Skip to main content
Version: Torizon OS 7.x.y

GitLab Container Registry

Introduction

GitLab Container Registry is a solution from GitLab to store Docker images inside a project.

In this article, we will use the TorizonCore Builder Tool to authenticate and pre-provide the target devices with a private container image hosted in GitLab. This guide assumes you have followed the steps in the Private Registry Introduction and Prerequisites.

Disclaimer

This guide offers a general guideline for further development and, therefore, should always be adapted to your specific use case.

In real-world scenarios, ensure you set up the appropriate access control, authentication and permissions.

Set Up the GitLab Cloud Environment

caution

Please check GitLab Authenticate with the container registry to find the set of permissions that better fits your specific application.

  1. Create a private registry: For more information, see GitLab container registry.
  2. Create the authentication token: For more information, see how to create a personal token.
    • One access token with full registry management permission for the host machine.
    • Another with read-only permission for the deployed devices (in this guide, we are using read_api permission).

Get the Authentication Tokens (Host Machine)

tip

In this guide, we are going to use a Personal Access Token. For other authentication methods, check GitLab Authenticate with the container registry.

  1. To save the credentials to be used by docker, run the docker login command.

    $ docker login --username <username> --password <token> registry.gitlab.com
  2. Push the Image to GitLab Cloud. The docker push command should be working normally by default, using the host machine token. For more information, see docker push in GitLab.

Push the GitLab docker-compose to Torizon Cloud using TCB

tip

It is a best practice to canonicalize the version of the docker-compose file before pushing it to Torizon OTA.

  1. To use torizoncore-builder platform push with private repositories, we need to authenticate using the following flag:

    --login-to <repository-url> <username> <token>
    • The <username> is the account email or username.
    • The <token> is the access token.
  2. Push the docker-compose file to Torizon Cloud. If you are missing the <path-to-credentials.zip>, please refer to the prerequisites.

    $ torizoncore-builder platform push \
    --credentials <path-to-credentials.zip> \
    --login-to registry.GitLab.com <username> <token> \
    --canonicalize \
    <path-to-dockercompose.yml>

Get the Authentication Tokens (Deployed Device)

danger

The authentication token from GitLab is short-lived and expires after 4 weeks by default, the expiration date can be set when creating the token.

  1. Run the following command to save the authentication token to /etc/docker/config.json.

    $ docker --config /etc/docker login --username <username> --password <token> registry.GitLab.com
  2. Copy the authentication file (/etc/docker/config.json) from the host machine to the target device and it should be ready to receive an update from the Torizon Cloud.

    This is going to enable this single device to receive an OTA update. Scaling is really simple with torizoncore-builder and Torizon Cloud, check the section on how to enable multiple devices.

For more information on setting up a container update, take a look at the overview article. If you want to learn more, see Torizon Cloud Web Interface.



Send Feedback!