Getting Started with CloudRaya Container Registry

How can we help?
< All Topics
Print

Getting Started with CloudRaya Container Registry

As developers increasingly leverage containers to build and deploy applications, they face growing egress charges when pulling images from external repositories. This can significantly impact their budgets and hinder their agility.

Recognizing this challenge, CloudRaya is committed to providing cost-effective solutions. We’re excited to introduce the CloudRaya Container Registry (CCR), directly addressing this core need within our cloud environment.

Building upon the success of KubeRaya, our Kubernetes as a Service (KaaS), CloudRaya takes the next step in empowering developers with a centralized and secure container image management solution.

Key Benefit

With CCR, we offer a secure, private, and highly available registry built specifically for your containerized application needs. This allows you to:

  • Minimize egress costs: Mitigate egress costs by storing and accessing images internally, reducing external pulls from external container image registry.
  • Performance Boost: Enjoy faster application deployments and scaling with local image access.
  • Enhance security: Gain greater control over your container images and reduce reliance on external sources.
  • Ensure compliance and governance: Maintain adherence to data and application regulations with internal image management.
  • Scale seamlessly: Scale your registry alongside your Kubernetes workloads for uninterrupted service.
  • Increase operational efficiency: Streamline workflows and reduce operational overhead with a unified solution.

Getting Started

Accessing & Exploring the CCR

Once you are logged into the CloudRaya User panel, on the left of the dashboard, navigate to the ‘Resources Container Registry‘ menu.

The CCR dashboard provides an overview of your container image activities, including:

  1. The total number of repositories created and total storage space used.
  2. Instructions on how to push container images to the CCR.
  3. Setting for Image Security & Control.
  4. The list of Repositories you have build.
  5. Your CCR credentials, which you can use to authenticate with the registry.

Building, Tagging, and Pushing a Container Image

This guide walks you through building, tagging, and pushing your first container image to the CloudRaya Container Registry (CCR).

What is a repository?

A repository is a container within the CCR where you store your container images. The CCR currently supports Docker images, Helm charts, CNAB bundles, and OPA bundles. Each time you push or pull an image, you’ll specify the project URL and the repository name.

Steps

It only takes a few simple steps to build and push our first Container Image to CloudRaya.

Log in to your machine and make sure you have installed Docker.

				docker login registry.cloudraya.com --username=[CCR_USERNAME]
			

Log in to your registry. Enter your password when prompted. You can find the username and password at the bottom of the “List Repositories” page in your CCR dashboard.

Navigate to the folder containing your application and Dockerfile

				docker build -t [MY_PROJECT]:[TAG] .
			

Build your Docker image. Replace MY_PROJECT with the name of your desired Docker file and :TAG with an optional tag (e.g., latest).

				docker tag [MY_PROJECT]:[TAG] registry.cloudraya.com/[CCR_USERNAME]/[REPOSITORY]:[TAG]
			

After the build is completed, tag your image so you can push the image to the registry.

  • Replace MY_PROJECT and :TAG with the same values from the previous step.
  • Replace CCR_USERNAME with your username.
  • Replace REPOSITORY with the desired repository name in the CCR.

				docker push registry.cloudraya.com/[CCR_USERNAME]/[REPOSITORY]:[TAG]
			

Last, run the above command to push the image.

Congratulations! Your container image is now stored in the CCR. You can view it in the “List Repository” section and manage it through the CCR dashboard.

Additional notes:
You can also find these push commands by clicking the "View Push Command" button in the CCR dashboard.

Exploring Repository Details

Once you have created a repository and pushed container images to it, you can explore its details, including checking for image vulnerabilities to ensure the security of your containerized applications.

Setting for image security & control

CloudRaya Container Registry (CCR) provides two powerful features to enhance the security and integrity of your container images:

  • Tag immutability: This feature prevents images from being overwritten when pushed with the same tag, ensuring the consistency and reliability of your deployments.
  • Scan on push: This feature automatically scans images for vulnerabilities as soon as they are pushed to the registry, helping you identify and address potential security risks early in the development lifecycle.

Pulling Images from CCR

In this guide, we will test pulling container images on Docker and Kubernetes.

To Docker

The process of pulling images in Docker is more or less the same as the process of pushing images, as explained earlier. Ensure you are logged in to the machine where you want to pull the image. You can check the login status by running the following command:

				docker info
			

If you are not logged in, follow the instructions provided above.

 Then, pull an image from the registry using this example command:

				docker pull registry.cloudraya.com/[CCR_USERNAME]/[REPOSITORY]:[TAG]
			

Verify the image is pulled successfully. You can list all the images on your local machine using the following command:

				docker images
			

To Kubernetes

For more advanced activities, you can use the container images and deploy them to your Kubernetes cluster for better performance, scalability, and security. The process is relatively simple. First, log in to your Docker account using the command mentioned above previously.

To pull images from CloudRaya Container Registry (CCR) in Kubernetes, you need to set up a secret first. By default, Kubernetes is integrated with Docker Hub only.
For a more detailed guide on setting up the secret in Kubernetes, please visit the following link.

In the example below, we create a secret named regcred in the mini-article namespace. You can adjust this to match your needs:

				kubectl create secret docker-registry regcred --docker-server=registry.cloudraya.com --docker-username=[CCR_USERNAME] --docker-password=[CCR_PASS] -n mini-article
			

Verify that the token has been added to the secret by using this command:

				kubectl get secret regcred -n mini-article --output=yaml
			

Deploy your application using a YAML file. Add the secret information to the YAML file as highlighted below:

				apiVersion: apps/v1
kind: Deployment
metadata:
  name: mini-article-react-template
  namespace: mini-article
spec:
  replicas: 3
  selector:
    matchLabels:
      name: react
  template:
    metadata:
      name: mini-article-react-template
      labels:
        name: react
    spec:
      containers:
        - name: mini-article-react-template
          image: registry.cloudraya.com/ir-cr-tiyan-8/strapi:latest
          ports:
            - containerPort: 1337
      imagePullSecrets:
        - name: regcred

---
			

If everything goes well, you will be successful in running your previously containerized application.

Conclusion

In conclusion, CloudRaya Container Registry provides a robust platform for efficiently managing and storing your container images. By following this tutorial, you’ve gained the essential knowledge to leverage Container Registry effectively in your deployment workflow.

Table of Contents

Comments are closed.

Ready, Set, Cloud

Ready, Set, Cloud