Thanks for your questions!
In order to setup any CI/CD job to push or pull images from a private DO container registry, you first need to have the docker credentials for authentication. Here’s a simple way of authenticating the docker client to interact with the DigitalOcean Container registry:
- Obtain an API token from the DigitalOcean control panel by navigating to the API section. Copy and store the generated token to be used later.
- Before the docker push/pull job in the Gitlab CI config, execute
docker login -u <API_TOKEN> -p <API_TOKEN> registry.digitalocean.com. The API token can be passed as a secret or an environment variable.
For a Kubernetes cluster to pull images from the private registry, you’d need to create a docker registry Secret in the cluster with the docker config. Here’s how you can set up the secret in the namespace of your choice:
kubectl create secret docker-registry \
Once you create the above secret, you can specify the
imagePullSecrets configuration in the pod spec like below:
- name: private-reg-container
- name: docr
If you would like all pods in the namespace to pull from DOCR, then, you can specify the
imagePullSecrets configuration on the default service account in that namespace:
- name: docr
If you’re familiar with
doctl and have it setup as part of your CI environment, this post walks you through authenticating with DOCR using
doctl and setting up your Kubernetes cluster to work with DOCR. We are currently working on providing a simpler way to pull images from DOCR onto your Kubernetes clusters and this will be made available soon.
The Gitlab documentation has a
Requirements section which specifies the resource limits for the droplet and how much memory and CPU to allocate for the droplet. If you have already done this and are still experiencing problems with the droplet, I suggest reaching out to firstname.lastname@example.org and specifying the problems you’re facing in detail.
Thank you for using DigitalOcean. Hope this helps!