Re: Running Docker private images on CF
Eric Malm <emalm@...>
Hi, Dharmi,
toggle quoted messageShow quoted text
In order to run private docker images (that is, ones that require user/password/email authentication with the registry), you'll have to stage them into the optional diego-docker-cache deployed alongside Diego. The BOSH release is located at https://github.com/cloudfoundry-incubator/diego-docker-cache-release. If you've already deployed Diego using the spiff-based manifest-generation templates in diego-release, the deployment for this release should be similar. If you deploy the caching registry release without TLS enabled or enabled but with a self-signed certificate, Diego should then be configured with the URL "docker-registry.service.cf.internal:8080" supplied in the diego.garden-linux.insecure_docker_registry_list property, and diego.stager.insecure_docker_registry set to 'true', as you can see in https://github.com/cloudfoundry-incubator/diego-docker-cache-release/blob/develop/stubs-for-diego-release/bosh-lite-property-overrides.yml . Once that release is deployed, you can follow the instructions at https://github.com/cloudfoundry-incubator/diego-docker-cache-release#caching-docker-image-with-diego to stage your image into the cache, which should be as simple as setting the DIEGO_DOCKER_CACHE env var to 'true' on your app before staging it. When you start the app, Diego will then instruct Garden to pull the image from the internal caching registry rather than from the remote registry you staged it from. This has the added benefit of ensuring that you're always running exactly the Docker image you staged, rather than something that may have changed in the remote registry. Thanks, Eric, CF Runtime Diego PM
On Tue, Aug 11, 2015 at 9:32 AM, dharmi <dharmi(a)gmail.com> wrote:
We have CF v214 with Diego deployed on AWS.
|
|