• EN
Solved

How overwrite image registry in k10-namespace-generic-volume-2.0.13 blueprint

  • 16 February 2022
  • 5 comments
  • 331 views
D
Userlevel 1

Hello,

I am trying to snapshot and export an K8s application through the execution of a Kasten Policy.
My environment is installed in air gapped mode and when I ran the policy on K8s the “k10-namespace-generic-volume-2.0.13” blueprint is automatically created. 
I am guessing if there is a way to overwrite the tag image in the blueprint YAML so the image would be pulled from my private repository and not from public one.

I wanna change that 

image: ghcr.io/kanisterio/kanister-tools:0.72.0

to

image: myprivaterepo.io/kanisterio/kanister-tools:0.72.0



Many thanks! :grinning:

icon

Best answer by jaiganeshjk 16 February 2022, 18:08

View original

5 comments

jaiganeshjk
Userlevel 6
Badge +2

 @DavidBeckham, To understand more about your setup, Is it just the ghcr.io that you will not be able to access from your cluster ?

Have you been using other images from their restpective gcr.io/quay.io registries in your K10 installation?

The easier way I am about to suggest is to move all the K10 used images into your private repository(You can use K10offline tool for this) and use the helm flag --set global.airgapped.repository to install/upgrade K10.

This will set the images from your private repositories in all the places K10 uses.

This process is documented very well here

If you are using jfrog artifactory, it is easier (Refer https://kb.kasten.io/knowledge/jfrog)

Jaiganesh
D
Userlevel 1

Hi @jaiganeshjk ,
many thanks for replying.

My environment could reach very few sites and I have already mirrored all the necessary images to my private repo but rather than set 

--set global.airgapped.repository

I have installed the helm chart by overriding every registry tag for each image in values.yaml with --set helm flag.
The K10 environment is up and running correctly but when I run a policy with kasten a namespace blueprint is created and as image tag there is ghcr.io/kanisterio/kanister-tools:0.73.0 that I cannot pull.
I took a look to kanister source code and I have seen that there is a file (e2e_test.go) that create a kind namespace blueprint with image tag hardcoded with ghcr.io/kanisterio/kanister-tools:0.73.0.

 

	// Create a simple Blueprint
	bp := &crv1alpha1.Blueprint{
		ObjectMeta: metav1.ObjectMeta{
			GenerateName: "test-blueprint-",
		},
		Actions: map[string]*crv1alpha1.BlueprintAction{
			"test": &crv1alpha1.BlueprintAction{
				Kind: "Deployment",
				Phases: []crv1alpha1.BlueprintPhase{
					crv1alpha1.BlueprintPhase{
						Func: function.KubeTaskFuncName,
						Name: "test-kube-task",
						Args: map[string]interface{}{
							"image":     "ghcr.io/kanisterio/kanister-tools:0.73.0",
							"namespace": "{{ .Deployment.Namespace }}",
							"command":   []string{"echo", "default specs"},
							"podOverride": map[string]interface{}{
								"containers": []map[string]interface{}{
									{
										"name":            "container",
										"imagePullPolicy": "IfNotPresent",
									},
								},
								"dnsPolicy": "Default",
							},
						},
					},
				},
			},
		},
	}

By the moment I cannot reach ghcr.io I’m wondering if there is a way to override this value in kanister operator so when the policy is executed the image tag will be overridden with my repo address (and I can pull the image).

Many thanks:grinning:

jaiganeshjk
Userlevel 6
Badge +2

There is a way to do it. It involves a bit of manual work.

All of these are usually done by the --set global.airgapped.repository helm value.

You might have to add the below entry in the k10-config configMap in kasten-io namespace.

  overwriteKanisterTools: kasten-k10.jfrog.io/kasten-images/kanister-tools:k10-0.73.0

And then add this value from the configMap as an environment variable in executor and kanister pods.

          - name: KANISTER_TOOLS
            valueFrom:
              configMapKeyRef:
                name: k10-config
                key: overwriteKanisterTools

 

Note: Changes mentioned above are not persistent. These will be discarded if you are doing an upgrade to a newer version of K10. I will see if we can add this as a seperate helm value when just the kanister-tools image needs to be changed.

Jaiganesh
D
Userlevel 1

Hi @jaiganeshjk,

I have installed K10 application by using --set global.airgapped.repository and when I perform backups all is ok but when I try to restore one application, the restore-data- pods tries to pull kanisterio/kanister-tools image from ghcr.io.
This to me seems very strange by the moment I installed K10 with global.airgapped.repository value, how I can overwrite this value with my private repo?

Many thanks 

D
Userlevel 1

Hi @jaiganeshjk 

The previous comment refers to the situation where I try to restore one application by clicking the restore button on application card in Applications section in dashboard.
If I try to run a Import policy the data-mover- pods try to pull images from the correct repository but I get the following error

 

cause:
  cause:
    message: "[POST /artifacts:getOrAdd][409] getOrAddArtifactConflict  &{Message:}"
  fields:
    - name: artifactID
      value: 786e610c-9009-11ec-a355-163d2f50013c
  file: kasten.io/k10/kio/exec/phases/phase/migrate.go:720
  function: kasten.io/k10/kio/exec/phases/phase.(*migrateReceivePhase).importArtifact
  linenumber: 720
  message: failed to import Manifest artifact
message: Job failed to be executed
fields: []

I use on prem minIO as object storage and the snapshot exportation (through the execution of backup policy) works fine.
How this is possible?

 

Many thanks!

Comment


Terms & Conditions