Private Container Registries

Suggest Edits

Intro to Private Registries and How They Work on Salad:

Private Registry:

A private registry is a service that allows users to store and distribute container images without making them publicly accessible. This allows for better control over the distribution of images, as well as the ability to keep proprietary or sensitive information secure.

Details of using a Private Container Registry with SaladCloud will vary depending on the private registry used. Guides for supported registries are linked here:

COMING SOON!

  • Quay Container Registry

    A private registry service provided by Quay.io

  • GitHub Container Registry

    Personal access tokens are an option for authentication on GitHub API and command line instead of using passwords.

  • Self-Hosted (Basic Auth)

We're working to expand the private registries supported on SaladCloud. If you're using a registry not listed here, please get in touch!

To use a private registry, an image must first be pushed to the registry. This can be done using the docker push command, specifying the registry URL and the image name. Once the image is in the registry, it can be pulled and used by other members of the organization through the Salad Portal.

  • Salad requires authentication details to pull images, but authentication details are only stored long enough to pull the image and place it into encrypted storage for distribution to the Salad Network.
  • When we distribute a workload to a node, we generate a 1 time access token, allowing only specific node(s) to download and run the container image
  • There currently a max image size of 10 GB (note: this may change)
  • We pull and store images at moment of container group creation, so if the image is modified you will have to create a new container group

Status of container groups with private images

  • While the image is being pulled and stored, the container group status will be "pending"
  • Once the image is ready, the container group status will change to stopped, and the container group can be started.

Failures
A few unique failures can occur using private registries

  • Failure to authenticate: This will occur if we are unable to authenticate to the private registry with the credentials provided. Double check the credentials are correct and try again.
  • Failure to store: This will occur if we are unable to store the container image. This should be a temporary condition so try again.
  • Image too large: This will occur if the container image is too large. You will need to use a smaller container image.

If issues persist, please contact support here.

Updated 12 days ago