How to Configure Ververica Platform to Pull VVP and Flink Images from Google Artifact Registry (GAR) for your VVP installation and Job Deployments.
Assuming your Ververica Platform and/or Flink images are stored in Google Cloud Artifact Registry (GAR), this guide explains how to configure VVP to pull those images during platform installation and/or when running Flink deployments. These set of instructions apply regardless of where VVP is hosted (e.g. different GCP project, other cloud provider like AWS, or on-premise environment). The overall approach is to create a set of credentials and use them in your deployment yaml. Here are the detailed steps:
Create a service account in GCP and give it GAR Reader permissions
Generate a JSON key from that service account:
gcloud iam service-accounts keys create gar-key.json --iam-account <SERVICE-ACCOUNT-EMAIL>Generate a Docker config entry from the json key file
cat gar-key.json | docker login -u _json_key --password-stdin <REGISTRY-REGION>Note: Example registry region - https://eu.gcr.io
Confirm the docker config file contains the key
cat ~/.docker/config.jsonYou should see a similar entry:
{
"auths": {
"eu.gcr.io": {
"auth": "X2pzb25fa2V5OnsKICAidHlwZSI6ICJzZ..."
}
}
}Create a Kubernetes Secret in the Deployment Target namespace -> This is where your deployment pods are created
kubectl create secret generic <SECRET-NAME> --from-file=.dockerconfigjson=$HOME/.docker/config.json --type=kubernetes.io/dockerconfigjson --namespace=<TARGET-NAMESPACE>For VVP installation, reference the secret in your values file you use when installing/upgrading VVP:
rbac:
imagePullSecret: <SECRET-NAME>For Flink Deployment creation, reference the secret in your Ververica deployment yaml:
spec:
template:
spec:
kubernetes:
pods:
imagePullSecrets:
- name: <SECRET-NAME>kind: Deployment
spec:
template:
spec:
kubernetes:
jobManagerPodTemplate:
spec:
imagePullSecrets:
- name: <SECRET-NAME>
taskManagerPodTemplate:
spec:
imagePullSecrets:
- name: <SECRET-NAME>