Your Cloud, Your Rules: Ververica's Bring Your Own Cloud Deployment

Read now

Start for Free
Request a Trial

How do I use Images stored in a Google Artifact Registry (GAR) for my Ververica platform Installation or deployments, regardless of VVP Cluster Location?

Question

How to Configure Ververica Platform to Pull VVP and Flink Images from Google Artifact Registry (GAR) for your VVP installation and Job Deployments.

Answer

Assuming your Ververica Platform and/or Flink images are stored in Google Cloud Artifact Registry (GAR), this guide explains how to configure VVP to pull those images during platform installation and/or when running Flink deployments. These set of instructions apply regardless of where VVP is hosted (e.g. different GCP project, other cloud provider like AWS, or on-premise environment). The overall approach is to create a set of credentials and use them in your deployment yaml. Here are the detailed steps:

Create a service account in GCP and give it GAR Reader permissions

Generate a JSON key from that service account:

gcloud iam service-accounts keys create gar-key.json --iam-account <SERVICE-ACCOUNT-EMAIL>

Generate a Docker config entry from the json key file

cat gar-key.json | docker login -u _json_key --password-stdin <REGISTRY-REGION>

Note: Example registry region - https://eu.gcr.io

Confirm the docker config file contains the key

cat ~/.docker/config.json

You should see a similar entry:

{
  "auths": {
    "eu.gcr.io": {
       "auth": "X2pzb25fa2V5OnsKICAidHlwZSI6ICJzZ..."
     }
   }
}

Create a Kubernetes Secret in the Deployment Target namespace -> This is where your deployment pods are created

kubectl create secret generic <SECRET-NAME> --from-file=.dockerconfigjson=$HOME/.docker/config.json --type=kubernetes.io/dockerconfigjson --namespace=<TARGET-NAMESPACE>

For VVP installation, reference the secret in your values file you use when installing/upgrading VVP:

rbac:
  imagePullSecret: <SECRET-NAME>

For Flink Deployment creation, reference the secret in your Ververica deployment yaml:

spec:
  template:
    spec:
      kubernetes:
        pods:
          imagePullSecrets:
            - name: <SECRET-NAME>
kind: Deployment
spec:
  template:
    spec:
      kubernetes:
        jobManagerPodTemplate:
          spec:
            imagePullSecrets:
            - name: <SECRET-NAME>
        taskManagerPodTemplate:
          spec:
            imagePullSecrets:
            - name: <SECRET-NAME>