Configure Custom Image Build
Introduction
PrimeHub provides the capability to build custom images. There are two features related to building image
__Image > Build custom image: Allows group admin to create custom image.
__Admin Portal > Images (EE only): Allows system admin to create custom image
Once images are built successfully, they will be pushed into specified repositories of a registry. Here we show how to configure PrimeHub using a remote registry for it.
customImage.registryEndpoint
The registry the built image to push
N/A
customImage.registryUsername
Login user name for registry
N/A
customImage.registryPassword
Login password for registry
N/A
customImage.pushRepo
The image repository for the build image. The result image will be <repo>:<image name>-<tag>
N/A
customImage.pushRepoPrefix
The image prefix for the build image. The result image will be <repo prefix>/<image name>:<tag>
. This field will be ignored when customImage.pushRepo
is set
N/A
customImage.pushSecretName
The secret name of the registry push secret
primehub-controller-custom-image-push-secret
Configure DockerHub Registry
Sign in DockerHub.
Go to
Account Settings
/Security
/Access Tokens
Generate new access token and save it. (REF: Managing access tokens).Create a repository and note down the
<namespace>
and<repo name>
Configuration example of DockerHub registry
customImage: enabled: true registryEndpoint: docker.io registryUsername: <your_docker_hub_username> registryPassword: <your_access_token> pushRepo: docker.io/<namespace>/<repo name>
Configure Google Container Registry (GCR)
Please reference this official document for GCR to get the username and password
The username is always
_json_key
. The password is the keyfile json. Please make it a one-line json string so that we can put it in the environment variable.cat keyfile | jq -c .
Configuration example of GCR
customImage: enabled: true registryEndpoint: https://gcr.io registryUsername: _json_key registryPassword: <gcr_service_account_json> pushRepo: gcr.io/<gcp_project_name>/<repo name>
Configure AWS Elastic Container Registry (ECR)
Please reference this official document for ECR to setup IAM role policy with ECR.
Install the tool
aws-ecr-credential
by helm to fetch the latest access token of AWS ECR.helm repo add infuseai https://charts.infuseai.io helm repo update helm install aws-ecr-credential infuseai/aws-ecr-credential \ --set-string aws.account="<aws_account_id>" \ --set aws.region="<aws_region>" \ --set targetNamespace=hub
The access token of ECR will be generated into a k8s secret
aws-registry
under the target namespace.$ kubectl get secret -n hub aws-registry NAME TYPE DATA AGE aws-registry kubernetes.io/dockerconfigjson 1 3h32m
Configuration example of ECR
customImage: registryEndpoint: https://8<aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com pushRepo: <aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com/<repo name> pushSecretName: aws-registry