Integration with Container Registry
To integrate Kubernetes with Container Registry, create the following resources: a Kubernetes cluster, a node group, a Docker registry, and a Docker image. To facilitate authentication, configure Docker Credential Helper and make sure that a pod with an application from Container Registry launches with no additional authentication required.
- Prepare the necessary Kubernetes resources.
- Prepare the necessary Container Registry resources.
- Connect to the Kubernetes cluster.
- Run the test app.
- Delete the created resources.
Prepare the Kubernetes resources
Create a Kubernetes cluster
Run the command:
ncp managed-kubernetes cluster create \
--name k8s-demo --network-name nb-auto-network \
--etcd-cluster-size 1 \
--master-location zone=eu-north1-c,subnet-id=subnet-id-a,subnet-name=nb-auto-subnet-0 \
--public-ip
Run the command:
> ncp managed-kubernetes cluster create `
--name k8s-demo --network-name nb-auto-network `
--etcd-cluster-size 1 `
--master-location zone=eu-north1-c,subnet-id=subnet-id-a,subnet-name=nb-auto-subnet-0 `
--public-ip
Create a node group
-
Make sure the Kubernetes cluster was created.
- In the management console
, select the folder where the Kubernetes cluster was created. - In the list of services, select Managed Service for Kubernetes.
- Make sure that the Kubernetes cluster was created:
- The Status column value must be
Running
. - The Health column value must be
Healthy
.
- The Status column value must be
- In the management console
-
Create a node group:
BashPowerShellncp managed-kubernetes node-group create \ --name k8s-demo-ng \ --cluster-name k8s-demo \ --platform standard-v2 \ --public-ip \ --cores 2 \ --memory 4 \ --core-fraction 50 \ --disk-type network-ssd \ --fixed-size 2 \ --location subnet-name=nb-auto-subnet-0,zone=eu-north1-c \ --async
> ncp managed-kubernetes node-group create ` --name k8s-demo-ng ` --cluster-name k8s-demo ` --platform standard-v3 ` --public-ip ` --cores 2 ` --memory 4 ` --core-fraction 50 ` --disk-type network-ssd ` --fixed-size 2 ` --location subnet-name=nb-auto-subnet-0,zone=eu-north1-c ` --async
Prepare Container Registry resources
Create a registry
Create a container registry:
ncp container registry create --name nb-auto-cr
Configure Docker Credential helper
To facilitate authentication in Container Registry, configure Docker Credential helper. It lets you use private Nebius AI registries without running the docker login
command.
To configure the Credential helper, run the following command:
ncp container registry configure-docker --hostname cr.ai.nebius.cloud
Prepare a Docker image
Build a Docker image and push it to the registry.
-
Create a Dockerfile named
hello.dockerfile
and add the following lines to it:FROM ubuntu:latest CMD echo "Hi, I'm inside"
-
Assemble the Docker image.
-
Get the ID of the previously created registry and write it to the variable:
BashPowerShellREGISTRY_ID=$(ncp container registry get --name nb-auto-cr --format json | jq .id -r)
$REGISTRY_ID = (ncp container registry get --name nb-auto-cr --format json | ConvertFrom-Json).id
-
Build a Docker image:
docker build . -f hello.dockerfile -t cr.ai.nebius.cloud/$REGISTRY_ID/ubuntu:hello
-
Push the Docker image to the registry:
docker push cr.ai.nebius.cloud/${REGISTRY_ID}/ubuntu:hello
-
-
Make sure the Docker image was pushed to the registry:
ncp container image list
Result:
+----------------------+---------------------+-----------------------------+-------+-----------------+ | ID | CREATED | NAME | TAGS | COMPRESSED SIZE | +----------------------+---------------------+-----------------------------+-------+-----------------+ | crpa2mf008mpjig73rp6 | 2019-11-20 11:52:17 | crp71hkgiolp6677hg9i/ubuntu | hello | 27.5 MB | +----------------------+---------------------+-----------------------------+-------+-----------------+
Connect to the Kubernetes cluster
To work with a Kubernetes cluster using kubectl:
-
Add the Kubernetes cluster credentials to the kubectl configuration file:
-
Run the command:
ncp managed-kubernetes cluster get-credentials --external --name k8s-demo
-
Check the kubectl configuration:
kubectl config view apiVersion: v1 clusters: - cluster: certificate-authority-data: DATA+OMITTED ...
- By default, credentials are added to the
$HOME/.kube/config
directory. - If you need to change the configuration location, use the
--kubeconfig <file path>
flag.
-
Run the test app
Start the pod with the app from the Docker image and make sure that no additional authentication in Container Registry was required to push the Docker image.
-
Run the pod with the app from the Docker image:
kubectl run --attach hello-ubuntu --image cr.ai.nebius.cloud/${REGISTRY_ID}/ubuntu:hello
-
Find the running pod to see its full name:
kubectl get po
Result:
NAME READY STATUS RESTARTS AGE hello-ubuntu-5847fb96b4-54g48 0/1 Completed 3 61s
-
Check the logs of the container running on this pod:
kubectl logs hello-ubuntu-5847fb96b4-54g48
Result:
Hi, I'm inside
The pod pushed the Docker image with no additional authentication on the Container Registry side.
Delete the resources you created
Some resources are not free of charge. Delete the resources you no longer need to avoid paying for them:
-
Delete a Kubernetes cluster:
ncp managed-kubernetes cluster delete --name k8s-demo
-
Delete the Container Registry resources.
-
Find the name of the Docker image pushed to the registry:
BashPowerShellIMAGE_ID=$(ncp container image list --format json | jq .[0].id -r)
$IMAGE_ID = (ncp container image list --format json | ConvertFrom-Json).id
-
Delete the Docker image:
ncp container image delete --id $IMAGE_ID
-
Delete the registry:
ncp container registry delete --name nb-auto-cr
-