diff --git a/content/influxdb/clustered/install/configure-cluster.md b/content/influxdb/clustered/install/configure-cluster.md index 29a223676..7965b21fd 100644 --- a/content/influxdb/clustered/install/configure-cluster.md +++ b/content/influxdb/clustered/install/configure-cluster.md @@ -135,8 +135,59 @@ There are two main scenarios: - You run in an environment with no network interfaces ("air-gapped") and you can only access a private container registry. -In both scenarios, you need a valid container registry secret file. -Use [crane](https://github.com/google/go-containerregistry/tree/main/cmd/crane) to create a container registry secret file. +In both scenarios, you need a valid pull secret. + + +{{< tabs-wrapper >}} +{{% tabs %}} +[Public registry (non-air-gapped)](#) +[Private registry (air-gapped)](#) +{{% /tabs %}} + +{{% tab-content %}} + + + +#### Public registry (non-air-gapped) + +To pull from the InfluxData registry, you need to create a Kubernetes secret in the target namespace. + +```sh +kubectl create secret docker-registry gar-docker-secret \ + --from-file=.dockerconfigjson=influxdb-docker-config.json \ + --namespace influxdb +``` + +If successful, the output is the following: + +```text +secret/gar-docker-secret created +``` + +By default, this secret is named `gar-docker-secret`. +If you change the name of this secret, you must also change the value of the +`imagePullSecret` field in the `AppInstance` custom resource to match. + + + +{{% /tab-content %}} +{{% tab-content %}} + + + +#### Private registry (air-gapped) + +If your Kubernetes cluster can't use a public network to download container images +from our container registry, do the following: + +1. Copy the images from the InfluxDB registry to your own private registry. +2. Configure your `AppInstance` resource with a reference to your private + registry name. +3. Provide credentials to your private registry. + +##### Copy the images + +We recommend using [crane](https://github.com/google/go-containerregistry/tree/main/cmd/crane) to copy images into your private registry. 1. [Install crane](https://github.com/google/go-containerregistry/tree/main/cmd/crane#installation) 2. Use the following command to create a container registry secret file and @@ -200,53 +251,6 @@ If there’s a problem with the Docker configuration, crane won't retrieve the m Error: fetching manifest us-docker.pkg.dev/influxdb2-artifacts/clustered/influxdb:: GET https://us-docker.pkg.dev/v2/token?scope=repository%3Ainfluxdb2-artifacts%2Fclustered%2Finfluxdb%3Apull&service=: DENIED: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/influxdb2-artifacts/locations/us/repositories/clustered" (or it may not exist) ``` -{{< tabs-wrapper >}} -{{% tabs %}} -[Public registry (non-air-gapped)](#) -[Private registry (air-gapped)](#) -{{% /tabs %}} - -{{% tab-content %}} - - - -#### Public registry (non-air-gapped) - -To pull from the InfluxData registry, you need to create a Kubernetes secret in the target namespace. - -```sh -kubectl create secret docker-registry gar-docker-secret \ - --from-file=.dockerconfigjson=influxdb-docker-config.json \ - --namespace influxdb -``` - -If successful, the output is the following: - -```text -secret/gar-docker-secret created -``` - -By default, this secret is named `gar-docker-secret`. -If you change the name of this secret, you must also change the value of the -`imagePullSecret` field in the `AppInstance` custom resource to match. - - - -{{% /tab-content %}} -{{% tab-content %}} - - - -#### Private registry (air-gapped) - -If your Kubernetes cluster can't use a public network to download container images -from our container registry, do the following: - -1. Copy the images from the InfluxDB registry to your own private registry. -2. Configure your `AppInstance` resource with a reference to your private - registry name. -3. Provide credentials to your private registry. - The list of images that you need to copy is included in the package metadata. You can obtain it with any standard OCI image inspection tool. For example: @@ -291,6 +295,8 @@ myregistry.mydomain.io --- +##### Configure your AppInstance + Set the `.spec.package.spec.images.registryOverride` field in `myinfluxdb.yml` to the location of your private registry--for example: @@ -309,6 +315,25 @@ spec: {{% /code-placeholders %}} + +##### Provide credentials to your private registry + +If your private container registry requires pull secrets to access images, you can create the required kubernetes secrets, and then configure them in your AppInstance resource. + +{{% code-placeholders "PULL_SECRET_NAME" %}} + +```yml +apiVersion: kubecfg.dev/v1alpha1 +kind: AppInstance +# ... +spec: + imagePullSecrets: + - name: PULL_SECRET_NAME +``` + +{{% /code-placeholders %}} + + {{% /tab-content %}}