List of Components for Air gapped Deployments - apigee/ahr GitHub Wiki
An official documentation contains list of apigee hybrid docker images you need to pull from repositories they are published in to your private docker repository.
https://cloud.google.com/apigee/docs/hybrid/v1.3/signed-docker-images
As cert-manager and ASM is now pre-requisites and need to be configured as part of the installation, naturally, their images are required as well. This page contains comprehensive list of all required images.
We also provide here more detailed examples of docker pull/tag/push commands, as well as kubectl command sample to fetch list of used images.
$ kubectl get pods -ncert-manager -o jsonpath="{.items[*].spec.containers[*].image}" | tr " " "\n" && echo ""
quay.io/jetstack/cert-manager-controller:v0.14.2
quay.io/jetstack/cert-manager-cainjector:v0.14.2
quay.io/jetstack/cert-manager-webhook:v0.14.2
$ kubectl get pods -nistio-system -o jsonpath="{.items[*].spec.containers[*].image}" | tr " " "\n" && echo ""
gcr.io/gke-release/asm/proxyv2:1.5.4-asm.2
gcr.io/gke-release/asm/pilot:1.5.4-asm.2
gcr.io/gke-release/asm/pilot:1.5.4-asm.2
gcr.io/gke-release/asm/stackdriver-prometheus-sidecar:1.5.4-asm.2
gcr.io/gke-release/asm/prometheus:1.5.4-asm.2
$ kubectl get pods -napigee-system -o jsonpath="{.items[*].spec.containers[*].image}" | tr " " "\n" && echo ""
google/apigee-kube-rbac-proxy:v0.4.1
google/apigee-operators:1.3.2
google/apigee-installer:1.3.2
google/apigee-installer:1.3.2
$ kubectl get pods -napigee -o jsonpath="{.items[*].spec.containers[*].image}" | tr " " "\n" && echo ""
google/apigee-hybrid-cassandra:1.3.2
google/apigee-mart-server:1.3.2
google/apigee-hybrid-cassandra-client:1.3.2
google/apigee-connect-agent:1.3.2
google/apigee-authn-authz:1.3.2
google/apigee-mart-server:1.3.2
google/apigee-prom-prometheus:v2.9.2
google/apigee-stackdriver-prometheus-sidecar:0.7.5
google/apigee-prom-prometheus:v2.9.2
google/apigee-prom-prometheus:v2.9.2
google/apigee-stackdriver-prometheus-sidecar:0.7.5
google/apigee-runtime:1.3.2
google/apigee-authn-authz:1.3.2
google/apigee-synchronizer:1.3.2
google/apigee-authn-authz:1.3.2
google/apigee-stackdriver-logging-agent:1.6.8
google/apigee-udca:1.3.2
google/apigee-watcher:1.3.2
Typical triad of docker commands to move an image from public to private repository
export PRIVATEPROJECT=<private-project-id-for-container-repository>
# URI syntax: docker pull [HOSTNAME]/[PROJECT-ID]/[IMAGE]:[TAG]
docker pull google/apigee-runtime:1.3.2
docker tag google/apigee-runtime:1.3.2 gcr.io/$PRIVATEPROJECT/apigee-runtime:1.3.2
gcloud docker -- push gcr.io/$PRIVATEPROJECT/apigee-runtime:1.3.2
If your private container repository requires image secret configuration, here is a stanza you need to add to your $HYBRID_CONFIG yaml file
imagePullSecrets:
- name: gcrsecret
Upload gcr-reader key .json as a gcrsecret.json
TODO: proofread
kubectl create secret docker-registry gcrsecret -n apigee --docker-server=https://gcr.io --docker-username=_json_key --docker-email=gcr-reader@emea-cs-hybrid-demo2.iam.gserviceaccount.com --docker-password="$(cat ./service-accounts/gcrsecret.json)"
kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)