By odorakel
Hey guys,
does anybody have a glue how to set up the new DigitalOcean Private Docker Registry with CI/CD of Gitlab CE?
I currently use Gitlab CE CI/CD to deploy application(s) onto my DigitalOcean Kubernetes Cluster, but I would now also to integrate this new Docker Container Registry of DO. Currently using a private registry, which is on my Gitlab CE droplet - but I’m facing performance issues from time to time.
Please let me know, if someone is having a solution.
DO rocks - incredible the range of products which they provide by now …a couple of years ago it was only droplets and dns :)
Thanks, Olli
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi Olli,
Thanks for your questions!
In order to setup any CI/CD job to push or pull images from a private DO container registry, you first need to have the docker credentials for authentication. Here’s a simple way of authenticating the docker client to interact with the DigitalOcean Container registry:
- Obtain an API token from the DigitalOcean control panel by navigating to the API section. Copy and store the generated token to be used later.
- Before the docker push/pull job in the Gitlab CI config, execute
docker login -u <API_TOKEN> -p <API_TOKEN> registry.digitalocean.com. The API token can be passed as a secret or an environment variable.
For a Kubernetes cluster to pull images from the private registry, you’d need to create a docker registry Secret in the cluster with the docker config. Here’s how you can set up the secret in the namespace of your choice:
kubectl create secret docker-registry \
docr \
--docker-server=https://registry.digitalocean.com/v2/ \
--docker-username=API_TOKEN \
--docker-password=API_TOKEN
Once you create the above secret, you can specify the imagePullSecrets configuration in the pod spec like below:
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: <your-private-image>
imagePullSecrets:
- name: docr
If you would like all pods in the namespace to pull from DOCR, then, you can specify the imagePullSecrets configuration on the default service account in that namespace:
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: default
imagePullSecrets:
- name: docr
If you’re familiar with doctl and have it setup as part of your CI environment, this post walks you through authenticating with DOCR using doctl and setting up your Kubernetes cluster to work with DOCR. We are currently working on providing a simpler way to pull images from DOCR onto your Kubernetes clusters and this will be made available soon.
The Gitlab documentation has a Requirements section which specifies the resource limits for the droplet and how much memory and CPU to allocate for the droplet. If you have already done this and are still experiencing problems with the droplet, I suggest reaching out to support@digitalocean.com and specifying the problems you’re facing in detail.
Thank you for using DigitalOcean. Hope this helps!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.