Spin Up Notebooks with Image from Private Registry

This guide will walk you through enabling Jupyter Web App (JWA) to create Notebooks using images pulled from a private registry.

See also

If you want to configure cluster-wide access to a private registry, head to Set Up Cluster-Wide Authenticated Access to a Docker Registry.

What You’ll Need

Procedure

  1. Log in to Docker:

    root@rok-tools:~# docker login Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one. Username: user Password:
  2. Logging in to Docker will create or update a config.json file that holds an authorization token. View the file and verify it has the correct format, based on the example output below:

    root@rok-tools:~# cat ~/.docker/config.json { "auths": { "https://index.docker.io/v1/": { "auth": "c3R...zE2" } } }
  3. Create a Secret based on your existing Docker credentials:

    root@rok-tools:~# kubectl create secret generic regcred \ > --from-file=.dockerconfigjson=.docker/config.json \ > --type=kubernetes.io/dockerconfigjson secret/regcred created
  4. Inspect the Secret to verify that it was created:

    root@rok-tools:~# kubectl get secret regcred --output=yaml
  5. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  6. Create a PodDefault using the previously created Secret as imagePullSecret:

    apiVersion: kubeflow.org/v1alpha1 kind: PodDefault metadata: name: access-prv-registry spec: desc: Allow access to private registry selector: matchLabels: registry-pull-secret: "true" imagePullSecrets: - name: regcred # < -- Update this line with the name of your Secret.

    Note

    Notice the selector.matchLabels field, this PodDefault will be applied to every Pod that contains the label registry-pull-secret: "true" in its spec. Jupyter Web App will now show this new PodDefault in the “Configurations” section.

  7. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Allow pulling private images when creating Notebooks"

    Note

    You must also commit both Secret and PodDefault in your GitOps repository.

  8. Apply the kustomization:

    root@rok-tools:~/ops/deployments# rok-deploy --apply kubeflow/manifests/apps/jupyter/jupyter-web-app/upstream/overlays/deploy
  9. (Optional) Follow the Extend List of JWA Preselected Configurations guide to make this PodDefault selected by default for newly created Notebooks.

Summary

You have successfully enabled spinning up Notebooks using images from a private registry.

What’s Next

Check out the rest of the operations you can perform on your Kubeflow deployment.