Skip to main content

Bring your own container images

If your organization has a requirement to use a private container registry or to preform vulnerability scanning on all images running in your cluster, Conductor allows you to BYO container image. Please note that changing the image source is not supported today.

This article details step-by-step instructions to update the container images for Conductor to point to ones stored in your own private container registry.

  1. Create a Conductor cluster connection with your desired configuration options and download the agent manifests. This can be done in the UI following this document or via the Diagrid CLI using these instructions.

  2. Open the Yaml manifest file that was downloaded to your machine and search for the image keys. The Conductor installation depends on two container images, the agent and the Open Telemetry collector. These should be populated with a container image and version tag like the following. Copy these values before moving on to the next step.


---
image: us-central1-docker.pkg.dev/prj-common-d-shared-89549/reg-d-common-docker-public/agent:0.2.10-rc.1
---
image: us-central1-docker.pkg.dev/prj-common-d-shared-89549/reg-d-common-docker-public/diagrid-otel-collector:0.2.10-rc.1
  1. Using the copied container images and tags, download the images to your local machine.
docker pull us-central1-docker.pkg.dev/prj-common-d-shared-89549/reg-d-common-docker-public/agent:0.2.10-rc.1
docker pull us-central1-docker.pkg.dev/prj-common-d-shared-89549/reg-d-common-docker-public/diagrid-otel-collector:0.2.10-rc.1
  1. Tag the container images with the private registry that you wish to use for your Conductor deployment.
export CONTAINER_REGISTRY="<YOUR-CONTAINER-REGISTRY>"
docker tag us-central1-docker.pkg.dev/prj-common-d-shared-89549/reg-d-common-docker-public/agent:0.2.10-rc.1 $CONTAINER_REGISTRY/agent:0.2.10-rc.1
docker tag us-central1-docker.pkg.dev/prj-common-d-shared-89549/reg-d-common-docker-public/diagrid-otel-collector:0.2.10-rc.1  $CONTAINER_REGISTRY/diagrid-otel-collector:0.2.10-rc.1
  1. Push the container images to your private registry for scanning and analysis.
docker push $CONTAINER_REGISTRY/agent:0.2.10-rc.1
docker push $CONTAINER_REGISTRY/diagrid-otel-collector:0.2.10-rc.1
  1. Edit the Conductor Yaml manifests to point to your private container images and deploy the updated manifests to your cluster. Ensure you have updated both the diagrid-agent Deployment and diagrid-agent-logs-collector Daemonset objects.
kubectl apply -f <manifests-file>.yaml

IMPORTANT: By opting in to BYO container images it becomes your responsibility to manage and update both Dapr and Conductor releases on your clusters.

  • Dapr releases new minor versions quarterly and patch versions for critical issues whenever necessary giving users approximately a 12-week rolling window for staying within a supported version. More details here.
  • Conductor releases are typically done on a weekly basis and are avaiable every Friday. Check the release notes for more details.