In this tutorial you will learn how to create and push a container image to the Scaleway Elements Container Registry and how to use it on Kubernetes Kapsule in a second step.
A container image consists of several bundled files, which encapsulate an application. This image can be built on a local machine, be uploaded to the image registry, and then deployed on several Kubernetes pods with Kapsule. Kapsule is the managed Kubernetes service provided by Scaleway Elements. In this tutorial we are using Docker to build the containers.
Requirements
- You have an account and are logged into console.scaleway.com.
- You have already created a Container Registry Namespace with a “private” privacy policy.
- You have already created a Kubernetes Kapsule cluster, downloaded and configured the corresponding
.kubeconfig
file.- You have Docker and and kubectl installed on your local computer.
To be able to push and pull images in and from the private image registry, the secret key of an API token is required.
1 . Log into your Scaleway Elements console and navigate to the credentials section by clicking on the user icon → Credentials :
2 . In the API Tokens section click on Generate new Token to generate a new secret key:
You may add a token description for your convenience and to facilitate the token management.
Important: Copy the Secret Key and keep it in a secret environment, as it will not be shown again.
3 . Export the tokens as variables in a terminal window:
$ export SCW_ACCESS_TOKEN=SCWM517S9G0KBVEGY19V
$ export SCW_SECRET_TOKEN=da247a4b-ad98-464f-97ac-a8b056fb565f
Note: To complete the following steps, it is required that you have a local project with a
Dockerfile
to build a container image from it. If you do not have a docker project yet, you may follow our tutorial to create the required files.
1 . Check that all required files are available to build the container image by running the ls -l
command in the directory of your project:
$ ls -l
total 32
-rw-r--r-- 1 myuser staff 903 Oct 14 12:19 Dockerfile
-rw-r--r-- 1 myuser staff 1080 Oct 14 12:19 LICENSE
-rw-r--r-- 1 myuser staff 476 Oct 14 12:19 Makefile
-rw-r--r-- 1 myuser staff 1721 Oct 14 12:19 README.md
drwxr-xr-x 3 myuser staff 96 Oct 14 12:19 patches
2 . Build the Docker container image locally before pushing it to the private image registry. The parameter -t
configures the tags of the container:
$ docker build -t mycontainer:latest .
Sending build context to Docker daemon 197.6kB
...
...
...
---> c427b132b5fc
Successfully built c427b132b5fc
Successfully tagged mycontainer:latest
3 . Check that the image has been added to the local Docker installation by running the docker images
command. Your newly created container image will be displayed in the list of available images:
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mycontainer latest c427b132b5fc 22 minutes ago 1.24GB
4 . Log yourself into your Container Registry. The endpoint (for example: rg.fr-par.scw.cloud/myregistry
) of your image registry is available from your Scaleway Elements Console and depends on your configuration:
$ docker login rg.fr-par.scw.cloud/myregistry -u nologin -p $SCW_SECRET_TOKEN
A Login Succeeded
message displays once logged in.
5 . Tag the image using the docker tag
command. Make sure to replace the URL of the image registry with your personal endpoint:
$ docker tag mycontainer:latest rg.fr-par.scw.cloud/myregistry/mycontainer:latest
6 . Push the image to the image registry using the docker push
command:
$ docker push rg.fr-par.scw.cloud/myregistry/mycontainer:latest
...
...
a26724645421: Pushed
a30b835850bf: Pushed
latest: digest: sha256:690d70e8f26cb772916c64244c86701c50f2764e42c668d4d0aaf039a9d62b47 size: 4067
To deploy the previously created container image in a Kapsule cluster, the secret key of the API token is required to connect to the image registry.
Note: Make sure that your Kapsule cluster is configured on your local computer before continuing.
We also suppose that all resources are living in the same Kubernetes Namespace. The default namespace is nameddefault
1 . Run kubectl
to define a secret called registry-secret
using the $SCW_SECRET_TOKEN
variable as follows:
$ kubectl create secret docker-registry registry-secret --docker-server=rg.fr-par.scw.cloud --docker-username=myuser --docker-password=$SCW_SECRET_TOKEN --docker-email=my@email.com
Important: Only docker-server and docker-password in the command above concern the image registry.
2 . You can display the generated secret with the kubectl get secret
command. The flag --output=yaml
will return the output formatted in YAML:
$ kubectl get secret registry-secret --output=yaml
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJyZy5mci1wYXIuc2N3LmNsb3VkIjp7InVzZXJuYW1lIjoibXl1c2VyIiwicGFzc3dvcmQiOiJkYTI0N2E0Yi1hZDk4LTQ2NGYtOTdhYy1hOGIwNTZmYjU2NWYiLCJlbWFpbCI6Im15QGVtYWlsLmNvbSIsImF1dGgiOiJiWGwxYzJWeU9tUmhNalEzWVRSaUxXRmtPVGd0TkRZMFppMDVOMkZqTFdFNFlqQTFObVppTlRZMVpnPT0ifX19
kind: Secret
metadata:
creationTimestamp: 2019-10-14T12:23:32Z
name: registry-secret
namespace: default
resourceVersion: "2977046288"
selfLink: /api/v1/namespaces/default/secrets/registry-secret
uid: 85a69713-f239-43f3-8f00-36603c794557
type: kubernetes.io/dockerconfigjson
1 . Create a file deployment.yaml
and open it in a text-editor, e.g. nano
:
$ nano deployment.yaml
2 . Copy the following content into it, save the file and quit the text-editor.
Remember to replace
rg.fr-par.scw.cloud/myregistry/mycontainer:latest
registry-secret
apiVersion: apps/v1
kind: Deployment
metadata:
name: mydeployment
labels:
app: mydeployment
spec:
replicas: 2
selector:
matchLabels:
app: mydeployment
template:
metadata:
labels:
app: mydeployment
spec:
containers:
- name: mycontainer
image: rg.fr-par.scw.cloud/myregistry/mycontainer:latest
imagePullSecrets:
- name: registry-secret
Note: In the configuration above, the secret and deployments are in the same namespace.
3 . Run kubectl apply
to apply the deployment to the cluster:
$ kubectl apply -f deployment.yaml
4 . Use the kubectl get pods
command to check the status of the deployment:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
mydeployment-64c9fdd66c-66mrq 1/1 Running 0 2m
mydeployment-64c9fdd66c-pwhl9 1/1 running 0 2m
As you can see in the output above, the image has been pulled successfully from the image registry and two replicas of it are running on the Kapsule cluster.
For more information how to use your private image registry with Kubernetes, refer to the official documentation.