Upload Cluster Images to Registry with Palette Edge CLI
Palette Edge allows you to deploy a cluster using an external private registry. When you deploy a cluster using an external registry, all images required by the cluster are expected to be in the registry before deployment starts.
It can be error-prone to upload the images manually one by one. Therefore, we recommend you use the Palette Edge CLI to download the images and upload them to the external registry.
Prerequisites
-
Linux Machine (Physical or VM) with an AMD64 architecture.
-
Palette API key. Refer to the User Authentication resource to learn how to create a Palette API key.
-
An Edge Native cluster profile. Refer to Create Edge Native Cluster Profile guide to learn how to create an Edge Native cluster profile. You may also have other add-on profiles that you wish to attach to your cluster.
-
Content tags in your profiles highlight the exact location of container images to be downloaded.
Upload Cluster Images to Registry
-
Download Palette Edge Content CLI and assign the executable bit to the CLI.
VERSION=4.3.0
wget https://software.spectrocloud.com/stylus/v$VERSION/cli/linux/palette-edge
chmod +x palette-edge -
Log in to Palette.
-
Select the project you want to deploy the Edge host to and copy down the Project ID. You can find the project id at the top right side corner of the landing page below the User drop-down Menu.
-
Navigate to the left Main Menu and select Profiles.
-
Click on the cluster profile you want to include in the content bundle.
-
You can find the cluster profile ID by reviewing the URL of the current page. The cluster profile ID is the last value in the URL. Repeat this step for all the cluster profiles whose images you want to include in the content bundle.
-
If you are downloading images from public image or Helm registries only, skip this step.
Prepare a JSON file that includes the credentials to your image or Helm registries.
- Helm
- Image
For authenticated access to Helm charts, your must provide credentials with the following schema. Use a key at the root level of the JSON object named "helm" and set its value to a list. The list is a list of credentials for each Helm chart repository. For each set of credentials, use an object in the list with the keys "endpoint", "username", and "password".
{
"helm": [
{
"endpoint": <Registry URL>,
"username": <Registry username>,
"password": <Password>
}
]
}For example, the following JSON code is a valid set of credentials.
{
"helm": [
{
"endpoint": "harbor.abcd.com",
"username": "admin",
"password": "xxxxxxxx"
}
]
}For image registries, you must provide credentials with the following schema. Provide a key at the root level of the JSON object named "image" and set its value to a list. The list is a list of credentials for each Helm chart repository. For each set of credentials, use an object in the list with the keys "endpoint", "username", and "password".
{
"image": [
{
"endpoint": <Registry URL>,
"username": <Registry username>,
"password": <Password>
}
]
}For example, the following JSON code provides access to two registries
ttl.sh
anddocker.io
with two username-password pairs.{
"image": [
{
"endpoint": "ttl.sh",
"username": "admin",
"password": "Welc0me!123"
},
{
"endpoint": "docker.io",
"username": "akhileshpvt",
"password": "Lucent122333!"
}
]
}For Google Container Registry (GCR) access, you need to set the username field to
"_json_key"
and set the password to an JSON object containing the following fields.Field Description type
The type of credential, which is service_account
for Google Cloud service accounts.project_id
The project ID associated with your Google Cloud project. For example, spectro-images
.private_key_id
A unique identifier for the private key associated with the service account. private_key
The private key that is used to authenticate to Google Cloud services, encapsulated in a PEM block. client_email
The email address associated with the service account, used for authentication. client_id
The client ID associated with the service account. auth_uri
The URI for the authentication provider, typically Google's OAuth 2.0 server. token_uri
The URI for obtaining tokens from Google's OAuth 2.0 server. auth_provider_x509_cert_url
The URL of the public x509 certificate for the authentication provider. client_x509_cert_url
The URL of the public x509 certificate for the client (service account). For example, the following is a valid set of credentials for a GCR registry.
{
"image": [
{
"endpoint": "gcr.io",
"username": "_json_key",
"password": {
"type": "service_account",
"project_id": "spectro-images",
"private_key_id": "847c09190xxxxxxxxxxxxc4ebc",
"private_key": "-----BEGIN KEY-----MIIEvQIBADA ... -----Shortened for brevity",
"client_email": "xxx.iam.gserviceaccount.com",
"client_id": "115830xxxxxxx340453",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/spectro-images-viewer%40spectro-images.iam.gserviceaccount.com"
}
}
]
} -
Issue the following command to download the images as a content bundle. The command produces a ZST file as output. Replace the
******
after the--api-key
flag with your Palette API key. Replaceproject-ID
with the ID of your project in Palette, andprofile-ID
with the ID of your profile../palette-edge build --api-key ****** --project-id project-ID --cluster-profile-ids profile-ID \
--outfile output-file-name --cred-file-path registry-creds.json --include-palette-content -
Issue the following command to upload the images to the external registry. Replace
path-to-content-bundle
with the path to the content bundle you downloaded in the previous step. Replaceregistry-URL
with the URL of your external registry. Replaceusername
and******
with the username and password used to access the external registry../palette-edge-cli deploy --export path-to-content-bundle --registry registry-URL \
--username username --password ******
Validate
Go to your external registry and verify that all the images referenced in the cluster profile are uploaded to the external registry.