Advanced Configuration
Using a private Docker registry
If you have to install the STRM Privacy Data Plane in an air-gapped environment, you can use the following script to easily mirror all STRM Privacy container images with the image pull secret credentials provided in your installation configuration, which can be found here.
Prerequisites
Using this requires gcloud
and python3
to be
installed.
Furthermore, it uses gcrane
, which
simplifies copying images between (authenticated) registries. The
authentication commands are similar to
Docker. gcloud
is used by gcrane to fetch an access token that allows for authentication with STRM Privacy's registry.
gcloud
The CLI for Google Cloud can be installed with the instructions shown here. This will guide you through all the prerequisites there and make sure that gcloud
is on your PATH
.
gcrane
Install gcrane (as it's not distributed via package managers)
#!/usr/bin/env bash
curl -L https://github.com/google/go-containerregistry/releases/latest/download/go-containerregistry_Linux_x86_64.tar.gz -o go-containerregistry.tar.gz
tar -zxvf go-containerregistry.tar.gz
chmod +x gcrane
mv gcrane /usr/local/bin/
Ensure that gcrane can access your private registry if it requires authentication for pushing images. A command to authenticate gcrane
with access to a private registry would look similar to this:
Mirror images
The following script can be used as an example and can be executed periodically to mirror the STRM Privacy Registry. The image pull secret can be found in the installation settings in the Console.
As it cannot be assumed that the private registry has a directory/folder structure, we replace every /
in the image path to an _
. For example, this would mean the image name of a
batch-exporter will not be the path events/batch-exporters-agent
but rather the image name events_batch-exporters-agent
.