Closed mrocklin closed 3 years ago
The motivation behind this question was that most companies will have a private docker image available to run Dask clusters on. Typically containing private PyPi packages. While using the Software Environment functions to build this image inside Coiled is feasible, support for private images would speed up the process of getting Coiled up and running in an organisation.
The current reason that this isn't possible is because our worker nodes don't have access to the private Docker repositories. I can see a couple of immediate solutions, and would be interested in thoughts on either:
coiled.Cluster()
initializer -- security concerns can be mitigated by limiting access on our side and duration on the other, but this is much less convenient for the user
coiled.yaml
configuration, so that we have short-lived access but the user (or whoever's managing e.g. their JupyterHub instance) could conveniently store longer-lived tokens locally and we would not have access to them.@necaris is this done?
@mrocklin we're working on it! We can currently already handle:
We're working on option (1) from above, where we store private Docker repository credentials (testing with Docker Hub) encrypted and per-Account
, and hope to release it in the next couple of weeks.
@necaris That's super interesting, thanks for the reply. Is there a way for us to use the AWS ECR option at the moment?
@matthiasdv sorry for the delay here -- if you're using Coiled right now you're already using the AWS ECR option, just through our account; you can give us limited access to your AWS account and use that same option within your account as well. Please see https://docs.coiled.io/user_guide/backends.html#aws for more details :smile:
We currently support private docker images if the user-provided docker hub credentials. I believe we can now close this issue
Is there any documentation around this @FabioRosado ?
@bennnym Hi Ben sure, we have documentation on creating software environments as well as one about uploading a file/directory to a cluster.
You can add your dockerhub credentials by going to Account > set backend options and follow the UI, on the step to configure registry options you can choose docker hub and add your username and token.
Hope this helps.
A user asked in a private channel:
Today the answer is "unfortunately not". You can create a software environment from a docker image that our account can see (dockerhub or our ECR repository), or you could build a software environment from public packages and also private github accounts if you register a github auth token.
Supporting private docker images makes a lot of sense though. We would need to have access to that image repository. This probably leads to the larger discussion in #67 .