Saturday, October 13, 2018

How To Push/Pull Docker Images Into Oracle OKE Registry

Requirement:

   We have built some customized docker images for our apps. We need to upload it to OKE registry and being used by  OKE engineer later. Please refer official oracle doc

Solution:

  • Make sure you have correct privileges to push images to OCI registry. You need your tenancy admin to update the policies to allow you to do that
  • Generate Auth Token from OCI  user settings. see details in official oracle doc
  • On the host where your docker images are, use docker to login
docker login phx.ocir.io   (we use phoenix region)
If users are federated with another directory services
Username:  <tenancy-namespace>/<federation name>/test.test@oracle.com
i.e.   mytenancy-namespace/corp_login_federate/test.test@oracle.com
If no federation, remove <federation name>
Password:  <The Auth token you generated before>
Login succeed.
  • Tag the images you would like to upload
docker tag hello-world:latest
<region-code>.ocir.io/<tenancy-namespace>/<repo-name>/<image-name>:<tag>
docker tag hello-world:latest phx.ocir.io/peo/engops/hello-world:latest
  • Remember to add "repo-name"
  • Push the image to registry
docker push  phx.ocir.io/peo-namespace/engops/hello-world:latest
  • Pull the image
 docker pull phx.ocir.io/peo-namespace/engops/hello-world
  • To use it in K8S yaml file, we need to add secret for docker login. Refer k8s doc and oci doc for details
kubectl create secret docker-registry iad-ocir-secret --docker-server=iad.ocir.io --docker-username='<tenancy-namespace>/<federation name>/test.test@oracle.com' --docker-password='******' --docker-email='test@test.com'

 part of sample yaml is like

spec:
      containers:
      - name: helloworld
    # enter the path to your image, be sure to include the correct region prefix 
        image: <region-code>.ocir.io/<tenancy-namespace>/<repo-name>/<image-name>:<tag>
        ports:
        - containerPort: 80
      imagePullSecrets:
    # enter the name of the secret you created
      - name: <secret-name>


No comments: