Configure Image Builder
Introduction
PrimeHub provides the capability to build custom images. There are two features related to building image
- Image > Build custom image: Allows group admin to create custom image.
- Admin Portal > Image Builder (EE only): Allows system admin to create custom image
Once images are built successfully, they will be pushed into specified repositories of a registry. Here we show how to configure PrimeHub using a remote registry for it.
Path | Description | Default Value |
---|---|---|
customImage.registryEndpoint | The registry the built image to push | N/A |
customImage.registryUsername | Login user name for registry | N/A |
customImage.registryPassword | Login password for registry | N/A |
customImage.pushRepoPrefix | The image prefix for the build image. The result image will be <repo prefix>/<image>:<tag> | N/A |
customImage.pushSecretName | The secret name of the registry push secret | primehub-controller-custom-image-push-secret |
Configure DockerHub Registry
Sign in DockerHub.
Go to
Account Settings
/Security
/Access Tokens
Generate new access token and save it. (REF: Managing access tokens).Create a repository and note down the
<namespace>
and<repo name>
Configuration example of DockerHub registry
customImage: enabled: true registryEndpoint: docker.io registryUsername: <your_docker_hub_username> registryPassword: <your_access_token> pushRepoPrefix: docker.io/<namespace>
Configure Google Container Registry (GCR)
Please reference this official document for GCR to get the username and password
The username is always
_json_key
. The password is the keyfile json. Please make it a one-line json string so that we can put it in the environment variable.cat keyfile | jq -c .
Configuration example of GCR
customImage: enabled: true registryEndpoint: https://gcr.io registryUsername: _json_key registryPassword: <gcr_service_account_json> pushRepoPrefix: gcr.io/<gcp_project_name>
Configure AWS Elastic Container Registry (ECR)
Please reference this official document for ECR to setup IAM role policy with ECR.
Install the tool
aws-ecr-credential
by helm to fetch the latest access token of AWS ECR.helm repo add infuseai https://charts.infuseai.io helm repo update helm install aws-ecr-credential infuseai/aws-ecr-credential \ --set-string aws.account="<aws_account_id>" \ --set aws.region="<aws_region>" \ --set targetNamespace=hub
The access token of ECR will be generated into a k8s secret
aws-registry
under the target namespace.$ kubectl get secret -n hub aws-registry NAME TYPE DATA AGE aws-registry kubernetes.io/dockerconfigjson 1 3h32m
Configuration example of ECR
customImage: registryEndpoint: https://8<aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com pushRepoPrefix: <aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com pushSecretName: aws-registry
Notice
AWS ECR only support push the container image to an existed repository. Please reference the official document to create the corresponding repository on AWS ESC before adding the custom image build.