Background
SaaS applications are bundled as images and deployed by spinning containers from these stored images. Large enterprises have a customised DevOps environment with applications that are rolled out by integrating images from multiple sources and deployed by using services provided by different vendors. Public image repositories pose a great amount of security risk and the damages can be exponential if exploited.
To address the enterprise-level security risks, more organizations prefer having their own private repository to host their images. This gives them the flexibility to customize access management, overcome restrictions in the number of pulls/pushes, data transfer limits, have their own governance policies for signing, security and vulnerability assessments, hosting and replication strategies, reduce the network latency etc.
Using Quay to create a container registry
What follows are the steps to create a container registry by using Quay and configuring the Instana installer to read the required images during installation from the Quay container.
Red Hat Quay
A distributed and highly available container image registry for your enterprise, which provides secure storage, distribution, governance of containers and cloud-native artefacts on any infrastructure. It is available as a standalone component or running on top of Red Hat OpenShift. More details on Quay are available at https://www.redhat.com/en/technologies/cloud-computing/quay
Set up the Quay container registry by following the instructions at https://docs.projectquay.io/deploy_quay.html
IBM Instana
By using IBM® Instana Observability, enterprises can combine APM with automation capabilities and distributed tracing to deploy on premises or as a SaaS solution. This helps Improve application performance management and accelerate CI/CD pipelines, no matter where applications reside in public cloud, private cloud, hybrid cloud, on premises, IBM Z® or anywhere else.
For more information about Instana, see https://www.ibm.com/in-en/products/instana
On-premises Installation of Instana by using Quay container image registry
The Instana SaaS on-premises installation allows you to have the required images hosted on your secured internal repository. The illustration below demonstrates one way of creating and moving the required installation images to the Quay container registry and using it for Air-gapped installation on a target host. Let’s assume that your Quay registry is accessible through the url - https://9.30.122.42/ and your admin account is ready. The overall process is shown in Figure 1:
Steps to move the required Installation images to the Quay repository
-
Set up a machine with Docker and Internet access enabled.
-
Access the installation requirements document at https://www.ibm.com/docs/en/instana-observability/current?topic=premises-installing-instana-backend-docker
-
Perform the first step in the Installing the Instana package section of the documentation as shown in Figure 2:
After you complete these steps, you have the Instana-console that is required for installation in the system.
-
Export the image tar file by using the following command:
```
instana images export -k ${agent_key}
Then, you can see a export-{version}.tar file in the current directory.
-
Import the exported image tar file into the container by running the following command:
instana images import -f /path/to/{export-version.tar}
Where {export-version.tar} is the exported file.
-
To confirm whether your import is successful by running the command docker images on the terminal, which will list the imported images as shown in the following Figure 3:
-
Log in to your custom registry (Quay) from the terminal by using the following command (assume that https://9.30.122.42/ is your container registry URL)
```
-
Create an organization by name Instana in your container image registry. To do this, open your browser and access https://9.30.122.42/. Click Create New Organization to get a screen as shown in the following Figure 4, enter “instana” as the name, and then click Create organization.
-
Go back to your terminal, and tag the required Instana images for installation to the new repository by running the following command:
```
If the command is executed correctly, you can see all the Instana images that are tagged to the new repository by running the command docker images on the terminal. Then, you can see the list, as in Figure 5.
-
You need to push the images to the new repository by using the docker push command for each of the new images that need to go into your custom container registry. See Figure 6:
After you complete the steps, you can see the images in your Quay repository. This can be confirmed by browsing through the repositories for the Instana organization as shown in Figure 7.
-
The process has enabled you to move the required Instana images to the custom registry.
-
Start with the Instana installation as documented in https://www.ibm.com/docs/en/instana-observability/current?topic=premises-installing-instana-backend-docker
-
After you run the instana init command, you can see that a settings.hcl file is created. Open the file in your preferred editor, and update the repository location from where you want the installation images to be pulled from as shown in Figure 8:
Figure 8
-
Complete the steps and the required configurations to complete the installation.
Instana is loaded with features to enable you monitor your infrastructure and applications. For more information on how you want to use Instana, see https://www.ibm.com/docs/en/instana-observability/current?topic=using-instana
Now, Happy Application Monitoring.