Difference between revisions of "Tutorials:Link to container registry on our server"
m |
|||
| (7 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
With the CCU login, you can also access the docker registry on our server. You need this in order to distribute your containers (program code) to the GPU cluster. Think about a registry as a globally available collection of program containers, which can be accessed by everyone in the CCU. You can for example freely pull any container which was created by someone else, make modifications to it, and republish it in your own account. Since a container brings all its dependencies with it, it is guaranteed to run on every system. Thus, you never need to think about for example which drivers or CUDA version is actually installed on a cluster node. | With the CCU login, you can also access the docker registry on our server. You need this in order to distribute your containers (program code) to the GPU cluster. Think about a registry as a globally available collection of program containers, which can be accessed by everyone in the CCU. You can for example freely pull any container which was created by someone else, make modifications to it, and republish it in your own account. Since a container brings all its dependencies with it, it is guaranteed to run on every system. Thus, you never need to think about for example which drivers or CUDA version is actually installed on a cluster node. | ||
| + | |||
| + | === Pushing images to the CCU registry === | ||
To check whether your login works and make the CCU registry known to your docker installation, simply run | To check whether your login works and make the CCU registry known to your docker installation, simply run | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| − | docker login ccu.uni-konstanz.de: | + | docker login ccu-k8s.inf.uni-konstanz.de:32250 |
</syntaxhighlight> | </syntaxhighlight> | ||
| − | The registry is exposed on the standard port | + | The registry is exposed on the standard port 32250, and it will ask for your CCU username and password. After this, you will be able to push your own images to the registry. |
| + | |||
| + | ==== Example on how to push a specific image ==== | ||
| + | Test the successful connection out now: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 18: | Line 23: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| − | docker tag busybox ccu.uni-konstanz.de: | + | docker tag busybox ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is |
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 26: | Line 31: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| − | docker push ccu.uni-konstanz.de: | + | docker push ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is |
| + | </syntaxhighlight> | ||
| + | |||
| + | === Pulling images into the GPU cluster === | ||
| + | |||
| + | To be able to use your customized image in our GPU cluster, first you have to verify that you have a ''secret'' configured to the CCU repository. | ||
| + | |||
| + | After establishing the login with docker, you should have config.json file created in your docker directory, in an Ubuntu installation: | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | /home/<Your_Ubuntu_Username>/.docker/config.json | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | + | In order to create a secret using your login information, type: | |
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | kubectl create secret generic <A_Name_For_Your_Secret> --from-file=.dockerconfigjson=/home/<Your_Ubuntu_Username>/.docker/config.json --type=kubernetes.io/dockerconfigjson | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | You can check it succeeded by running: | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | kubectl get secrets | ||
| + | NAME TYPE DATA AGE | ||
| + | <A_Name_For_Your_Secret> kubernetes.io/dockerconfigjson 1 17d | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | Now, whenever you are submitting a pod or a job you should reference your secret at container level of your yaml file: | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | apiVersion: v1 | ||
| + | kind: Pod | ||
| + | metadata: | ||
| + | name: busybox-test-pod | ||
| + | spec: | ||
| + | containers: | ||
| + | - name: busybox | ||
| + | image: ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is | ||
| + | command: ["sleep", "1d"] | ||
| + | resources: | ||
| + | requests: | ||
| + | cpu: 100m | ||
| + | memory: 100Mi | ||
| + | limits: | ||
| + | cpu: 1 | ||
| + | memory: 1Gi | ||
| + | volumeMounts: | ||
| + | - mountPath: /abyss/home | ||
| + | name: cephfs-home | ||
| + | readOnly: false | ||
| + | - mountPath: /abyss/shared | ||
| + | name: cephfs-shared | ||
| + | readOnly: false | ||
| + | - mountPath: /abyss/datasets | ||
| + | name: cephfs-datasets | ||
| + | readOnly: true | ||
| + | imagePullSecrets: #Secret to your repository here | ||
| + | - name: <A_Name_For_Your_Secret> #Name you have chosen for your secret | ||
| + | volumes: | ||
| + | - name: cephfs-home | ||
| + | hostPath: | ||
| + | path: "/cephfs/abyss/home/<your-username>" | ||
| + | type: Directory | ||
| + | - name: cephfs-shared | ||
| + | hostPath: | ||
| + | path: "/cephfs/abyss/shared" | ||
| + | type: Directory | ||
| + | - name: cephfs-datasets | ||
| + | hostPath: | ||
| + | path: "/cephfs/abyss/datasets" | ||
| + | type: Directory | ||
| + | </syntaxhighlight> | ||
| − | + | Note: from Kubernetes, you typically only need read-only access to the registry to pull the images. For your convenience, a secret which gives read-only access to the full registry is already present in your namespace by default. The name of this secret is "registry-ro-login". If you use it, you can skip the step of generating your own secret. | |
Latest revision as of 12:47, 17 July 2024
With the CCU login, you can also access the docker registry on our server. You need this in order to distribute your containers (program code) to the GPU cluster. Think about a registry as a globally available collection of program containers, which can be accessed by everyone in the CCU. You can for example freely pull any container which was created by someone else, make modifications to it, and republish it in your own account. Since a container brings all its dependencies with it, it is guaranteed to run on every system. Thus, you never need to think about for example which drivers or CUDA version is actually installed on a cluster node.
Pushing images to the CCU registry
To check whether your login works and make the CCU registry known to your docker installation, simply run
docker login ccu-k8s.inf.uni-konstanz.de:32250
The registry is exposed on the standard port 32250, and it will ask for your CCU username and password. After this, you will be able to push your own images to the registry.
Example on how to push a specific image
Test the successful connection out now:
docker pull busybox
This will pull the simple example image busybox (a minimalistic Linux) from the default docker registry, the Docker hub, which has tons of useful base images for almost anything you might ever need.
In order to "rebrand" this example and publish it under your own account on the CCU registry, you need to tag it with a new name:
docker tag busybox ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is
Note that you are only allowed to upload images in a subdirectory named after your login.
Finally, push the image to the CCU registry:
docker push ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is
Pulling images into the GPU cluster
To be able to use your customized image in our GPU cluster, first you have to verify that you have a secret configured to the CCU repository.
After establishing the login with docker, you should have config.json file created in your docker directory, in an Ubuntu installation:
/home/<Your_Ubuntu_Username>/.docker/config.json
In order to create a secret using your login information, type:
kubectl create secret generic <A_Name_For_Your_Secret> --from-file=.dockerconfigjson=/home/<Your_Ubuntu_Username>/.docker/config.json --type=kubernetes.io/dockerconfigjson
You can check it succeeded by running:
kubectl get secrets
NAME TYPE DATA AGE
<A_Name_For_Your_Secret> kubernetes.io/dockerconfigjson 1 17d
Now, whenever you are submitting a pod or a job you should reference your secret at container level of your yaml file:
apiVersion: v1
kind: Pod
metadata:
name: busybox-test-pod
spec:
containers:
- name: busybox
image: ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is
command: ["sleep", "1d"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 1
memory: 1Gi
volumeMounts:
- mountPath: /abyss/home
name: cephfs-home
readOnly: false
- mountPath: /abyss/shared
name: cephfs-shared
readOnly: false
- mountPath: /abyss/datasets
name: cephfs-datasets
readOnly: true
imagePullSecrets: #Secret to your repository here
- name: <A_Name_For_Your_Secret> #Name you have chosen for your secret
volumes:
- name: cephfs-home
hostPath:
path: "/cephfs/abyss/home/<your-username>"
type: Directory
- name: cephfs-shared
hostPath:
path: "/cephfs/abyss/shared"
type: Directory
- name: cephfs-datasets
hostPath:
path: "/cephfs/abyss/datasets"
type: Directory
Note: from Kubernetes, you typically only need read-only access to the registry to pull the images. For your convenience, a secret which gives read-only access to the full registry is already present in your namespace by default. The name of this secret is "registry-ro-login". If you use it, you can skip the step of generating your own secret.
