For more than five years, DC/OS has enabled some of the largest, most sophisticated enterprises in the world to achieve unparalleled levels of efficiency, reliability, and scalability from their IT infrastructure. But now it is time to pass the torch to a new generation of technology: the D2iQ Kubernetes Platform (DKP). Why? Kubernetes has now achieved a level of capability that only DC/OS could formerly provide and is now evolving and improving far faster (as is true of its supporting ecosystem). That’s why we have chosen to sunset DC/OS, with an end-of-life date of October 31, 2021. With DKP, our customers get the same benefits provided by DC/OS and more, as well as access to the most impressive pace of innovation the technology world has ever seen. This was not an easy decision to make, but we are dedicated to enabling our customers to accelerate their digital transformations, so they can increase the velocity and responsiveness of their organizations to an ever-more challenging future. And the best way to do that right now is with DKP.
Deprecated: Deimos is now deprecated. See our tutorial on launching a Docker container with Mesosphere for the current instructions.
Using Docker repositories requiring login credentials is possible with Mesosphere's Deimos on Mesos, however it commonly requires extra configuration on the slave. This post describes the details of what is needed and how to configure Mesosphere to use a private Docker repository.
Docker Config File
When you want to run containers from a private Docker repository, it is necessary to be signed in to that repository. Authentication sessions are stored in a file called ~/.dockercfg and are created by sudo docker login. The technical location the file is created in is defined by the system environment variable $HOME. The Docker code specifically uses golang's os.Getenv("HOME") making the availability of $HOME essential.
Deimos is an Apache Mesos external containerizer. When configured on a Mesos slave, the slave will use Docker images as the container technology. Deimos is configured at the slave using the --containerizer_path=/usr/local/bin/deimos --isolation=external configuration. Deimos environment is defined by the environment of the Mesos slave process.
It is common to run the Mesos slave as root. When running as root, it is common for $HOME to not be set. When launching Docker images that are pulled from a private repository using Deimos, it is essential that the $HOME be set.
Solution: Pre-Install the Docker Config File on Your Slave
The current way to handle this situation is to copy the .dockercfg file from where ever it was originally created to a specific path on each of your slaves and exporting $HOME for either root or the start of mesos-slave. Example: With .dockercfg in /, set the $HOME for root export HOME=/. The consequence is that you will need to preconfigure each slave and that the private repositories used for Mesos frameworks will be limited to those defined in the .dockercfg.
On the roadmap is the ability to have a .dockercfg defined as part of the job description, removing this extra provisioning step.