Organizations can use private repositories from Docker Hub, AWS, GCP, or Azure for Valohai executions.
Private Docker registries are available only to projects that are owned by an organization or team. Personal projects don’t have access to private repositories.
Create a service account in GCP
Container Registry uses Cloud Storage buckets as their storage for your images. You control access to your images by granting appropriate Cloud Storage permissions to identities.
- Create a new service account under your Google Cloud project that contains the registry
- Add
Service Account Token Creator
role so it can create temporary tokens for itself - Allow the service account to access the registry:
- Go to https://console.cloud.google.com/storage/browser (Cloud Storage listing)
- Find and click the bucket that hosts your Container Registry images, it’s in format
<OPTIONAL_REGION>.artifacts.<PROJECT_ID>.appspot.com
- Click Permissions
- Click Add members
- Search for the service account using the full ID (the one that looks like an email)
- Add role
Storage Object Viewer
if pulling orStorage Admin
if pulling and pushing - Click Save
-
Download the service account JSON to use in Valohai
Add credentials to Valohai
- Login at https://app.valohai.com
- Navigate to
Hi,<name> (the top right menu) > Manage <organization>
- Go to Registries under the organization controls
- Add a new entry
- Insert the match pattern in the format of
<domain>/<owner-and-or-repository>/*
e.g.gcr.io/my-project/*
gcr.io/my-project/my-registry:*
- Choose your registry type and provide the access credentials generated in the first step
- Use the full name of the tagged container (e.g.
docker.io/myusername/name:tag
) when defining the image in yourvalohai.yaml
Comments
0 comments
Please sign in to leave a comment.