Configure Custom Image Build

PreviousConfigure Job Submission NextConfigure Model Deployment

Configure Custom Image Build

Introduction

PrimeHub provides the capability to build custom images. There are two features related to building image

__: Allows group admin to create custom image.
__ (EE only): Allows system admin to create custom image

Once images are built successfully, they will be pushed into specified repositories of a registry. Here we show how to configure PrimeHub using a remote registry for it.

Path

Description

Default Value

customImage.registryEndpoint

The registry the built image to push

N/A

customImage.registryUsername

N/A

customImage.registryPassword

N/A

customImage.pushRepo

The image repository for the build image. The result image will be <repo>:<image name>-<tag>

N/A

customImage.pushRepoPrefix

The image prefix for the build image. The result image will be <repo prefix>/<image name>:<tag>. This field will be ignored when customImage.pushRepo is set

N/A

customImage.pushSecretName

The secret name of the registry push secret

primehub-controller-custom-image-push-secret

Configure DockerHub Registry

Sign in DockerHub.
Go to Account Settings/Security/Access Tokens Generate new access token and save it. (REF: ).
Create a repository and note down the <namespace> and <repo name>

Configuration example of DockerHub registry

customImage:
  enabled: true
  registryEndpoint: docker.io
  registryUsername: <your_docker_hub_username>
  registryPassword: <your_access_token>
  pushRepo: docker.io/<namespace>/<repo name>

Configure Google Container Registry (GCR)

The username is always _json_key. The password is the keyfile json. Please make it a one-line json string so that we can put it in the environment variable.
```
cat keyfile | jq -c .
```

Configuration example of GCR

customImage:
  enabled: true
  registryEndpoint: https://gcr.io
  registryUsername: _json_key
  registryPassword: <gcr_service_account_json>
  pushRepo: gcr.io/<gcp_project_name>/<repo name>

Configure AWS Elastic Container Registry (ECR)

Install the tool aws-ecr-credential by helm to fetch the latest access token of AWS ECR.

helm repo add infuseai https://charts.infuseai.io
helm repo update
helm install aws-ecr-credential infuseai/aws-ecr-credential \
  --set-string aws.account="<aws_account_id>" \
  --set aws.region="<aws_region>" \
  --set targetNamespace=hub

The access token of ECR will be generated into a k8s secret aws-registry under the target namespace.

$ kubectl get secret -n hub aws-registry
NAME           TYPE                             DATA   AGE
aws-registry   kubernetes.io/dockerconfigjson   1      3h32m

Configuration example of ECR

  customImage:
    registryEndpoint: https://8<aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com
    pushRepo: <aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com/<repo name>
    pushSecretName: aws-registry

Notice

PreviousConfigure Job Submission NextConfigure Model Deployment

Introduction

PrimeHub provides the capability to build custom images. There are two features related to building image

__: Allows group admin to create custom image.
__ (EE only): Allows system admin to create custom image

Once images are built successfully, they will be pushed into specified repositories of a registry. Here we show how to configure PrimeHub using a remote registry for it.

Path

Description

Default Value

customImage.registryEndpoint

The registry the built image to push

N/A

customImage.registryUsername

N/A

customImage.registryPassword

N/A

customImage.pushRepo

The image repository for the build image. The result image will be <repo>:<image name>-<tag>

N/A

customImage.pushRepoPrefix

The image prefix for the build image. The result image will be <repo prefix>/<image name>:<tag>. This field will be ignored when customImage.pushRepo is set

N/A

customImage.pushSecretName

The secret name of the registry push secret

primehub-controller-custom-image-push-secret

Configure DockerHub Registry

Sign in DockerHub.
Go to Account Settings/Security/Access Tokens Generate new access token and save it. (REF: ).
Create a repository and note down the <namespace> and <repo name>

Configuration example of DockerHub registry

customImage:
  enabled: true
  registryEndpoint: docker.io
  registryUsername: <your_docker_hub_username>
  registryPassword: <your_access_token>
  pushRepo: docker.io/<namespace>/<repo name>

Configure Google Container Registry (GCR)

Please reference this to get the username and password
The username is always _json_key. The password is the keyfile json. Please make it a one-line json string so that we can put it in the environment variable.
```
cat keyfile | jq -c .
```

Configuration example of GCR

customImage:
  enabled: true
  registryEndpoint: https://gcr.io
  registryUsername: _json_key
  registryPassword: <gcr_service_account_json>
  pushRepo: gcr.io/<gcp_project_name>/<repo name>

Configure AWS Elastic Container Registry (ECR)

Please reference this to setup IAM role policy with ECR.

Install the tool aws-ecr-credential by helm to fetch the latest access token of AWS ECR.

helm repo add infuseai https://charts.infuseai.io
helm repo update
helm install aws-ecr-credential infuseai/aws-ecr-credential \
  --set-string aws.account="<aws_account_id>" \
  --set aws.region="<aws_region>" \
  --set targetNamespace=hub

The access token of ECR will be generated into a k8s secret aws-registry under the target namespace.

$ kubectl get secret -n hub aws-registry
NAME           TYPE                             DATA   AGE
aws-registry   kubernetes.io/dockerconfigjson   1      3h32m

Configuration example of ECR

  customImage:
    registryEndpoint: https://8<aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com
    pushRepo: <aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com/<repo name>
    pushSecretName: aws-registry

Notice

AWS ECR only support push the container image to an existed repository. Please reference the to create the corresponding repository on AWS ESC before adding the custom image build.