| copyright |
|
||
|---|---|---|---|
| lastupdated | 2017-08-14 |
{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:download: .download}
Creating a {{site.data.keyword.registryshort_notm}} token for a {{site.data.keyword.Bluemix_notm}} Dedicated image registry
{: #cs_dedicated_tokens}
Create a non-expiring token to use an image registry with clusters that you used for single and scalable groups. {:shortdesc}
-
Log in to the {{site.data.keyword.Bluemix_short}} Dedicated environment.
bx login -a api.<dedicated_domain>{: pre}
-
Request an
oauth-tokenfor the current session and save it as a variable.OAUTH_TOKEN=`bx iam oauth-tokens | awk 'FNR == 2 {print $3 " " $4}'`{: pre}
-
Request the ID of the org for the current session and save it as a variable.
ORG_GUID=`bx iam org <org_name> --guid`{: pre}
-
Request a permanent registry token for the current session. Replace <dedicated_domain> with the domain for your {{site.data.keyword.Bluemix_notm}} Dedicated environment. This token grants access to the images in the current namespace.
curl -XPOST -H "Authorization: ${OAUTH_TOKEN}" -H "Organization: ${ORG_GUID}" https://registry.<dedicated_domain>/api/v1/tokens?permanent=true{: pre}
Output:
{ "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2MzdiM2Q4Yy1hMDg3LTVhZjktYTYzNi0xNmU3ZWZjNzA5NjciLCJpc3MiOiJyZWdpc3RyeS5jZnNkZWRpY2F0ZWQxLnVzLXNvdXRoLmJsdWVtaXgubmV0" }{: screen}
-
Verify the Kubernetes secret.
kubectl describe secrets{: pre}
You can use this secret to work with IBM {{site.data.keyword.Bluemix_notm}} Container Service.
-
Create the Kubernetes secret to store your token information.
kubectl --namespace <kubernetes_namespace> create secret docker-registry <secret_name> --docker-server=<registry_url> --docker-username=token --docker-password=<token_value> --docker-email=<docker_email>{: pre}
Table 1. Understanding this command's components 
Understanding this command's components--namespace <kubernetes_namespace>Required. The Kubernetes namespace of your cluster where you want to use the secret and deploy containers to. Run kubectl get namespacesto list all namespaces in your cluster.<secret_name>Required. The name that you want to use for your imagePullSecret. --docker-server <registry_url>Required. The URL to the image registry where your namespace is set up: registry.<dedicated_domain> --docker-username <docker_username>Required. The user name to log in to your private registry. --docker-password <token_value>Required. The value of your registry token that you retrieved earlier. --docker-email <docker-email>Required. If you have one, enter your Docker email address. If you do not have one, enter a fictional email address, as for example a@b.c. This email is mandatory to create a Kubernetes secret, but is not used after creation. -
Create a pod that references the imagePullSecret.
-
Open your preferred editor and create a pod configuration script that is named mypod.yaml.
-
Define the pod and the imagePullSecret that you want to use to access the registry. To use a private image from a namespace:
apiVersion: v1 kind: Pod metadata: name: <pod_name> spec: containers: - name: <container_name> image: registry.<dedicated_domain>/<my_namespace>/<my_image>:<tag> imagePullSecrets: - name: <secret_name>{: codeblock}
Table 2. Understanding the YAML file components Understanding the YAML file components<pod_name>The name of the pod that you want to create. <container_name>The name of the container that you want to deploy to your cluster. <my_namespace>The namespace where your image is stored. To list available namespaces, run `bx cr namespace-list`. <my_image>The name of the image that you want to use. To list available images in a {{site.data.keyword.Bluemix_notm}} account, run bx cr image-list.<tag>The version of the image that you want to use. If no tag is specified, the image that is tagged latest is used by default. <secret_name>The name of the imagePullSecret that you created earlier. -
Save your changes.
-
Create the deployment in your cluster.
kubectl apply -f mypod.yaml{: pre}
-
