Docker Registry

When you want to use a docker image from your private (docker) registry, you grant rapyuta.io access to your private registry via a docker secret.

The two types of docker pull secrets that you can create are:

  1. Docker Hub
  2. Private Registry

Creating a docker pull secret

To create a docker pull secret for a private docker registry, follow the steps:

  1. On the left navigation bar, click SECRETS.
  2. Click ADD NEW SECRET.
  3. Under SELECT SECRET TYPE, click Docker pull secret.
  4. In the Name box, enter a name for the docker pull secret. For instance, you may enter the name docker-pull-secret-name.
    Make sure that the name should be no longer than 253 characters. It must consist of lower case alphanumeric characters or hyphen -, and it must begin and end with an alphanumeric character.
  5. If your docker registry is Docker Hub, select Dockerhub. Skip to instruction 6.
  6. Otherwise, if you intend to use a private (docker) registry, select Private registry. Provide the private (docker) registry URL in the Registry Url box. It is mandatory to provide the registry URL.
  7. In the Username box, type in your docker username.
  8. In the Password box, type in your docker password.
    To determine your docker credentials for your private registry, read about authorisation token for docker credentials.
  9. In the Email box, enter the valid email address associated with your docker registry.
  10. Click SUBMIT.

Authorization Token

When you create a docker pull secret for a private registry, rapyuta.io stores your docker credentials (that is, username and password) in base64-encoded format. This encoded data is the authorisation token which gives access to rapyuta.io to pull private docker images while deploying a package.

To determine your docker credentials for a private registry, run the following instructions in sequence on the system you have logged in to docker:

  1. Docker login process creates or updates config.json file. To display this file, run the command:

    cat ~/.docker/config.json
    

    A sample config.json file will look like:

    {
       "auths":{
           "https://index.docker.io/v1/":{
               "auth":"c3r...ze2"
           }
       }
    }
    

    The value of auth entry is base64-encoded data, also called an authorisation token. If you use a docker credentials store, you will instead see credsStore entry with the name of the store as value. For example, a sample config.json file with credsStore entry would look like:

    {
       "auths":{
           "https://index.docker.io/v1/":{}
       },
       "credsStore": "osxkeychain"
    }
    

    You can find out the authorisation token from the respective credsStore entry’s value. In this case, use osxkeychain value to figure out authorization token.

  2. To convert authorisation token to a readable format, execute the command:

    echo  "c3r...ze2" | base64  -d
    
  3. The output consists of two parts separated by a colon : as shown below

    janedoe:xxxxxxxxxx
    

    The part to the left of : is your docker username, while the one on the right is your password.

rapyuta.io uses your docker pull secret during package deployment.

If you encounter the following deployment error,

DEP_E153 (Could not pull either the docker image or the built package artifact for the component on the cloud)

Ensure the docker username and password in a secret are correct.