Checkmark=facebooklinklinkedinOngoing indicator +Left-facing arrowRight-facing arrowCheckmarkDown-pointing chevronLeft-pointing chevronRight-pointing chevrontwitter

Using private images

Now that you know how to use datasets, you may want to use a private Docker image from a registry of your choice. For example, there are registries like Docker store and quay.io.

Run it on Nerdalize

To allow your private image to start on the Nerdalize cluster, you need to create what we call a ‘secret’. A secret can be one of two types: ‘opaque’ or ‘registry’. For now, we’ll focus on the registry secret type. This informs the Nerdalize cluster from which registry it should pull the private image and what credentials it should use.

For this example, we’ll use the quay.io registry. Keep in mind that the name of the secret needs to be a real registry name.

  1. Create a secret.

    $ nerd secret create quay.io --username=<quay-username> --password=<quay-password> --type=registry
    New Secret:
    Name:   quay.io
    Type:   kubernetes.io/dockerconfigjson
    

    Let’s unpack this:

    • nerd secret create tells the CLI to create a secret in the cluster.
    • quay.io specifies from which registry your private image should be pulled.
    • --username=<quay-username> --password=<quay-password> collects the credentials to be able to have access to your image.
    • --type=registry is an important parameter as it specifies which kind of secret should be created.

    If you want to create a secret for Docker Hub use index.docker.io:

    $ nerd secret create index.docker.io --username=<dockerhub-username> --password=<dockerhub-password> --type=registry
    
  2. List your secrets.

    $ nerd secret list
    SECRET NAME   TYPE
    quay.io       kubernetes.io/dockerconfigjson
    
  3. Start your workload.

    $ nerd workload start <your_image> \
    --input-dataset <dataset id> --instances=5
    Workload created with ID: caa9ffb86d65b70f8903
    
  4. Create your tasks, etc.

    Creating tasks, downloading output, etc. are exactly same as running a workload with a public image.

  5. If needed, delete your secret.

    $ nerd secret delete quay.io
    Secret successfully deleted
    

Great!

You’re now all set to use your private images. The Nerdalize cloud knows how to use secrets on its own, so it doesn’t matter if you’re using a public or a private image. You can always use the same commands.