Using a Docker Registry with Credentials¶
Some Docker images are stored in private docker registries. For the Researcher to access the images, we will need to provide credentials for the registry.
There could be two business scenarios:
- All researchers use single credentials for the registry.
- There exist separate registry credentials per Run:ai Project.
For each private registry you must perform the following (The example below uses Docker Hub):
<secret_name>may be any arbitrary string
<password>are the repository user and password
- The secret may take up to a minute to update in the system.
- The above scheme relies on the cluster setting
clusterWideSecretto be set to
Credentials per Project¶
For each Run:ai Project create a secret:
<NAMESPACE> is the namespace associated with the Project (typically its
Then apply the secret to Run:ai by running:
Google Cloud Registry¶
Follow the steps below to access private images in the Google Container Registry (GCR):
- Create a service-account in GCP. Provide it
Viewerpermissions and download a JSON key.
- Under GCR, go to image and locate the domain name. Example GCR domains can be
On your local machine, log in to docker with the new credentials:
<gcr-domain>is the GCR domain we have located,
<config.json>is the GCP configuration file. This will generate an entry for the GCR domain in your
~/.docker/config.jsonfile. Copy the JSON structure under the GCR domain into a new file called
~/docker-config.json. When doing so, take care to remove all newlines. For example:
Convert the file into base64:
- Create a new file called
- Apply to Kubernetes by running the command:
- Test your settings by submitting a which references an image from the GCR repository