Back to the basics: Deploying Container Instances Using Container Image From OCI Container Registry

When deploying containers using container instances service with images from a private registry either you have to provide user name and password or you can let container instances pull images from container registry . Here are the steps:

1 Create a dynamic group with Container Instances as the resource type. Add a rule with the following syntax:

ALL {resource.type='computecontainerinstance'}

2 Write the following policy to grant access for the dynamic group:

Allow dynamic-group ContainerInstanceDynamicGroup to read repos in tenancy

Note

CREATE_CONTAINER_INSTANCE work request will fail with the following message if you try to pull the image from a private registry without authentication.

A container's image could not be pulled because the image does not exist or requires authorization.

Back to the basics: Pushing Container Images to Private OCI Container Registry

Once it's configured then it's forgotten until you need it again. So I've changed my laptop and had to reconfigure it again. Here are the steps:

1 Identify your region key from this list.

2 Identify your Object storage namespace from tenancy details page.

3 Identify your user name and build the user name string in the following format:

{tenancy-namespace}/{username}

If it's federated the format will be:

{tenancy-namespace}/oracleidentitycloudservice/{username}

4 Use your auth token as password.

Finally it should look like this: