Docker and Kubernetes: Connecting to Private Artifact Registry and Pulling Images with Authentication Plugin Packages

Follow

Countly Enterprise's Docker images with Authentication Plugin packages are hosted on Google Artifact Registry. Users will require a Google-managed Service Account key in order to authenticate with Artifact Registry's private repository and get access to Docker images.

In order to generate a Service Account key, please create a support ticket requesting Docker access and our Support Team will assist with its creation.

Countly Enterprise Docker Images with Auth Plugin Packages

Please refer to the Images with Auth Plugin Packages guide to get more details regarding the Docker images provided by Countly.

Here is the list of image names:

  • ad-api - Active directory API container
  • ad-frontend - Active directory Frontend container
  • cognito-api - Cognito API container
  • cognito-frontend - Cognito Frontend container
  • ldap-api - LDAP API container
  • ldap-frontend - LDAP Frontend container
  • okta-api - OKTA API container
  • okta-frontend - OKTA Frontend container

You need to select image based on what authentication you would use

Authenticating and Pulling Images from Artifact Registry

For Kubernetes

Kubernetes uses Secrets to authenticate or store the credentials to access a Docker registry for images.
Use the steps below to create a Kubernetes Secret.

1. Fetch service account email from service account key:

cat serviceaccount.json | grep client_email  # Value used in docker-email key 

2. Create a Kubernetes Secret:

kubectl create secret docker-registry artifact-registry \
--docker-server=https://us-docker.pkg.dev \
--docker-email=<service account email address> \
--docker-username=_json_key \
--docker-password="$(cat serviceaccount.json)"

3. Verify the creation of Kubernetes Secret:

kubectl get secrets | grep artifact-registry

After generating the Docker config Secret, you can use the Secret in the Kubernetes Pod deployment file under the spec section to pull the required image, as in the example configuration below:

spec:
imagePullSecrets:
- name: artifact-registry
containers:
- name: countly-frontend
image: us-docker.pkg.dev/countly-01/auth-plugins/ad-frontend:latest
imagePullPolicy: Always

The above configuration needs to be applied to both of the deployment files, i.e., API and Frontend.

For Docker

Once users have obtained the Service Account key, they can authenticate to Artifact Registry using the command below:

cat serviceaccount.json | docker login -u _json_key --password-stdin https://us-docker.pkg.dev

After successfully authenticating with Artifact Registry, users can pull the required Auth Plugin images from the repository and use them in Docker orchestration.
The example below shows the command to pull images having Auth Plugin of Active Directory:

docker pull us-docker.pkg.dev/countly-01/auth-plugins/ad-api:latest
docker pull us-docker.pkg.dev/countly-01/auth-plugins/ad-frontend:latest
docker images

 

Looking for help?