Configure Custom Image Build

Introduction

PrimeHub provides the capability to build custom images. There are two features related to building image

__Image > Build custom image: Allows group admin to create custom image.
__Admin Portal > Images (EE only): Allows system admin to create custom image

Once images are built successfully, they will be pushed into specified repositories of a registry. Here we show how to configure PrimeHub using a remote registry for it.

Path Description Default Value

Path	Description	Default Value
`customImage.registryEndpoint`	The registry the built image to push	`N/A`
`customImage.registryUsername`	Login user name for registry	`N/A`
`customImage.registryPassword`	Login password for registry	`N/A`
`customImage.pushRepo`	The image repository for the build image. The result image will be `<repo>:<image name>-<tag>`	`N/A`
`customImage.pushRepoPrefix`	The image prefix for the build image. The result image will be `<repo prefix>/<image name>:<tag>`. This field will be ignored when `customImage.pushRepo` is set	`N/A`
`customImage.pushSecretName`	The secret name of the registry push secret	`primehub-controller-custom-image-push-secret`

customImage.registryEndpoint

The registry the built image to push

N/A

customImage.registryUsername

N/A

customImage.registryPassword

N/A

customImage.pushRepo

The image repository for the build image. The result image will be <repo>:<image name>-<tag>

N/A

customImage.pushRepoPrefix

The image prefix for the build image. The result image will be <repo prefix>/<image name>:<tag>. This field will be ignored when customImage.pushRepo is set

N/A

customImage.pushSecretName

The secret name of the registry push secret

primehub-controller-custom-image-push-secret

Configure DockerHub Registry

Sign in DockerHub.
Go to Account Settings/Security/Access Tokens Generate new access token and save it. (REF: Managing access tokens).
Create a repository and note down the <namespace> and <repo name>

Configuration example of DockerHub registry

customImage:
  enabled: true
  registryEndpoint: docker.io
  registryUsername: <your_docker_hub_username>
  registryPassword: <your_access_token>
  pushRepo: docker.io/<namespace>/<repo name>

Configure Google Container Registry (GCR)

Please reference this official document for GCR to get the username and password
The username is always _json_key. The password is the keyfile json. Please make it a one-line json string so that we can put it in the environment variable.
```
cat keyfile | jq -c .
```

Configuration example of GCR

customImage:
  enabled: true
  registryEndpoint: https://gcr.io
  registryUsername: _json_key
  registryPassword: <gcr_service_account_json>
  pushRepo: gcr.io/<gcp_project_name>/<repo name>

Configure AWS Elastic Container Registry (ECR)

Please reference this official document for ECR to setup IAM role policy with ECR.

Install the tool aws-ecr-credential by helm to fetch the latest access token of AWS ECR.

helm repo add infuseai https://charts.infuseai.io
helm repo update
helm install aws-ecr-credential infuseai/aws-ecr-credential \
  --set-string aws.account="<aws_account_id>" \
  --set aws.region="<aws_region>" \
  --set targetNamespace=hub

The access token of ECR will be generated into a k8s secret aws-registry under the target namespace.

$ kubectl get secret -n hub aws-registry
NAME           TYPE                             DATA   AGE
aws-registry   kubernetes.io/dockerconfigjson   1      3h32m

Configuration example of ECR

  customImage:
    registryEndpoint: https://8<aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com
    pushRepo: <aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com/<repo name>
    pushSecretName: aws-registry

Notice

AWS ECR only support push the container image to an existed repository. Please reference the official document to create the corresponding repository on AWS ESC before adding the custom image build.

PreviousConfigure Job Submission NextConfigure Model Deployment

Last updated 1 year ago