How to Deploy an Image from Scaleway Elements Container Registry to Kubernetes Kapsule

Registry and Kapsule - Overview

In this tutorial you will learn how to create and push a container image to the Scaleway Elements Container Registry and how to use it on Kubernetes Kapsule in a second step.

A container image consists of several bundled files, which encapsulate an application. This image can be built on a local machine, be uploaded to the image registry, and then deployed on several Kubernetes pods with Kapsule. Kapsule is the managed Kubernetes service provided by Scaleway Elements. In this tutorial we are using Docker to build the containers.

Requirements

• You have an account and are logged into console.scaleway.com.
• You have already created a Container Registry Namespace with a “private” privacy policy.
• You have already created a Kubernetes Kapsule cluster, downloaded and configured the corresponding .kubeconfig file.
• You have Docker and and kubectl installed on your local computer.

Setting a New Access Token

To be able to push and pull images in and from the private image registry, the secret key of an API token is required.

1 . Log into your Scaleway Elements console and navigate to the credentials section by clicking on the user icon → Credentials :

2 . In the API Tokens section click on Generate new Token to generate a new secret key:

You may add a token description for your convenience and to facilitate the token management.

Important: Copy the Secret Key and keep it in a secret environment, as it will not be shown again.

3 . Export the tokens as variables in a terminal window:

$ export SCW_ACCESS_TOKEN=SCWM517S9G0KBVEGY19V
$ export SCW_SECRET_TOKEN=da247a4b-ad98-464f-97ac-a8b056fb565f

Pushing an Image to the Registry

Note: To complete the following steps, it is required that you have a local project with a Dockerfile to build a container image from it. If you do not have a docker project yet, you may follow our tutorial to create the required files.

1 . Check that all required files are available to build the container image by running the ls -l command in the directory of your project:

$ ls -l
total 32
-rw-r--r--  1 myuser  staff   903 Oct 14 12:19 Dockerfile
-rw-r--r--  1 myuser  staff  1080 Oct 14 12:19 LICENSE
-rw-r--r--  1 myuser  staff   476 Oct 14 12:19 Makefile
-rw-r--r--  1 myuser  staff  1721 Oct 14 12:19 README.md
drwxr-xr-x  3 myuser  staff    96 Oct 14 12:19 patches

2 . Build the Docker container image locally before pushing it to the private image registry. The parameter -t configures the tags of the container:

$ docker build -t mycontainer:latest .

Sending build context to Docker daemon  197.6kB
...
...
...
 ---> c427b132b5fc
Successfully built c427b132b5fc
Successfully tagged mycontainer:latest

3 . Check that the image has been added to the local Docker installation by running the docker images command. Your newly created container image will be displayed in the list of available images:

$ docker images
REPOSITORY                                             TAG                 IMAGE ID            CREATED             SIZE
mycontainer                                            latest              c427b132b5fc        22 minutes ago      1.24GB

4 . Log yourself into your Container Registry. The endpoint (for example: rg.fr-par.scw.cloud/myregistry) of your image registry is available from your Scaleway Elements Console and depends on your configuration:

$ docker login rg.fr-par.scw.cloud/myregistry -u nologin -p $SCW_SECRET_TOKEN

A Login Succeeded message displays once logged in.

5 . Tag the image using the docker tag command. Make sure to replace the URL of the image registry with your personal endpoint:

$ docker tag mycontainer:latest rg.fr-par.scw.cloud/myregistry/mycontainer:latest

6 . Push the image to the image registry using the docker push command:

$ docker push rg.fr-par.scw.cloud/myregistry/mycontainer:latest

...
...
a26724645421: Pushed
a30b835850bf: Pushed
latest: digest: sha256:690d70e8f26cb772916c64244c86701c50f2764e42c668d4d0aaf039a9d62b47 size: 4067

Creating an Image Pull Secret

To deploy the previously created container image in a Kapsule cluster, the secret key of the API token is required to connect to the image registry.

Note: Make sure that your Kapsule cluster is configured on your local computer before continuing.
We also suppose that all resources are living in the same Kubernetes Namespace. The default namespace is named default

1 . Run kubectl to define a secret called registry-secret using the $SCW_SECRET_TOKEN variable as follows:

$ kubectl create secret docker-registry registry-secret --docker-server=rg.fr-par.scw.cloud --docker-username=myuser --docker-password=$SCW_SECRET_TOKEN --docker-email=my@email.com

Important: Only docker-server and docker-password in the command above concern the image registry.

2 . You can display the generated secret with the kubectl get secret command. The flag --output=yaml will return the output formatted in YAML:

$ kubectl get secret registry-secret --output=yaml

apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJyZy5mci1wYXIuc2N3LmNsb3VkIjp7InVzZXJuYW1lIjoibXl1c2VyIiwicGFzc3dvcmQiOiJkYTI0N2E0Yi1hZDk4LTQ2NGYtOTdhYy1hOGIwNTZmYjU2NWYiLCJlbWFpbCI6Im15QGVtYWlsLmNvbSIsImF1dGgiOiJiWGwxYzJWeU9tUmhNalEzWVRSaUxXRmtPVGd0TkRZMFppMDVOMkZqTFdFNFlqQTFObVppTlRZMVpnPT0ifX19
kind: Secret
metadata:
  creationTimestamp: 2019-10-14T12:23:32Z
  name: registry-secret
  namespace: default
  resourceVersion: "2977046288"
  selfLink: /api/v1/namespaces/default/secrets/registry-secret
  uid: 85a69713-f239-43f3-8f00-36603c794557
type: kubernetes.io/dockerconfigjson

Creating a Deployment for the Container

1 . Create a file deployment.yaml and open it in a text-editor, e.g. nano:

$ nano deployment.yaml

2 . Copy the following content into it, save the file and quit the text-editor.
Remember to replace

• the image name: rg.fr-par.scw.cloud/myregistry/mycontainer:latest
• the registry secret: registry-secret
  with the values you have defined previously:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mydeployment
  labels:
    app: mydeployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: mydeployment
  template:
    metadata:
      labels:
        app: mydeployment
    spec:
      containers:
        - name: mycontainer
          image: rg.fr-par.scw.cloud/myregistry/mycontainer:latest
      imagePullSecrets:
        - name: registry-secret

Note: In the configuration above, the secret and deployments are in the same namespace.

3 . Run kubectl apply to apply the deployment to the cluster:

$ kubectl apply -f deployment.yaml

4 . Use the kubectl get pods command to check the status of the deployment:

$ kubectl get pods

NAME                            READY   STATUS             RESTARTS   AGE
mydeployment-64c9fdd66c-66mrq   1/1     Running            0          2m
mydeployment-64c9fdd66c-pwhl9   1/1     running            0          2m

As you can see in the output above, the image has been pulled successfully from the image registry and two replicas of it are running on the Kapsule cluster.

For more information how to use your private image registry with Kubernetes, refer to the official documentation.