Part 2: Connect Your Gitlab Registry With Humanitec
As a developer with limited spare time to learn the pitfalls of Kubernetes, I am going to use the platform orchestrator Humanitec for my own use: managing small cloud projects.
In Part 1, I have stated opinionated reasons why I think a platform orchestrator is useful and how to create an account at Humanitec. In this blog post, I am going to demonstrate how to connect your own container registry from Gitlab.
Don’t I mean Github? No. For a long list of reasons, I use Gitlab whenever I can, especially for its ci pipelines. In contrast, Github is the WhatsApp of git-providers. I use it, because everyone else does, but it essentially does not fit my requirements. Of course, you can follow this approach with any registry, even Github.
Add Gitlab Registry To Humanitec
Assuming that your gitlab registry is private, you need to create a project access token first in order to let Humanitec authenticate and access your gitlab container registry. You can find the option for creating an access token under “Settings” of your gitlab project:
Be aware of the expiration date! The access token requires read_registry scope:
You can only view the access token right after creating it. Copy it somewhere save for inserting it in Humanitec.
Back in Humanitec, you can add your gitlab registry to Humanitec. Gitlab will be the category “Basic container registry”:
Username can be any string (I would use something like Humanitec-Token). The password needs to be your access token that you just created in Gitlab. When Humanitec later looses contact to your registry, remember that your access token always has an expire date!! You need to renew the token in Gitlab then.
Create An App With Your Own Image
Now that you have connected your gitlab-registry with Humanitec, you can create an app in Humanitec containing an image that is pulled from your Gitlab registry. You can follow this tutorial about deploying a sample app. Instead of the sample-service, you use your own image from the gitlab registry.
If you struggle to find the identifier of your image in your gitlab container registry, you can find the full qualifier for your image from the gitlab project. Navigate to your projects container registry next to your gittlab project. You can find it under Deploy in your project menu:
Add the image with tag to your deployment in Humanitec.
Sending New Images To Humanitec
You can also configure your CI pipeline to notify Humanitec about new images. You need to create an Api Token first in Humanitec and add the token as variable HUMANITEC_TOKEN to your gitlab-ci. The following job should work for you:
The job assumes that:
- you have HUMANITEC_TOKEN variable set in your Gitlab CI variables settings
- you have a job for building and pushing a docker image to your container registry in the same ci pipeline
- that IMAGE_TAG has been set and used in a previous docker build job
- that IMAGE_NAME holds the full qualified image name (including registry.gitlab.com) of your image
Summary
Now your Humanitec account should have access to your Gitlab container registry. When choosing a container for your workload, Humanitec should even show you the images and versions that you had notified Humanitec about:
You can even go the extra mile and check out automation rules for your app’s environment, which let you automatically redeploy workloads as soon as Humanitec has been notified about a new container image by your Gitlab CI job from above. We will cover that automation in a later article in detail.
You application runs now on a Humanitec owned kubernetes cluster. It is out of your control and it will be reset regularly. This environment is only for demo use and it is neither meant nor equipped for production use. In the next article, we will have a look how to deploy your app to your own kubernetes cluster.
