Working with image registries¶
When Maestro needs to start a new container, it will do whatever it can to make sure the image this container needs is available; the image full name is specified at the service level.
Maestro will first check if the target Docker daemon reports the image
to be available. If the image is not available, or if the -r
flag was
passed on the command-line (to force refresh the images), Maestro will
attempt to pull the image.
To do so, it will first analyze the name of the image and try to
identify a registry name (for example, in
my-private-registry/my-image:tag
, the address of the registry is
my-private-registry
) and look for a corresponding entry in the
registries
section of the environment description file to look for
authentication credentials. Note that Maestro will also look at each
registry’s address FQDN for a match as a fallback.
You can also put your credentials into ${HOME}/.dockercfg
in the
appropriate format expected by Docker and docker-py
. Maestro, via the
docker-py
library, will also be looking at the contents of this file
for credentials to registries you are already logged in against.
If credentials are found, Maestro will login to the registry before attempting to pull the image.
Additionally, you can configure a retry policy or image pull errors or a
per-registry basis. You can specify a maximum number of retries, and a list of
returned HTTP status codes to retry on. For example, the following
configuration will make two attempts to pull images from the quay.io
registry if a 500 is returned.
registries:
quay.io:
registry: https://quay.io/v1/
email: user@example.com
username: user
password: super-secret
retry:
attempts: 2
when:
- 500