Extracting Images from tar files and pushing into private registry

The Fabric Docker images will no longer be accessible to the public. Instead, compressed images can be obtained from the designated download site for deployment purposes.

Follow these steps to download and extract Docker images from compressed form:

  1. Download the Docker Image: Download the compressed Docker image files from the Temenos download site. The image file will be in the form of a tarball (<image-name>.tar.gz).

    Following are the list of tar files required for Fabric deployment:

    • kony-fabric-integration_<fabric-version>.tar.gz

    • kony-fabric-identity_<fabric-version>.tar.gz

    • kony-fabric-engagement_<fabric-version>.tar.gz

    • kony-fabric-console_<fabric-version>.tar.gz

    • kony-fabric-apiportal_<fabric-version>.tar.gz

    • kony-fabric-db_<fabric-version>.tar.gz

  2. Verify the checksum of the downloaded file: Verify the Message Digest Algorithm 5(.md5)checksum of the downloaded file by following the steps:

    To retrieve the MD5 hash value of a downloaded file, use the following command depending on your operating system:

    • Windows: Open the command prompt, navigate to the file's folder, and type certutil -hashfile <tar_file> MD5.

    • Linux: Open the terminal and type md5sum DOWNLOADED_FILE

    • OSX: Open the terminal and type md5 DOWNLOADED_FILE

    After obtaining the MD5 checksum, you can verify the file's integrity by comparing it with the MD5 hash value provided in the download site for the tar archive.

  3. Load the Docker Image: Once the tarball is downloaded, load the Docker image into your local Docker repository using the following command:

     docker load < <image-name>.tar.gz

    This command will extract the image and add it to your local Docker repository.

  4. Verify the Image: After loading the image, verify its availability by listing all the Docker images:

    docker images

    The newly loaded image should appear in the output list.

    NOTE: If you are using a local Kubernetes deployment and don't want to push the images to a private registry, ensure that the images are available in the local registry of each worker node.

  1. Tag the Image for Pushing to a Private Registry: If you wish to push the image to a private Docker registry, first tag it using the following command:

     docker tag <image-name>:<tag> <registry>/<repository>:<tag>

    • <image-name>: The name of the Docker image.

    • <tag>: The image version or tag (e.g., 202410.0.0_GA, 9.7.1.32_GA).

    • <registry>: The URL or address of your private Docker registry.

    • <repository>: The repository or project name within the registry.

    Example: If the container registry is an Azure Container Registry with the name konyfabric.azurecr.io and the repository path is konyfabric/kony-fabric-db, the image should be tagged as follows:

     docker tag konyfabric/kony-fabric-db:9.7.1.31_GA konyfabric.azurecr.io/konyfabric/kony-fabric-db:9.7.1.31_GA

  1. Login to the Registry: Before pushing the image to the registry, authenticate docker to the registry using following command based on the type of registry being used:

    1. Docker Hub Registry/ Openshift Container Registry(OCR) - docker login <registry>

      You will be prompted to provide your username and password for the registry.

    2. Azure Container Registry – az acr login -n <registry-name> (or) docker login <registry>

      You will be prompted to provide the username and password. If you are the admin user then you can use registry’s admin username else provide the service principle ID as username if using service principle to authenticate.

    3. Amazon ECR - aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com

  1. Push the Image to the Private Registry: After logging in and tagging the image, push it to the private repository:

     docker push <registry>/<repository>:<tag>

    Example: docker push konyfabric.azurecr.io/konyfabric/kony-fabric-db:9.7.1.28_GA

  1. Create a Docker Registry Pull Secret in Kubernetes/Openshift: If you're using a private registry with Kubernetes, create a Docker registry pull secret using the following kubectl command:

     kubectl create secret docker-registry <secret-name> \
--docker-server=<registry_server> \
--docker-username=<username> \
--docker-password=<password> \
--docker-email=<email>

    • <secret-name>: The name of the Kubernetes secret.

    • <registry_server>: The Docker registry URL.

    • <username>: Your Docker registry username.

    • <password>: The password or token for the registry.

    • <email>: Your email address (optional).

      Replace kubectl with oc to create a secret in Openshift.

  1. Modify the Deployment or Pod YAML File: Update your deployment or pod YAML file to include the imagePullSecrets field, which references the created secret follows:

    • spec
       imagePullSecrets:

      - name: <secret-name>

      - name: kony-fabric-db

         image: konyfabric/kony-fabric-db:9.7.1.28_GA

         imagePullPolicy: IfNotPresent