Add a Custom EDA Store Registry#

Overview#

An EDA Store Registry is a container registry that contains OCI compliant images of an App. It is where you will upload your full App content and code as a single OCI image.

The manifest.spec.image field will point to the specific App image with a specific tag for each version.

Adding a Registry to the EDA Store#

Creating a Credentials Secret#

If the registry hosting your App OCI image requires authentication, you must create a Kubernetes secret that contains the credentials to connect to the Registry git repository over HTTPS. This can be done using the following resource where you replace the data with the correct base64 encoded values.

mandatory label

The secrets used by the app catalog or app registry must have the eda.nokia.com/backup: "true" label for the EDA Store to pick them up.

YAML Resourcekubectl apply command


apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: your-creds # A unique secret name
  labels:
    eda.nokia.com/backup: "true"
data:
  username: <base64(username)> # Base64 encoded username
  password: <base64(password or token)> # Base64 encoded password/token


kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: your-creds # A unique secret name
  labels:
    eda.nokia.com/backup: "true"
data:
  username: <base64(username)> # Base64 encoded username
  password: <base64(password or token)> # Base64 encoded password/token

EOF

Make sure to give the secret a different name than the Catalog Credentials secret

Creating the Registry#

You can create your own Registry using the following resource. This uses the above created secret as authSecretRef.

YAML Resourcekubectl apply command


apiVersion: appstore.eda.nokia.com/v1
kind: Registry
metadata:
  name: your-registry # name of your registry
spec:
  remoteURL: <url-to-your-registry.com> # link to your registry
  authSecretRef: your-registry-creds # reference to valid credentials for your registry
  skipTLSVerify: {true|false}


kubectl apply -f - <<EOF
apiVersion: appstore.eda.nokia.com/v1
kind: Registry
metadata:
  name: your-registry # name of your registry
spec:
  remoteURL: <url-to-your-registry.com> # link to your registry
  authSecretRef: your-registry-creds # reference to valid credentials for your registry
  skipTLSVerify: {true|false}
EOF

Mirroring a Registry to the EDA Store#

If it is not possible to use a registry that is referenced in the manifests of a certain catalog, you can mirror that registry to a local registry and then update the Registry resource in the EDA Kubernetes cluster and update the mirrorUrl to point to the mirror hostname.

Only the hostname/FQDN will be replaced, image repositories and tags are assumed to be the same when using a mirror.

Limitations#

Using Artifactory container registry with Apps using embedded container images#

Artifactory currently doesn't support OCI compliant images with embedded container images. If you are creating an advanced App that uses its own container image, you can not use Artifactory as a registry. An alternative could be to host your own Harbor registry.

Regular MicroPython Apps do not have this limitation, for these Artifactory will work fine.