Tuesday, 22 January 2019

Pushing Docker images to IBM Cloud Private

As part of an ongoing journey of discovery, I was trying - and failing - to push a Docker image to the Docker registry that's part of the IBM Cloud Private cluster.

Having logged in ( this on the ICP Master/Management node, using the default - and very insecure - credentials ) : -

docker login mycluster.icp:8500 -u admin -p admin
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

I then attempted to push an image: -

docker push mycluster.icp:8500/daveh/docker-whale

The push refers to repository [mycluster.icp:8500/daveh/docker-whale]
b978ff7f6d77: Preparing 
75cb9f6a9a68: Preparing 
5393f225a933: Preparing 
7bff100f35cb: Preparing 
unauthorized: authentication required

After much fiddling - and reading up on the subject - I realised where I was going wrong.

From the docs: -

Users are assigned to organizational units called namespaces.

Namespaces are also known as tenants or accounts. In IBM® Cloud Private, users are assigned to teams. You can assign multiple namespaces to a team. Users of a team are members of the team's namespaces.

An IBM Cloud Private namespace corresponds to a single namespace in Kubernetes. All deployments, pods, and volumes that are created in a single namespace, belongs to the same Kubernetes namespace.

The default namespace is available when you install IBM Cloud Private. The default namespace is assigned to all the super administrators in a cluster. The default namespace must not be deleted.

Source: Namespaces

Therefore, given that I'm logging in as admin, I need to target the default namespace.

This I did: -

docker tag docker-whale:latest mycluster.icp:8500/default/docker-whale:latest
docker push mycluster.icp:8500/default/docker-whale:latest

which returned: -

The push refers to repository [mycluster.icp:8500/default/docker-whale]
6761c00f4fed: Pushed 
eb264472db3a: Pushed 
9deed7976b27: Pushed 
7bff100f35cb: Pushed 
latest: digest: sha256:30f760b9716fdd5bc61ad7006a520862bf0ef2d653b8cb63d00e1c149ce8091b size: 1154

For the record, Whalesay is the first Docker image that I ever used - same for everyone - and I grabbed the Dockerfile etc from here: -

git clone https://github.com/docker/whalesay.git

and built it: -

cd whalesay/
docker build -t docker-whale .

This was also of great use: -


Unknown said...

Thanks for the information!!

Ragu Kattinakere said...

Good one - thank you

Encrypted container images for container image security at rest

From IBM, we have this: - Ensure the confidentiality of data and code in container images This article addresses a remaining security...