Ververica Platform Docker Images

For convenience, Ververica hosts a public Docker registry that contains images of all Ververica Platform components. You can either use this registry directly or host the images yourself in a private registry. Please find more details for both options below.

Ververica Platform Public Registry

The registry is hosted at registry.ververica.com, and the images of a particular Ververica Platform version are published under the specific version prefix.

For Ververica Platform 2.2 the following images are available and needed to run Ververica Platform.

Repository Tag Additional Tags
v2.3/vvp-appmanager 2.3.1  
v2.3/vvp-artifact-fetcher 2.3.1  
v2.3/vvp-gateway 2.3.1  
v2.3/vvp-result-fetcher-service 2.3.1  
v2.3/vvp-ui 2.3.1  
v2.3/flink 1.9.3-stream2-scala_2.11  
v2.3/flink 1.9.3-stream2-scala_2.12 1.9, 1.9.3, 1.9.3-stream2
v2.3/flink 1.10.2-stream2-scala_2.11  
v2.3/flink 1.10.2-stream2-scala_2.12 1.10, 1.10.2, 1.10.2-stream2
v2.3/flink 1.11.2-stream2-scala_2.11  
v2.3/flink 1.11.2-stream2-scala_2.12 1.11, 1.11.2, 1.11.2-stream2
Below you can find Apache Flink® images that were previously supported in this version of Ververica Platform.

Repository Tag Additional Tags
     

Attention

The registry hosted by Ververica is provided without SLA. If you require availability guarantees, you should import the Ververica Platform images into your own registry.

Private Registry

We recommend using a private registry for all Ververica Platform images. The setup consists of two steps.

Mirroring the Images

If you wish to host the Ververica Platform images yourself, you will have to pull, re-tag, and push all of the images listed above.

Below is a snippet demonstrating this for one of the images used by Ververica Platform, just update REGISTRY and IMAGE as necessary.

$ REGISTRY=registry.acme.inc; \
    IMAGE=v2.3/vvp-appmanager:2.3.1; \
    docker pull registry.ververica.com/${IMAGE} && \
    docker tag registry.ververica.com/${IMAGE} ${REGISTRY}/${IMAGE} && \
    docker push ${REGISTRY}/${IMAGE}

Note

These snippets are provided as examples, and may need to be adapted for your particular operating system/environment.

If you’re using a private registry that has restricted network access, you may need to be able to fetch the images, move them, and then load them into the target registry. Below is a simple recipe which builds on the one above to accomplish this.

$ REGISTRY=registry.acme.inc; \
    IMAGE=v2.3/vvp-appmanager:2.3.1; \
    ARCHIVE=$(echo ${IMAGE} | sed -e 's/.*\///g' -e 's/:/-/g').tar.gz; \
    docker pull registry.ververica.com/${IMAGE} && \
    docker tag registry.ververica.com/${IMAGE} ${REGISTRY}/${IMAGE} && \
    docker save ${REGISTRY}/${IMAGE} | gzip > ${ARCHIVE}

$ REGISTRY=registry.acme.inc; \
    IMAGE=v2.3/vvp-appmanager:2.3.1; \
    ARCHIVE=$(echo ${IMAGE} | sed -e 's/.*\///g' -e 's/:/-/g').tar.gz; \
    gunzip -c ${ARCHIVE} | docker load && \
    docker push ${REGISTRY}/${IMAGE}

Note

These snippets are provided as examples, and may need to be adapted for your particular operating system/environment.

Configuring the Helm Chart

To configure Ververica Platform to use your registry you point vvp.registry in your Helm values file to your private registry.

vvp:
  registry: registry.acme.inc/vvp

If your private Docker registry requires authentication from within Kubernetes, you first need to create a Kubernetes Secret containing credentials for your registry in every Kubernetes namespace that the platform uses, i.e. the platform’s namespace and all namespaces listed under rbac.additionalNamespaces.

Second, you need to configure Ververica Platform as well as your Deployments to use this secret as an imagePullSecret for all pods:

  • The Kubernetes service account used by Ververica Platform needs to use your secret as an imagePullSecret. If you let helm create the service account for you (rbac.create: true), this done by setting rbac.imagePullSecret. If you pass a service account during installation with helm (rbac.serviceAccountName: <existing-service-acount>) this service account needs to use your secret, too.
  • For every Apache Flink® Deployment configure your secret as an image pull secret as described in Image Pull Secrets. In order to use this secret as a default for all Deployments, you can use Global Deployment Defaults.