Docker Service Connector
Configuring Docker Service Connectors to connect ZenML to Docker container registries.
The ZenML Docker Service Connector allows authenticating with a Docker or OCI container registry and managing Docker clients for the registry. This connector provides pre-authenticated python-docker Python clients to Stack Components that are linked to it.
Prerequisites
No Python packages are required for this Service Connector. All prerequisites are included in the base ZenML Python package. Docker needs to be installed on environments where container images are built and pushed to the target container registry.
Resource Types
The Docker Service Connector only supports authenticating to and granting access to a Docker/OCI container registry. This type of resource is identified by the docker-registry
Resource Type.
The resource name identifies a Docker/OCI registry using one of the following formats (the repository name is optional and ignored).
DockerHub: docker.io or
https://index.docker.io/v1/<repository-name>
generic OCI registry URI:
https://host:port/<repository-name>
Authentication Methods
Authenticating to Docker/OCI container registries is done with a username and password or access token. It is recommended to use API tokens instead of passwords, wherever this is available, for example in the case of DockerHub:
This Service Connector does not support generating short-lived credentials from the username and password or token credentials configured in the Service Connector. In effect, this means that the configured credentials will be distributed directly to clients and used to authenticate directly to the target Docker/OCI registry service.
Auto-configuration
This Service Connector does not support auto-discovery and extraction of authentication credentials from local Docker clients. If this feature is useful to you or your organization, please let us know by messaging us in Slack or creating an issue on GitHub.
Local client provisioning
This Service Connector allows configuring the local Docker client with credentials:
Stack Components use
The Docker Service Connector can be used by all Container Registry stack component flavors to authenticate to a remote Docker/OCI container registry. This allows container images to be built and published to private container registries without the need to configure explicit Docker credentials in the target environment or the Stack Component.
ZenML does not yet support automatically configuring Docker credentials in container runtimes such as Kubernetes clusters (i.e. via imagePullSecrets) to allow container images to be pulled from the private container registries. This will be added in a future release.
Last updated