Login to Docker registries
Login to an external container registry can be helpful to pull private images, or increase the DockerHub pull limitations.
You will need to create a secret in your project, then link it to the default service account of this project.
We detail here the process for UM Container registry, GitHub Container Registry and Docker Hub, but the process is similar for any other container registry (e.g. quay.io)
UM Container registry
You need to be connected to the UM network to access this container registry.
This container registry is available at UM Container registry. Here you can login using your UM credentials by clicking on the "Login via OIDC provider"
You don't need to follow the steps below if you are using one of the Public projects. These are available without credentials.
Logging in with Docker CLI
- Go to UM Container registry, click on your username in the top right corner followed by clicking on User Profile. Click on the Copy icon.
- Login with your credentials:
docker login cr.icts.unimaas.nl
(Username)
(Copied in Step 1)
Using a Proxy Cache
- Go to UM Container registry, look for a project of type Proxy Cache. For each of the mayor registries we created a Proxy Cache. Remember the project name, for example dockerhub.
- On the DSRI you can deploy an image like in this example:
The same concept can be applied using the docker CLI
docker pull cr.icts.unimaas.nl/dockerhub/ubuntu:22.04
Creating your own project
Go to UM Container registry, click on + NEW PROJECT. Fill in the details of project name and Access Level (preferred method is to leave the checkbox unchecked).
Click OK
Using your own user
Go to UM Container registry, click on your username in the top right corner followed by clicking on User Profile. Click on the Copy icon.
Create a secret to login to UM Harbor Container Registry in your project:
oc create secret docker-registry um-harbor-secret --docker-server=cr.icts.unimaas.nl --docker-username=<UM username> --docker-password=<copied in step 1>
- Link the login secret to the default service account:
oc secrets link default um-harbor-secret --for=pull
Using a robot account
Go to UM Container registry, click on your project if you already created one.
Click on the tab Robot Accounts
Click on New Robot Account
Create the Robot account to your liking
Copy the secret or export it
Create a secret to login to UM Harbor Container Registry in your project:
oc create secret docker-registry um-harbor-secret --docker-server=cr.icts.unimaas.nl --docker-username=<robot account name> --docker-password=<copied or exported in step 5>
- Link the login secret to the default service account:
oc secrets link default um-harbor-secret --for=pull
GitHub Container Registry
Go to GitHub Settings, and create a Personal Access Token (PAT) which will be used as password to connect to the GitHub Container Registry
Create a secret to login to GitHub Container Registry in your project:
oc create secret docker-registry github-ghcr-secret --docker-server=ghcr.io --docker-username=<github-username> --docker-password=<github-personal-access-token> --docker-email=<email-address>
- Link the login secret to the default service account:
oc secrets link default github-ghcr-secret --for=pull
DockerHub
Login with DockerHub also increase the DockerHub limitations to pull images in your project
- Create a secret to login to DockerHub in your project:
oc create secret docker-registry dockerhub-secret --docker-server=docker.io --docker-username=<dockerhub-username> --docker-password=<dockerhub-password> --docker-email=<email-address>
- Link the login secret to the default service account:
oc secrets link default dockerhub-secret --for=pull