Skip to content

Punch Images

The following Punch images are required :

  • Punchline operator + cert-manager images.
  • REST Artifacts Server + resourcectl images.

The Punchline images have to be chosen depending on your use cases :

  • Stormline (stream)
  • Sparkline (batch)
  • Flinkline (stream & batch)

Additional Punch images provide optional Punch features:

  • Data injector
  • Extraction
  • Feedback UI
  • etc...

The Punch images are available in the Thales Digital Artifactory.

Tip

If external to Thales, get in touch with us to obtain access to Thales Digital Artifactory.

Online Mode

The online mode requires that your target cluster has access to the Thales Digital Artifactory.

First, you must generate the correct $HOME/.docker/config.json, which contains the required credentials for Thales Digital Artifactory :

  1. Connect to Thales Digital Artifactory.
  2. Go to your profile / Edit Profile.
  3. Generate an API Key token and keep it somewhere safe.
    docker login artifactory.thalesdigital.io
    
  4. Log in using your username, and the previous token as password
  5. Check that you have a $HOME/.docker/config.json generated.

Tip

Ask the Punch Team (contact@punchplatform.com) for a read-only token if you do not have a personal account.

Then, you need to set up the Kubernetes secrets based on this $HOME/.docker/config.json. With this secrets, your cluster will be able to fetch Punch images during Punch deployment. Refer to the Pull an Image from a Private Registry kubernetes documentation to understand the basics.

Typically, you create that secret by executing the following command:

kubectl create secret generic admin-secret \
        --from-file=.dockerconfigjson=$HOME/.docker/config.json \
        --type=kubernetes.io/dockerconfigjson \
        --namespace <namespace>

Warning

If a config.json was already present it might already contain credentials. Make sure you are prompted with a password instead of reusing an old credentials.

Warning

Once done, you do not need the $HOME/.docker/config.json file anymore. Your Kubernetes cluster is no ready to directly download the images on its own. It is better and safer to remove it.

Offline mode

If your Kubernetes cluster does not have access to the image registry :

  1. Download the Punch images onto a laptop with internet access.
  2. Transfer the Punch Console with Punch images to the offline platform.
  3. Load the Punch images in an offline registry.

1. Download the Punch images onto a laptop with internet access.

Tip

To download Punch images, you only need to have a laptop with an internet access. You do not need to install Punch Console. Just unzip it.

The ./components/images folder contains a resources.txt file with the Punch and the External images links for your platform :

# This file lists the images that should be downloaded with
# resources-helper.sh script.

# Punch Images

## Operator (mandatory)
artifactory.thalesdigital.io/private-docker-punch/product/pp-punch/operator:1.0.2
quay.io/jetstack/cert-manager-controller:v1.4.0
quay.io/jetstack/cert-manager-webhook:v1.4.0
quay.io/jetstack/cert-manager-cainjector:v1.4.0

## Artifacts Server (mandatory)
artifactory.thalesdigital.io/private-docker-punch/product/pp-punch/artifacts-server:7.0.1-SNAPSHOT
artifactory.thalesdigital.io/private-docker-punch/product/pp-punch/resourcectl:7.0.1-SNAPSHOT

## Stormline (optional)
artifactory.thalesdigital.io/private-docker-punch/product/pp-punch/stormline:7.0.1-SNAPSHOT

## Stormline (optional)
artifactory.thalesdigital.io/private-docker-punch/product/pp-punch/sparkline:7.0.1-SNAPSHOT

## Injector (optional)
artifactory.thalesdigital.io/private-docker-punch/product/pp-punch/injector:7.0.1-SNAPSHOT

## Archive Housekeeping (optional)
artifactory.thalesdigital.io/private-docker-punch/product/pp-punch/archive-housekeeping:7.0.1-SNAPSHOT

## External Images (optional)
docker.io/curlimages/curl:latest

Note that you can remove the images you do not plan to use. You can also add images that you may need such as curl.

To download the images locally execute:

./bin/resources-helper.sh download --components=images \
   --from . \
   --to ./components/images

All the images will be downloaded in ./components/images folder as tarballs. As an example:

.
├── curlimages
│   └── curl-latest.tar
├── jetstack
│   ├── cert-manager-cainjector-v1.4.0.tar
│   ├── cert-manager-controller-v1.4.0.tar
│   └── cert-manager-webhook-v1.4.0.tar
├── private-docker-punch
│   └── product
│       └── pp-punch
│           ├── archive-housekeeping-7.0.1-SNAPSHOT.tar
│           ├── elastalert-7.0.1-SNAPSHOT.tar
│           ├── flinkline-7.0.1-SNAPSHOT.tar
│           ├── gateway-7.0.1-SNAPSHOT.tar
│           ├── injector-7.0.1-SNAPSHOT.tar
│           ├── punch-operator-1.0.2.tar
│           ├── resourcectl-7.0.1-SNAPSHOT.tar
│           ├── sparkline-7.0.1-SNAPSHOT.tar
│           └── stormline-7.0.1-SNAPSHOT.tar

2. Transfer the Punch Console with Punch images to the offline platform.

Transfer Punch Console to the server with access to your Kubernetes cluster :

# On your laptop
zip -r punch-console.zip $PUNCHPLATFORM_CONSOLE_DIR -d 
scp punch-console.zip <operation-node>:/opt/punch

Install the Punch Console to setup the environment for your server :

# On your server with access to your Kubernetes cluster
unzip /opt/punch/punch-console.zip
bash /opt/punch/punch-console-*/install.sh
source /opt/punch/punch-console-*/activate.sh

3. Load the Punch images in an offline registry.

Load the Punch images in an offline registry :

# On your server with access to your Kubernetes cluster
load-images.sh --kube-host <kube_master> \
                --registry <kube_registry>:30005 \
                --source-dir $PUNCHPLATFORM_CONSOLE_DIR/components/images

If you use the KAST offline registry the command is:

# On your server with access to your Kubernetes cluster
load-images.sh --kube-host master0 \
                --registry kast-registry:30005 \
                --source-dir $PUNCHPLATFORM_CONSOLE_DIR/components/images

You can check that the images exist in the registry by running :

ssh -A <sudoeruser>@<kube_master> sudo ctr -n=k8s.io images ls | grep punch