-additional-credentials-as-a-kubernetes-secret) +- [Install with a toleration](#install-with-a-toleration) +- [Install with Self-Signed TLS certificate](#install-with-self-signed-tls-certificate) +- [Install with a custom TLS certificate on the platform Pod](#install-with-a-custom-tls-certificate-on-the-platform-pod) +- [Install with a custom service account](#install-with-a-custom-service-account) +- [Install with a AWS EKS IAM Role](#install-with-a-aws-eks-iam-role) +- [Install with Console technical monitoring](#install-with-console-technical-monitoring) +- [Install with custom certificates or keytab](#install-with-custom-certificates-or-keytab) ### Install with an enterprise license @@ -677,6 +659,15 @@ data: ### Pulling from private registry using `global.imagePullSecrets` +The method of setting up your private registry will work with the following registries: +- Artifactory +- Harbor +- Nexus +- GitHub Container Registry (GHCR) +- Google Container Registry (GCR) + +**This method WILL NOT work for AWS Elastic Container Registry (ECR) due to it requiring an authentication token that expires every 12 hours** + To use the parameter `global.imagePullSecrets` you need to create a secret with the name you want to use in the parameter. To find out more [see offical documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). We need to ensure this secret is of type `docker-registry` and contains the following keys: @@ -690,12 +681,12 @@ kubectl create secret docker-registry \ Then in your `values.yaml` file, you can set the `global.imagePullSecrets` parameter to the name of the secret you created, you will also need to modify the `global.imageRegistry` parameters to use the same registry as the secret you created. -This example blelow shows an example of how to set the `global.imagePullSecrets` parameter and the `global.imageRegistry` parameters to use a private harbor registry: +This example blelow shows an example of how to set the `global.imagePullSecrets` parameter and the `global.imageRegistry` parameters to use a private registry: ```yaml global: - imageRegistry: harbor.local.example + imageRegistry: regsitry.company.io imagePullSecrets: - - harbor-secret + - docker-regsitry-secret platform: image: @@ -713,19 +704,19 @@ You can also specify the `global.imagePullSecrets` and `global.imageRegistry` pa ```yaml platform: image: - registry: harbor.local.example + registry: regsitry.company.io repository: conduktor/conduktor-console tag: nightly pullSecrets: - - platform-secret + - docker-regsitry-secret platformCortex: image: - registry: harbor.local.example + registry: regsitry.company.io repository: conduktor/conduktor-console-cortex tag: nightly pullSecrets: - - platform-cortex-secret + - docker-regsitry-secret-cortex ``` ### Store platform data into a Persistent Volume diff --git a/charts/gateway/README.md b/charts/gateway/README.md index 52e331a..0bdaf47 100644 --- a/charts/gateway/README.md +++ b/charts/gateway/README.md @@ -318,6 +318,15 @@ gateway: #### Pulling from private registry using `global.imagePullSecrets` +The method of setting up your private registry will work with the following registries: +- Artifactory +- Harbor +- Nexus +- GitHub Container Registry (GHCR) +- Google Container Registry (GCR) + +**This method WILL NOT work for AWS Elastic Container Registry (ECR) due to it requiring an authentication token that expires every 12 hours** + To use the parameter `global.imagePullSecrets` you need to create a secret with the name you want to use in the parameter. To find out more [see offical documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). We need to ensure this secret is of type `docker-registry` and contains the following keys: @@ -331,15 +340,15 @@ kubectl create secret docker-registry \ Then in your `values.yaml` file, you can set the `global.imagePullSecrets` parameter to the name of the secret you created, you will also need to modify the `gateway.image` parameters to use the same registry as the secret you created. -This example blelow shows an example of how to set the `global.imagePullSecrets` parameter and the `gateway.image` parameters to use a private harbor registry: +This example blelow shows an example of how to set the `global.imagePullSecrets` parameter and the `gateway.image` parameters to use a private registry: ```yaml global: imagePullSecrets: - - name: harbor-secret + - name: docker-regsitry-secret gateway: image: - registry: harbor.local.example + registry: regsitry.company.io repository: conduktor/conduktor-gateway tag: nightly ```