How to set up DigitalOcean Private Container Registry & Gitlab CE CI/CD

Question

Hey guys,

does anybody have a glue how to set up the new DigitalOcean Private Docker Registry with CI/CD of Gitlab CE?

I currently use Gitlab CE CI/CD to deploy application(s) onto my DigitalOcean Kubernetes Cluster, but I would now also to integrate this new Docker Container Registry of DO. Currently using a private registry, which is on my Gitlab CE droplet - but I’m facing performance issues from time to time.

Please let me know, if someone is having a solution.

DO rocks - incredible the range of products which they provide by now …a couple of years ago it was only droplets and dns :)

Thanks, Olli

varsha · Answer

Hi Olli,

Thanks for your questions!

In order to setup any CI/CD job to push or pull images from a private DO container registry, you first need to have the docker credentials for authentication. Here’s a simple way of authenticating the docker client to interact with the DigitalOcean Container registry:

Obtain an API token from the DigitalOcean control panel by navigating to the API section. Copy and store the generated token to be used later.
Before the docker push/pull job in the Gitlab CI config, execute docker login -u <API_TOKEN> -p <API_TOKEN> registry.digitalocean.com. The API token can be passed as a secret or an environment variable.

For a Kubernetes cluster to pull images from the private registry, you’d need to create a docker registry Secret in the cluster with the docker config. Here’s how you can set up the secret in the namespace of your choice:

kubectl create secret docker-registry \
        docr \
        --docker-server=https://registry.digitalocean.com/v2/ \
        --docker-username=API_TOKEN \
        --docker-password=API_TOKEN

Once you create the above secret, you can specify the imagePullSecrets configuration in the pod spec like below:

apiVersion: v1
kind: Pod
metadata:
  name: private-reg
spec:
  containers:
  - name: private-reg-container
    image: <your-private-image>
  imagePullSecrets:
  - name: docr

If you would like all pods in the namespace to pull from DOCR, then, you can specify the imagePullSecrets configuration on the default service account in that namespace:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: default
imagePullSecrets:
- name: docr

If you’re familiar with doctl and have it setup as part of your CI environment, this post walks you through authenticating with DOCR using doctl and setting up your Kubernetes cluster to work with DOCR. We are currently working on providing a simpler way to pull images from DOCR onto your Kubernetes clusters and this will be made available soon.

The Gitlab documentation has a Requirements section which specifies the resource limits for the droplet and how much memory and CPU to allocate for the droplet. If you have already done this and are still experiencing problems with the droplet, I suggest reaching out to support@digitalocean.com and specifying the problems you’re facing in detail.

Thank you for using DigitalOcean. Hope this helps!

Related

Question

How to set up DigitalOcean Private Container Registry & Gitlab CE CI/CD

Related