Trusted Container Registry
While installing the Styra DAS system on the Kubernetes cluster, check if your cluster has access to the Docker hub registry in order to pull the required images (openpolicyagent/opa, styra/styra-local-plane, and styra/datasources-agent) for installation. If your cluster does not have access to the public container registry, then use a private Docker registry to configure it as a trusted container registry in the system's settings located in your WORKSPACE >> SYSTEMS >> Settings tab.
Configure the Trusted Container Registry
To configure the trusted container registry for Kubernetes systems:
-
Navigate to your Kubernetes system by selecting your WORKSPACE >> SYSTEMS >> Settings tab >> Install dialog and click on one of the installation methods (
kubectl,helm,helm3, orkustomize). -
Scroll down and click on the Edit deployment environment button.
-
Update the Trusted container registry field with the private registry URL (
$REGISTRY_URL). -
Pull the Docker images from the Docket hub.
-
Push the Docker images to the private container registry and run the following commands:
IMAGES=(styra/styra-local-plane:0.4.1 openpolicyagent/opa:0.34.2 styra/datasources-agent:1.2.0)
export REGISTRY_URL=<Your Private Registry URL>
for IMAGE in "${IMAGES[@]}"
do
docker pull $IMAGE
docker tag $IMAGE $REGISTRY_URL/$IMAGE
docker push $REGISTRY_URL/$IMAGE
echo $REGISTRY_URL/$IMAGE
done -
After the above images are pushed successfully to the private registry (
$REGISTRY_URL), run the installation commands located in the Install tab to install Styra DAS on Kubernetes.