Quickstart: Using private images
Now that you know how to use datasets, you may want to use a private Docker image from a registry of your choice. For example, there are registries like Docker store and quay.io.
Run it on Nerdalize
To allow your private image to start on the Nerdalize cluster, you need to create what we call a ‘secret’. A secret can be one of two types: ‘opaque’ or ‘registry’. For now, we’ll focus on the registry secret type. This informs the Nerdalize cluster from which registry it should pull the private image and what credentials it should use.
For this example, we’ll use the quay.io registry. Keep in mind that the name of the secret needs to be a real registry name.
Create a secret
$ nerd secret create quay.io --name=<name> --password=<password> --type=registry New Secret: Name: quay.io Type: kubernetes.io/dockerconfigjson
Let’s unpack this:
nerd secret createtells the CLI to create a secret in the cluster.
quay.iospecifies from which registry your private image should be pulled.
--name=<name> --password=<password> --type=registrygives the right information to create the secret.
--name=<name> --password=<password>collects the credentials to be able to have access to your image.
--type=registryis an important parameter as it specifies which kind of secret should be created.
List your secrets
$ nerd secret list SECRET NAME TYPE quay.io kubernetes.io/dockerconfigjson
Start your workload
$ nerd workload start <your_image> \ --input-dataset <dataset id> --instances=5 Workload created with ID: caa9ffb86d65b70f8903
If needed, delete your secret
$ nerd secret delete quay.io Secret successfully deleted
From here the instructions are the same as in the the simple start. Indeed, the Nerdalize cloud knows how to use secrets on its own, so you can use the exact same commands.