A container image consists of several bundled files, which encapsulate an application. This image can be built on a local machine, be uploaded to the image registry, and then deployed on several Kubernetes pods with Kapsule. Kapsule is the managed Kubernetes service provided by Scaleway Elements. In this tutorial we are using Docker to build the containers.
- You have an account and are logged into console.scaleway.com.
- You have already created a Kubernetes Kapsule cluster, downloaded and configured the corresponding
- You have Docker and and kubectl installed on your local computer.
To be able to push and pull images in and from the private image registry, the secret key of an API token is required.
1 . Log into your Scaleway Elements console and navigate to the credentials section by clicking on the user icon → Credentials :
2 . In the API Tokens section click on Generate new Token to generate a new secret key:
You may add a token description for your convenience and to facilitate the token management.
Important: Copy the Secret Key and keep it in a secret environment, as it will not be shown again.
3 . Export the tokens as variables in a terminal window:
$ export SCW_ACCESS_TOKEN=SCWM517S9G0KBVEGY19V $ export SCW_SECRET_TOKEN=da247a4b-ad98-464f-97ac-a8b056fb565f
Note: To complete the following steps, it is required that you have a local project with a
Dockerfileto build a container image from it. If you do not have a docker project yet, you may follow our tutorial to create the required files.
1 . Check that all required files are available to build the container image by running the
ls -l command in the directory of your project:
$ ls -l total 32 -rw-r--r-- 1 myuser staff 903 Oct 14 12:19 Dockerfile -rw-r--r-- 1 myuser staff 1080 Oct 14 12:19 LICENSE -rw-r--r-- 1 myuser staff 476 Oct 14 12:19 Makefile -rw-r--r-- 1 myuser staff 1721 Oct 14 12:19 README.md drwxr-xr-x 3 myuser staff 96 Oct 14 12:19 patches
2 . Build the Docker container image locally before pushing it to the private image registry. The parameter
-t configures the tags of the container:
$ docker build -t mycontainer:latest .
Sending build context to Docker daemon 197.6kB ... ... ... ---> c427b132b5fc Successfully built c427b132b5fc Successfully tagged mycontainer:latest
3 . Check that the image has been added to the local Docker installation by running the
docker images command. Your newly created container image will be displayed in the list of available images:
$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE mycontainer latest c427b132b5fc 22 minutes ago 1.24GB
4 . Log yourself into your Container Registry. The endpoint (for example:
rg.fr-par.scw.cloud/myregistry) of your image registry is available from your Scaleway Elements Console and depends on your configuration:
$ docker login rg.fr-par.scw.cloud/myregistry -u nologin -p $SCW_SECRET_TOKEN
Login Succeeded message displays once logged in.
5 . Tag the image using the
docker tag command. Make sure to replace the URL of the image registry with your personal endpoint:
$ docker tag mycontainer:latest rg.fr-par.scw.cloud/myregistry/mycontainer:latest
6 . Push the image to the image registry using the
docker push command:
$ docker push rg.fr-par.scw.cloud/myregistry/mycontainer:latest
... ... a26724645421: Pushed a30b835850bf: Pushed latest: digest: sha256:690d70e8f26cb772916c64244c86701c50f2764e42c668d4d0aaf039a9d62b47 size: 4067
To deploy the previously created container image in a Kapsule cluster, the secret key of the API token is required to connect to the image registry.
Note: Make sure that your Kapsule cluster is configured on your local computer before continuing.
We also suppose that all resources are living in the same Kubernetes Namespace. The default namespace is named
1 . Run
kubectl to define a secret called
registry-secret using the
$SCW_SECRET_TOKEN variable as follows:
$ kubectl create secret docker-registry registry-secret --docker-server=rg.fr-par.scw.cloud --docker-username=myuser --docker-password=$SCW_SECRET_TOKEN --firstname.lastname@example.org
Important: Only docker-server and docker-password in the command above concern the image registry.
2 . You can display the generated secret with the
kubectl get secret command. The flag
--output=yaml will return the output formatted in YAML:
$ kubectl get secret registry-secret --output=yaml
apiVersion: v1 data: .dockerconfigjson: eyJhdXRocyI6eyJyZy5mci1wYXIuc2N3LmNsb3VkIjp7InVzZXJuYW1lIjoibXl1c2VyIiwicGFzc3dvcmQiOiJkYTI0N2E0Yi1hZDk4LTQ2NGYtOTdhYy1hOGIwNTZmYjU2NWYiLCJlbWFpbCI6Im15QGVtYWlsLmNvbSIsImF1dGgiOiJiWGwxYzJWeU9tUmhNalEzWVRSaUxXRmtPVGd0TkRZMFppMDVOMkZqTFdFNFlqQTFObVppTlRZMVpnPT0ifX19 kind: Secret metadata: creationTimestamp: 2019-10-14T12:23:32Z name: registry-secret namespace: default resourceVersion: "2977046288" selfLink: /api/v1/namespaces/default/secrets/registry-secret uid: 85a69713-f239-43f3-8f00-36603c794557 type: kubernetes.io/dockerconfigjson
1 . Create a file
deployment.yaml and open it in a text-editor, e.g.
$ nano deployment.yaml
2 . Copy the following content into it, save the file and quit the text-editor.
Remember to replace
apiVersion: apps/v1 kind: Deployment metadata: name: mydeployment labels: app: mydeployment spec: replicas: 2 selector: matchLabels: app: mydeployment template: metadata: labels: app: mydeployment spec: containers: - name: mycontainer image: rg.fr-par.scw.cloud/myregistry/mycontainer:latest imagePullSecrets: - name: registry-secret
Note: In the configuration above, the secret and deployments are in the same namespace.
3 . Run
kubectl apply to apply the deployment to the cluster:
$ kubectl apply -f deployment.yaml
4 . Use the
kubectl get pods command to check the status of the deployment:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE mydeployment-64c9fdd66c-66mrq 1/1 Running 0 2m mydeployment-64c9fdd66c-pwhl9 1/1 running 0 2m
As you can see in the output above, the image has been pulled successfully from the image registry and two replicas of it are running on the Kapsule cluster.
For more information how to use your private image registry with Kubernetes, refer to the official documentation.