Using Docker Image Registry

Razorops needs access to the Image Registry to push or pull the build Image. Build is done when you define a task of type: build in configuration. In this task you specify the Image Registry url as provided by the Registry Providers. Before we use the Docker Image from any source Registry, we need to authenticate the source Registry to Razorops by providing respective authentication secrets like access keys, or username/password etc from Image Registries. These authentication secrets are stored as kubernetes secrets so they are safe. When pipeline is triggered, these secrets are automatically incorporated for your defined pipeline in the configuration file .razorops.yaml. For more detail about read .razorops.yaml

Registry Authentication

Login to Razorops and go to Integration tab as follow.

Sample

You can link Docker hub, Quay.io, Self-hosted, GCR, AWS Elastic Registry.

Connect with Docker hub

Click on Connect button under Docker/Quay.io/Self-hosted/Azure tab . This step is required only for private registries.

Sample

url: https://index.docker.io/v1/
Username: Docker ID
Password: Docker password

Docker ID and Docker password are the ID and password which you use to sign-in docker hub. These secrets are kept kubernetes secrets and get invoked when configured pipeline executes.

Please note that if you are using public images, then above steps can be skipped.

Connect with Quay.io

To authenticate Quay.io, you need to create a robot account on Quay.io with the require permissions for your Quay repository. Please see the documentation Quay Robot Account to create the robot account.

Below is the example of setting up authentication for Quay.io

url: https://quay.io/v1/
Username: Robot Account Name
Password: password ThePasswordGeneratedInTheAdminPanelOfQuay

Robot Account Name is 'quay.io username that you have set' + 'name provided to create the robot account'. Password is encrypted password generated in the dashboard of Quay.

Self-Hosted Registry

For self hosted registry, url, username and password is defined by your system.

url: Name.azurecr.io
Username: Admin username of Registry
Password: Password associated with above admin user

Connect with Google Container Registry

Click on Google Container Registry, fill the form and save.

Service Account Key: Your Service Account key
URL: gcr.io

Connect with AWS ECR

Click on AWS Elastic Container Registry, fill the asked details and save.

AWS Access Key: Your AWS access key
AWS Secret Key: Your AWS Secret Key
AWS Region for Registry: Region name

All the keys are stored as kubernetes secret so your secrets are safe.

Lets create .razorops.yaml file for our project now. This file should be created at root directry of your project.

.razorops.yaml file will be same for all the cases. Only the image url will change as per respective registries.

Docker Hub

tasks:
  build-image:
    type: build
    image: username/repositry_name
    tags: ["${CI_COMMIT_SHA}", "latest"]
    push: true

  deploy-k8s:
    type: deploy
    cluster: k8s_cluster
    commands:
      - kubectl -n lms set image deployment.v1.apps/web web=username/repository_name:$CI_COMMIT_SHA

  workflow:
    - name: production
      tasks: [build-image, deploy-k8s]
      when: branch == "master"

GCR

tasks:
  build-image:
    type: build
    image: gcr.io/razorops/demo
    tags: ["${CI_COMMIT_SHA}", "latest"]
    push: true

  deploy-k8s:
    type: deploy
    cluster: k8s_cluster
    commands:
      - kubectl -n lms set image deployment.v1.apps/web web=gcr.io/razorops/demo:$CI_COMMIT_SHA

  workflow:
    - name: production
      tasks: [build-image, deploy-k8s]
      when: branch == "master"

AWS ECR

tasks:
  build-image:
    type: build
    image: AWS_ACCOUNT_NUMBER.dkr.ecr.AWS_REGION.amazonaws.com/repository_name
    tags: ["${CI_COMMIT_SHA}", "latest"]
    push: true

  deploy-k8s:
    type: deploy
    cluster: k8s_cluster
    commands:
      - kubectl -n lms set image deployment.v1.apps/web web=AWS_ACCOUNT_NUMBER.dkr.ecr.AWS_REGION.amazonaws.com/repository_name:$CI_COMMIT_SHA

  workflow:
    - name: production
      tasks: [build-image, deploy-k8s]
      when: branch == "master"

if repositry_name is defined with namespaces then it should be mentioned in the image reference.

  push: true

push:true is used if you want to push the image to the registry.

You can separate out the task of pushing the image to registry according to your need if any conditional checks are required.