If you are using docker and you push docker images to hub.docker.com, by default, the docker images are pushed into a public repository. This means that everyone can access your docker images. However, we need to ensure that our docker images are very secure so that only applications existing in a given project have the access to the docker images.
Google provides a solution to this using Google Cloud, where you can store private docker images.
Table of Contents
- Google Container Registry
- Working on Google Cloud Shell
- Creating an application
- Creating the Docker File
- Creating a Docker Image
- Uploading the Docker Image
- Deploy the image
This article focuses on creating a docker image and pushing it to a private repository in Google using Google Container Registry. It explains how to ensure that a given docker image is only accessible to the projects within a given repository. We will create a flask application, create its docker image, then deploy the created image to Google Cloud.
Google Container Registry
Google Container Registry is space for managing Docker images on the Google Cloud Platform. It ensures clearance for access of Docker images hosted on the registry by deciding who can access what docker image at any instance. The majority of the people use Docker Hub as a central registry, but with GCR, there is privacy factored in.
Working on Google Cloud Shell
Google Cloud Shelly is the free environment that provides command-line access to resources during cloud development. It provides a virtual machine based on Linux.
Instead of working locally, we will use Google Cloud shell. To open the shell click the top right icon shown in the image below:
Creating an application
To create the application, we need one folder for the templates, a
requirement.txt file for use when building a docker image, and the main entry point of the application i.e,
Here is a table of all the files and folders for the application and the command to create them in Google Cloud Shell.
Use the command
nano filename to open any file.
app.py file, add the following code the press
CTRL + X then
Y to save.
import os from flask import Flask, render_template import flask app = Flask(__name__) # Index @app.route('/') def index(): return render_template('index.html') if __name__ == '__main__': app.run(debug=True, host='0.0.0.0', port=int(os.environ.get('PORT', 8080)))
index.html file, add the code below.
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Docker | Google Cloud</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> </head> <body> <div class="container"> <br><br><br><br><br> <div class="jumbotron text-center"> <h2>Google Cloud Deployed!!!</h4> </div> </div> </div> </body> </html>
Creating the Docker File
Dockerfile add the code below:
FROM python:3.8 # working directory WORKDIR /user/src/app # copy all files to the container COPY . . # Install pip requirements RUN python -m pip install --no-cache-dir -r requirements.txt # port number to expose EXPOSE 5000 # run the web service on the container using gunicorn CMD exec gunicorn --build :$PORT --worker 1 --threads 8 --timeout 0 app:app
In the requirements.txt file, add the code below:
# flask flask==1.1.2 # gunicorn gunicorn==20.0.4
Next, we need to make the
Dockerfile executable. Run the command below.
chmod +x Dockerfile
Creating a Docker Image
When using the docker hub, we would use the command
docker build --tag app . to generate the docker image. However, here is where things get different with Google Container Registry.
When creating the docker image using GCR, you should specify the project name, the project ID, and the tag name for the docker image. For our case, we will run the command below to build the image.
gcloud builds submit --tag gcr.io/your-project-id/flask-app
Upload & Verify the Upload
To verify whether the image was successfully deployed, head over to Google Cloud Storage on the left sidebar menu. You should see your app deployed like the one shown below. You will see two records; one is an image, while another is the actual application.
Deploy the image
Run the command below to deploy the docker image. Under region, select the number that corresponds to your desired location. Click enter for any prompt given further.
gcloud run deploy --image gcr.io/project-id/flask-app
You should see the container deployed as below:
Click the deployment service URL link to see your app running!
If we go to the Google Container Registry Page, we will find a list of our containers and their visibility set as private.
This shows that our docker images are only accessible to applications created within the Google console project. Now we are sure that our images have access control.
In this tutorial, we learned how to deploy docker images to Google Container Registry, created a simple flask application, dockerized it, and deployed it to GCR. We also learned how to use Google Cloud Shell during the process.
Now go ahead and try doing it with your application.
Peer Review Contributions by: Odhiambo Paul