Docker Registry

Support for Docker Registries

TrueFoundry supports various docker registries to be integration with the platform. These are used to store images that are built while deploying to TrueFoundry. The following table provides information on required permissions, authentication credentials required and also the list of validations performed by TrueFoundry.

FeatureECRGoogle Artifact RegistryGoogle Container RegistryDockerHub
Registry URL<registryId>.dkr.ecr.<region>.amazonaws.com<location>-docker.pkg.dev/<projectId><location>.gcr.io/<projectId>registry.hub.docker.com or docker.io/<namespace>
AuthenticationAWS Access Id + Secret Key or Assumed Role ARNkeyfile.json for service accountkeyfile.jsonusername + password
Permissions RequiredAmazonEC2ContainerRegistryFullAccessroles/iam.serviceAccountTokenCreator
roles/artifactregistry.admin
roles/storage.legacyBucketWriter
Validations By TrueFoundry
check if registry url is valid:heavy-check-mark::heavy-check-mark::heavy-check-mark:-
check if registry credentials are valid:heavy-check-mark::heavy-check-mark::heavy-check-mark::heavy-check-mark:
check if an image is valid:heavy-check-mark::heavy-check-mark:-we can check until the repo, but cannot validate the tag
delete repo with application deletion:heavy-check-mark::heavy-check-mark:--

Add Docker Image Registry to TrueFoundry

Storing Docker images of services that are built for model deployment and inference will require setup of a default Docker image registry. We support commonly used docker registries like Dockerhub, ECR, AzureCR out of the box. We also support most docker registries that uses the standard username password flows.

Docker Registries are used in two ways:

  • you can use Docker registry to save images built during deployment of code or repository
  • you can deploy any images from the repository to one of your connected workspaces

To connect a new registry, one needs to follow the following steps:

  • Navigate to the Integrations section of your TrueFoundry dashboard, and go to the Docker Registry section.
  • Click on the Connect Registry button at the top right corner.
  • Now add the name of the registry you want to connect. Select the registry type.
  • Now add the credentials for these registries. The format expected by registry url and permissions required for the credentials for each type of registry can be checked by clicking on the information next to the field.
Docker Hub Registry

Docker Hub Registry

AWS ECR Registry

AWS ECR Registry

Google Container Registry

Google Container Registry

  • Once added, the registry will show up in the list of registries.
  • On the registry you want to use as default, choose the Set default option from the menu. In case you do not specify any docker registry while deploying an application, the default one will be used for storing the image.

Default Registries

Cluster Default

You can specify the default registry per cluster. To do this, go to Integrations > Clusters and click on Edit for the cluster you want to add default registry for.

Edit Cluster Form to add default registry

Edit Cluster Form to add default registry

In the form, choose the default registry for the cluster. When no registry is specified for a deployment, the cluster default will be automatically used to store the built image.

Choose a default registry for the cluster from the form

Choose a default registry for the cluster from the form

Tenant Default

If you do not choose a registry for your deployment and there is no default cluster registry, the tenant default will be used. All tenants must have a default registry. If you only have one registry added, it will automatically be the tenant default and will be used for all builds.