Configuring the environment for service custom deployment
-
Create a Docker image in the project and install necessary dependencies in the build script. Build the image.
-
Create a secret with a password for your container registry.
If you are using a registry created in Yandex Container Registry, authenticate using the authorized key for the service account that has the required roles and is specified in the project settings:
-
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
-
Get authorized keys for your service account and save them to the
key.json
file:yc iam key create --service-account-name default-sa -o key.json
Result:
id: aje8a87g4eaj******** service_account_id: aje3932acde3******** created_at: "2019-05-31T16:56:47Z" key_algorithm: RSA_2048
-
Run this command:
cat key.json | docker login \ --username json_key \ --password-stdin \ cr.yandex
Where:
cat key.json
writes the contents of the key file to the output stream.--password-stdin
allows the password to be read from the input stream.
Result:
Login Succeeded
Note
Authorized keys do not expire, but you can always get new authorized keys and get authenticated again if something goes wrong.
-
-
Upload the Docker image to the container registry. To do this, run the cell with the code:
#!:docker-publish <image_name>:<image_tag> cr.yandex/<image_path>:<tag>
<image_name>
: Image name in DataSphere.<image_tag>
: Image tag in DataSphere.<image_path>
: Path to the Container Registry image in thecr.yandex/<registry_ID format.>/<image_name>
;<tag>
: Image tag.
During the uploading, specify the username and choose a secret with a password. For authorization in Container Registry, provide the
json_key
token type as username and enter the secret instead of password. -
In the node creation form, specify the path to the image in this format:
cr.yandex/<registry_address>:<tag>
.