Re: Running Docker private images on CF

Home Messages Hashtags Subgroups

#1204

Re: Running Docker private images on CF

Eric Malm <emalm@...> #1204 Hi, Dharmi, In order to run private docker images (that is, ones that require user/password/email authentication with the registry), you'll have to stage them into the optional diego-docker-cache deployed alongside Diego. The BOSH release is located at https://github.com/cloudfoundry-incubator/diego-docker-cache-release. If you've already deployed Diego using the spiff-based manifest-generation templates in diego-release, the deployment for this release should be similar. If you deploy the caching registry release without TLS enabled or enabled but with a self-signed certificate, Diego should then be configured with the URL "docker-registry.service.cf.internal:8080" supplied in the diego.garden-linux.insecure_docker_registry_list property, and diego.stager.insecure_docker_registry set to 'true', as you can see in https://github.com/cloudfoundry-incubator/diego-docker-cache-release/blob/develop/stubs-for-diego-release/bosh-lite-property-overrides.yml . Once that release is deployed, you can follow the instructions at https://github.com/cloudfoundry-incubator/diego-docker-cache-release#caching-docker-image-with-diego to stage your image into the cache, which should be as simple as setting the DIEGO_DOCKER_CACHE env var to 'true' on your app before staging it. When you start the app, Diego will then instruct Garden to pull the image from the internal caching registry rather than from the remote registry you staged it from. This has the added benefit of ensuring that you're always running exactly the Docker image you staged, rather than something that may have changed in the remote registry. Thanks, Eric, CF Runtime Diego PM toggle quoted messageShow quoted text On Tue, Aug 11, 2015 at 9:32 AM, dharmi <dharmi(a)gmail.com> wrote: We have CF v214 with Diego deployed on AWS. I am able to successfully create apps from Docker public repo, as per the apidocs <http://apidocs.cloudfoundry.org/214/apps/creating_an_app.html> , but, while creating apps from the Docker private repos, I see the below error from 'cf logs' when starting the app. [API/0] OUT Updated app with guid bcb8f363-xyz ({"route"=>"5af6948b-xyz"}) [API/0] OUT Updated app with guid bcb8f363-xyz ({"state"=>"STARTED"}) [STG/0] OUT Creating container [STG/0] OUT Successfully created container [STG/0] OUT Staging... [STG/0] OUT Staging process started ... [STG/0] ERR Staging process failed: Exit trace for group: [STG/0] ERR builder exited with error: failed to fetch metadata from [:dockerid/go-app] with tag [latest] and insecure registries [] due to HTTP code: 404 [STG/0] OUT Exit status 2 [STG/0] ERR Staging Failed: Exited with status 2 [API/0] ERR Failed to stage application: staging failed cf curl command for reference. cf curl /v2/apps -X POST -H "Content-Type: application/json" -H "Authorization: bearer accessToken" -d ' {"name": "myapp", "space_guid": "71b22eba-xyz", "docker_image": ":dockerid/go-app", "diego": true, "docker_credentials_json": {"docker_login_server": "https://index.docker.io/v1/", "docker_user": ":dockerid", "docker_password": ":dockerpwd", "docker_email": ":email" } }' Looking at the apidocs, the 'Example value' for 'docker_credentials_json' indicates a Hash value (#<RspecApiDocumentation::Views::HtmlExample:0x0000000bb883e0>), but looking inside the code, we found the below JSON format. let(:docker_credentials) do { docker_login_server: login_server, docker_user: user, docker_password: password, docker_email: email } Pls correct me if I am missing something. Thanks, Dharmi -- View this message in context: http://cf-dev.70369.x6.nabble.com/Running-Docker-private-images-on-CF-tp1148.html Sent from the CF Dev mailing list archive at Nabble.com. attachment.html
More All Messages By This Member

View All 6 Messages In Topic

#1204

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms