Docker-Based Configuration Sources

A configuration source of type docker specifies the name, registry, Kubernetes image pull credentials, and directories to unpack for an image. The default assumption is that the image resides in the same image repository as the MATRIXX images, but an alternative repository can also be specified. You can specify access credentials or reference an existing Kubernetes secret that has those details.

Note: Docker images being used as configuration sources must be based on the matrixx-sideloader image.

Docker Configuration Source Properties describes the available configuration properties.

Table 1. Docker Configuration Source Properties
Property	Description
global.configurationSources.`name`.docker.image	The `name`, including the tag, of the Docker image. This image must be based on the `matrixx-sideloader` image.
global.configurationSources.`name`.docker.registry	(Optional) The name of the image repository where this image can be retrieved from. The default value is the default image repository for the Helm chart.
global.configurationSources.`name`.docker.imagePullPolicy	(Optional) The Kubernetes image pull policy to use when retrieving this image. Valid values are `Always`, `IfNotPresent`, or `Never`. The default value is `Always`.
global.configurationSources.`name`.docker.imagePullCredentials.secretName	(Optional) The name of the Kubernetes secret with the `.dockerconfigjson` entry for connecting to the image repository. Specify this value if `createSecret` is set to false. If `createSecret` is `true` then this can be left unspecified.
global.configurationSources.`name`.docker.imagePullCredentials.createSecret	(Optional) When set to `true`, a `kubernetes.io/dockerconfigjson` Kubernetes secret is created using `secretName`, if supplied. The username and password supplied are encoded into this secret. When set to `false`, it is assumed that the Kubernetes secret, with the name specified in `secretName`, exists in the target namespace already.
global.configurationSources.`name`.docker.imagePullCredentials.username	(Optional) If `createSecret` is `true`, this specifies the username to encode into the Kubernetes secret.
global.configurationSources.`name`.docker.imagePullCredentials.password	(Optional) If `createSecret` is `true`, this specifies the password to encode into the Kubernetes secret. This must be provided in Base64-encoded format.
global.configurationSources.`name`.docker.directoriesToUnpack	(Optional) This is a comma-separated list of directories copied to `targetDirectory` when the container is created. The default value for engine, TRA, and Network Enabler configuration is /config. The default value for the MATRIXX gateways and web apps is /opt/mtx. The default value for the pricing operator is /pricing.

The following shows example usage of images acme-rsgateway-config:2.0.1 and acme-pricing-sideloader:1.0.2 as configuration sources. One is posted to an insecure image repository, the other to a secure repository requiring specification of credentials.

global:
  configurationSources:
 
    acme-rsgateway-config:
      docker:
        image: acme-rsgateway-config:2.0.1
        registry: acme-insecure-docker-registry
       
    acme-pricing:
      docker:
        image: acme-pricing-sideloader:1.0.2
        registry: acme-docker-registry
        imagePullCredentials:
          secretName: acme-docker-registry-secret
          createSecret: true
          username: authur.dent
          password: dG93ZWxzCg==
 
  topology:
    domains:
    - subdomains:
        - id: 1
          pricing:
            configurationSource:
              refName: acme-pricing
            fileName: pricing.xml
 
rsgateway:
  configuration:
    sources:
      - refName: acme-rsgateway-config

Files are copied to the /sync directory.

Some properties of a Docker-based configuration source can be overridden at the point where it is referenced. This allows components to use a relatively general configuration source in specific ways. This can help prevent duplication of configuration information, such as credentials.

Overridable Properties describes the properties that can be made particular to a given component.

Table 2. Overridable Properties
Property	Description
image	The name, including the tag, of the Docker image. The image must be based on the `matrixx-sideloader` image.
registry	The name of the image repository from which to retrieve the image.
imagePullPolicy	The Kubernetes image Pull Policy to use when fetching the image. Allowed values are `Always`, `IfNotPresent`, or `Never`.
directoriesToUnpack	A comma-separated list of directories copied to `targetDirectory` when the Docker container is run.

The following shows example override usage. A single Docker-based configuration source placeholder-image-name has been defined at the global level. Component-specific Docker image names override placeholder-image-name to retrieve configuration files specifically relevant to each component.

global:
  configurationSources:
   
    generic-docker-config:
      docker:
        image: placeholder-image-name
        registry: acme-docker-registry
        imagePullCredentials:
          secretName: acme-docker-registry-secret
          createSecret: true
          username: authur.dent
          password: dG93ZWxzCg==
 
gateway-proxy:
  configuration:
    sources:
      - refName: generic-docker-config
        docker:
          image: acme-gateway-proxy-config:1.0.2
 
rsgateway:
  configuration:
    sources:
      - refName: generic-docker-config
        docker:
          image: acme-rsgateway-config:1.0.2