Difference between revisions of "Tutorials:Link to container registry on our server"

From Collective Computational Unit
Jump to navigation Jump to search
m
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
With the CCU login, you can also access the docker registry on our server. You need this in order to distribute your containers (program code) to the GPU cluster. Think about a registry as a globally available collection of program containers, which can be accessed by everyone in the CCU. You can for example freely pull any container which was created by someone else, make modifications to it, and republish it in your own account. Since a container brings all its dependencies with it, it is guaranteed to run on every system. Thus, you never need to think about for example which drivers or CUDA version is actually installed on a cluster node.
 
With the CCU login, you can also access the docker registry on our server. You need this in order to distribute your containers (program code) to the GPU cluster. Think about a registry as a globally available collection of program containers, which can be accessed by everyone in the CCU. You can for example freely pull any container which was created by someone else, make modifications to it, and republish it in your own account. Since a container brings all its dependencies with it, it is guaranteed to run on every system. Thus, you never need to think about for example which drivers or CUDA version is actually installed on a cluster node.
 +
 +
=== Pushing images to the CCU registry ===
  
 
To check whether your login works and make the CCU registry known to your docker installation, simply run
 
To check whether your login works and make the CCU registry known to your docker installation, simply run
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
docker login ccu.uni-konstanz.de:5000
+
docker login ccu-k8s.inf.uni-konstanz.de:32250
 
</syntaxhighlight>
 
</syntaxhighlight>
  
The registry is exposed on the standard port 5000, and it will ask for your CCU username and password. After this, you can pull images from the registry and upload your own.
+
The registry is exposed on the standard port 32250, and it will ask for your CCU username and password. After this, you will be able to push your own images to the registry.
 
 
'''Note''': there have been three reports so far with problems during login, where the server reports a timeout while connecting. We are still investigating this issue. For some, it was fixed after logging into the university VPN, but this should in theory not be necessary.
 
  
 +
==== Example on how to push a specific image ====
 
Test the successful connection out now:
 
Test the successful connection out now:
  
Line 22: Line 23:
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
docker tag busybox ccu.uni-konstanz.de:5000/<your.username>/my_busybox
+
docker tag busybox ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 30: Line 31:
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
docker push ccu.uni-konstanz.de:5000/<your.username>/my_busybox
+
docker push ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is
 +
</syntaxhighlight>
 +
 
 +
=== Pulling images into the GPU cluster ===
 +
 
 +
To be able to use your customized image in our GPU cluster, first you have to verify that you have a ''secret'' configured to the CCU repository.
 +
 
 +
After establishing the login with docker, you should have config.json file created in your docker directory, in an Ubuntu installation:
 +
 
 +
<syntaxhighlight lang="bash">
 +
/home/<Your_Ubuntu_Username>/.docker/config.json
 
</syntaxhighlight>
 
</syntaxhighlight>
  
That's it. Everyone can now pull this image from the server and start it on any PC running docker which is logged into the CCU repository.
+
In order to create a secret using your login information, type:
 +
 
 +
<syntaxhighlight lang="bash">
 +
kubectl create secret generic <A_Name_For_Your_Secret>  --from-file=.dockerconfigjson=/home/<Your_Ubuntu_Username>/.docker/config.json --type=kubernetes.io/dockerconfigjson
 +
</syntaxhighlight>
 +
 
 +
You can check it succeeded by running:
 +
 
 +
<syntaxhighlight lang="bash">
 +
kubectl get secrets
 +
NAME                                TYPE                            DATA  AGE
 +
<A_Name_For_Your_Secret>            kubernetes.io/dockerconfigjson  1      17d
 +
</syntaxhighlight>
 +
 
 +
Now, whenever you are submitting a pod or a job you should reference your secret at container level of your yaml file:
 +
 
 +
<syntaxhighlight lang="bash">
 +
apiVersion: v1
 +
kind: Pod
 +
metadata:
 +
  name: busybox-test-pod
 +
spec:
 +
  containers:
 +
  - name: busybox
 +
    image: ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox  #change busybox to whatever the name of your custom container is
 +
    command: ["sleep", "1d"]
 +
    resources:
 +
      requests:
 +
        cpu: 100m
 +
        memory: 100Mi
 +
      limits:
 +
        cpu: 1
 +
        memory: 1Gi
 +
    volumeMounts:
 +
      - mountPath: /abyss/home
 +
        name: cephfs-home
 +
        readOnly: false
 +
      - mountPath: /abyss/shared
 +
        name: cephfs-shared
 +
        readOnly: false
 +
      - mountPath: /abyss/datasets
 +
        name: cephfs-datasets
 +
        readOnly: true
 +
  imagePullSecrets:                    #Secret to your repository here
 +
  - name: <A_Name_For_Your_Secret>      #Name you have chosen for your secret
 +
  volumes:
 +
    - name: cephfs-home
 +
      hostPath:
 +
        path: "/cephfs/abyss/home/<your-username>"
 +
        type: Directory
 +
    - name: cephfs-shared
 +
      hostPath:
 +
        path: "/cephfs/abyss/shared"
 +
        type: Directory
 +
    - name: cephfs-datasets
 +
      hostPath:
 +
        path: "/cephfs/abyss/datasets"
 +
        type: Directory
 +
</syntaxhighlight>
  
'''TODO: the following is not working yet.'''
+
Note: from Kubernetes, you typically only need read-only access to the registry to pull the images. For your convenience, a secret which gives read-only access to the full registry is already present in your namespace by default. The name of this secret is "registry-ro-login". If you use it, you can skip the step of generating your own secret.
You can verify that your image has been uploaded successfully by [http://ccu.uni-konstanz.de:8001 browsing the CCU registry here] and checking under your name.
 

Latest revision as of 12:47, 17 July 2024

With the CCU login, you can also access the docker registry on our server. You need this in order to distribute your containers (program code) to the GPU cluster. Think about a registry as a globally available collection of program containers, which can be accessed by everyone in the CCU. You can for example freely pull any container which was created by someone else, make modifications to it, and republish it in your own account. Since a container brings all its dependencies with it, it is guaranteed to run on every system. Thus, you never need to think about for example which drivers or CUDA version is actually installed on a cluster node.

Pushing images to the CCU registry

To check whether your login works and make the CCU registry known to your docker installation, simply run 

docker login ccu-k8s.inf.uni-konstanz.de:32250

The registry is exposed on the standard port 32250, and it will ask for your CCU username and password. After this, you will be able to push your own images to the registry.

Example on how to push a specific image

Test the successful connection out now: 

docker pull busybox

This will pull the simple example image busybox (a minimalistic Linux) from the default docker registry, the Docker hub, which has tons of useful base images for almost anything you might ever need.

In order to "rebrand" this example and publish it under your own account on the CCU registry, you need to tag it with a new name: 

docker tag busybox ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is

Note that you are only allowed to upload images in a subdirectory named after your login.

Finally, push the image to the CCU registry: 

docker push ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox #change busybox to whatever the name of your custom container is

Pulling images into the GPU cluster

To be able to use your customized image in our GPU cluster, first you have to verify that you have a secret configured to the CCU repository.

After establishing the login with docker, you should have config.json file created in your docker directory, in an Ubuntu installation: 

/home/<Your_Ubuntu_Username>/.docker/config.json

In order to create a secret using your login information, type: 

kubectl create secret generic <A_Name_For_Your_Secret>  --from-file=.dockerconfigjson=/home/<Your_Ubuntu_Username>/.docker/config.json --type=kubernetes.io/dockerconfigjson

You can check it succeeded by running: 

kubectl get secrets
NAME                                 TYPE                             DATA   AGE
<A_Name_For_Your_Secret>             kubernetes.io/dockerconfigjson   1      17d

Now, whenever you are submitting a pod or a job you should reference your secret at container level of your yaml file: 

apiVersion: v1
kind: Pod
metadata:
  name: busybox-test-pod
spec:
  containers:
  - name: busybox
    image: ccu-k8s.inf.uni-konstanz.de:32250/<your.username>/my_busybox  #change busybox to whatever the name of your custom container is
    command: ["sleep", "1d"]
    resources:
      requests:
        cpu: 100m
        memory: 100Mi
      limits:
        cpu: 1
        memory: 1Gi
    volumeMounts:
      - mountPath: /abyss/home
        name: cephfs-home
        readOnly: false
      - mountPath: /abyss/shared
        name: cephfs-shared
        readOnly: false
      - mountPath: /abyss/datasets
        name: cephfs-datasets
        readOnly: true
  imagePullSecrets:                     #Secret to your repository here
  - name: <A_Name_For_Your_Secret>      #Name you have chosen for your secret
  volumes:
    - name: cephfs-home
      hostPath:
        path: "/cephfs/abyss/home/<your-username>"
        type: Directory
    - name: cephfs-shared
      hostPath:
        path: "/cephfs/abyss/shared"
        type: Directory
    - name: cephfs-datasets
      hostPath:
        path: "/cephfs/abyss/datasets"
        type: Directory

Note: from Kubernetes, you typically only need read-only access to the registry to pull the images. For your convenience, a secret which gives read-only access to the full registry is already present in your namespace by default. The name of this secret is "registry-ro-login". If you use it, you can skip the step of generating your own secret.

Retrieved from "https://ccu.uni-konstanz.de:443/w/index.php?title=Tutorials:Link_to_container_registry_on_our_server&oldid=975"