If we take a look at evolution of computing in the industry, we see that a lot of enterprises are on a journey of cloud computing and containers that journey kind of covers a number of different technologies such as how the enterprises develop their products, their application architectures, how these applications are packaged and then where they are deployed whether on-prem or on cloud.
Many of these enterprises are moving more towards what we call a DevOps methodology, they are trying to iterate much faster, compete much faster and basically make their release cycles shorter so that they can introduce new versions of their applications much faster.
In a lot of cases, this goes hand in hand to what we call as microservices based application architectures where we are basically trying to break our bigger piece of applications components into smaller chunks of services so that we can update it independent of one another or maybe release it more often and not to bundle everything together which is basically very hard to manage.
Considering that, the most common way of packaging up and delivering those microservices is now with containers and we are going to get into that with more details as to what that means and why containers are the best way to do that and that goes hand in hand to the move to cloud as well.
The point here is that containers don’t stand alone, they are part of the bigger picture and kind of work in conjunction with a number of other things that are happening in enterprises, and most of the customers I talk to are in that phase where they are trying to evaluate their move to the cloud and get to that modern way of developing an application. Obviously different customers are at a different stage of maturity but that’s their journey, their ultimate goal, which is to increase overall productivity, better flexibility, and agility in their development model and to iterate at a faster rate.
In this article, I will talk about Container Registry or more specifically Oracle Managed Container Registry. An Oracle-managed registry that enables you to simplify your development to production workflow.
You can use OCIR as a private Docker registry for internal use, pushing and pulling Docker images to and from the Registry using the Docker V2 API and the standard Docker command line interface (CLI)
You can also use OCIR as a public Docker registry, enabling any user with internet access and knowledge of the appropriate URL to pull images
You can access Oracle Cloud Infrastructure using the Console (a browser-based interface) or the REST API. These are the advantages of using OCIR.
- High availability Docker v2 container registry service
- Full integration with OKE (Oracle managed Kubernetes Engine)
- Stores Docker Images in Private Repositories
- Automatic Org Image Layer De-duplication
- Co-located regionally with Container Engine for low latency Docker image deploys
- Automatic Image Layer De-duplication across an org
Pre-requisites for OCIR
To use registry service, the user must be either a part of the admin group or part of a group to which a policy grants the appropriate permissions.
- allow group acme-viewers to inspect repos in tenancy – Ability to see a list of all repositories in Oracle Cloud Infrastructure Registry belonging to the tenancy
- allow group acme-managers to manage repos in tenancy – Ability to perform any operation on any repository in Oracle Cloud Infrastructure Registry that belongs to the tenancy (Pull an image, push an image, create/delete repos etc.)
Note: repos are tenancy-level resources, policies controlling access to them need to go into the root compartment (i.e., the tenancy). A user needs to have an OCI username and auth token before being able to push/pull an image.
Repositories can be private or public. Any user with internet access and knowledge of the appropriate URL can pull images from a public repository in Oracle Cloud Infrastructure Registry.
Push/Pull images from OCIR
You use Docker CLI to push/pull images to repos in OCI. To authenticate to your Registry, you need to create an Auth Token for User and copy it.
docker login <region-code>.ocir.io
Your username should be in <tenancy_name>/<username> format. In the next step, provide the Auth Token.
You can download a new image or find images in your local repository to be pushed to OCIR and tag it appropriately in the format
docker tag nginx:latest fra.ocir.io/intprasenjits/nginx:latest
Now you can push your image to OCIR using the below command:
docker push fra.ocir.io/intprasenjits/nginx:latest
The user pulls an example image from Docker Hub, in this case, nginx. The user then pushes that image to the OCI Registry.
Now, back in the console, we can do a quick refresh and see the nginx image.
Pulling images from Registry for Kubernetes Deployments
In order to pull images that reside in Oracle Cloud Infrastructure Registry
- Create a Docker registry secret, containing the Oracle Cloud Infrastructure credentials to use when pulling the image.
- Specify the image to pull from Oracle Cloud Infrastructure Registry, including the repository location and the Docker registry secret to use, in the application’s manifest file.
- kubectl create secret docker-registry <secret-name> –docker-server=<region-code>.ocir.io –docker-username='<tenancy-name>/<oci-username>’ –docker-password='<oci-auth-token>’ –docker-email='<email-address>’
This is a 6 part Blog and here is the link for all articles.
Part 2 – Introduction to Oracle Managed Kubernetes Engine
Part 3 – Pre-req for Getting Started with Oracle Managed Kubernetes Engine
Part 4 – Creating a Kubernetes Cluster on OKE
Part 5 – Accessing a Kubernetes Cluster on OKE
Part 6 – Deploying an Application on OKE