Advanced tips for developing your service or process
When developing a service or process on EDITO, you may encounter situations where you need to customize predefined components or integrate external resources, such as Docker images stored in a private registry. These adjustments are common when your service requires specific configurations that go beyond the default setup.
For example, you might need to modify ingress rules to better control how your service is accessed, or configure authentication to pull private Docker images used by your application. These customizations help ensure that your services run securely, reliably, and in a way that aligns with your operational needs.
This section provides guidance on how to override default ingress templates and how to configure private registry authentication.
Docker is a platform that allows you to build, package, and run applications inside lightweight and portable containers. These containers ensure that your application always runs the same way, regardless of the environment. For more information, you can refer to the official Docker documentation.
Helm is a package manager for Kubernetes that helps you define, install, and manage applications using reusable templates called charts. For more information, you can refer to the official Helm documentation.
Overriding predefined components
If we take our Terria Map example, you notice that that the ingress.yaml file contains only one line:
{{ include "library-chart.ingress" . }}It means that the content of the ingress will be copied from the library-chart dependency. To see what is in there, you can navigate to your chart folder and run:
helm dependency update
cd charts/
tar zxvf library-chart-X.Y.Z.tgzThe X.Y.Z version corressponds to the one in the
Chart.yamlfile.
Then you can open the library-chart/templates/_ingress.tpl file to see what is the logic of the ingress template.
You can draw inspiration from this template to rewrite the ingress.yaml file to fit your needs, as well as learning more about it in the official Kubernetes documentation.
Pull a docker image from a private registry
You may want to use credentials to pull a docker image from a private registry while building your service or process. Is is something possible and here is the procedure to follow in order to achieve this (mostly based on the official kubernetes documentation):
- First, you’ll need to define a new Kubernetes Secret in your service or process. Create a file named
imageCredentials.yamlin thetemplatefolder of your Chart and paste the following content:
{{- define "imagePullSecret" }}
{{- with .Values.imageCredentials }}
{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
{{- end }}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "library-chart.fullname" . }}-registry-credentials
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
type: kubernetes.io/dockerconfigjson- Then you’ll need to reference this secret in the kubernetes resource that is referencing the image. Here, we’ll take a Pod resource as an example but it’ll be almost the same for any other kind of resource (Job, StatefullSet, Deployment…):
apiVersion: v1
kind: Pod
metadata:
name: fake-pod-name
spec:
containers:
- name: fake-pod-example
image: <your-private-image>
imagePullSecrets:
- name: {{ include "library-chart.fullname" . }}-registry-credentials- Finaly, we need to let users send their authentication to the registry though the datalab interface:
Add this in the values.yaml:
imageCredentials:
registry: ghcr.io # To be replace by your actual registry
username: ""
password: ""
email: ""And the imageCredentials section of the following JSON in the values.schema.json:
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"properties": {
"imageCredentials": {
"description": "Credentials for fetching the container image",
"type": "object",
"properties": {
"username": {
"description": "username",
"type": "string"
},
"password": {
"description": "password",
"type": "string"
},
"email": {
"description": "email",
"type": "string"
}
}
}
}
}