Authentication
Create an access token or service account and start using the Application Collection
Most of the operations available in the Application Collection require authentication, such as: installing a Helm chart, running a container image or consuming the REST API. In this page, you will learn how to generate an access token and configure the most common tools to use the collection.
Creating an access token
Before reading this block, make sure you have an account with access to Application Collection.
An access token lets you authenticate to Application Collection through different non-graphical clients.
- Open the web application in your browser of choice and sign in
- In the upper-right corner you will see your profile picture. Click on it
- In the pop-up, click Settings and later, click Access tokens
- Insert a meaningful description for the new token in the input below Create token
- Click Create. This will show a green box, with the token contents on it
Creating a service account
Before reading this block, make sure you have an account with access to Application Collection.
With a service account, you can authenticate to Application Collection on behalf of an organization. This is different from access tokens, which are used to authenticate on behalf of yourself. Service accounts are useful for machine-to-machine communications, like CI pipelines, or service integrations that are company-wide.
To create a Service Account for a given Organization, you must be admin of that org.
- Open the webapp in your browser of choice and sign in
- In the upper-right corner you will see your profile picture. Click it
- In the pop-up, click Settings and later, click Service accounts
- Insert a meaningful description for the account in the input below Create service account, and select the target Organization
- Click Create. This will show a green box, with the service account contents on it
Using CLI tools
At this point, you already created either an access token (AT) or a service account (SA), but you are not sure about how to use it.
Below we will show you how to quickly use it with docker
, podman
, helm
, kubectl
and curl
.
Every time an access token or service account is created, copy-pastable helper commands are shown for configuring the token inmediately.
Docker
To set up Docker, you will need to open a terminal and run:
docker login dp.apps.rancher.io/containers -u <your-suse-username-or-sa-username> -p <acces-token-or-sa-token>
After that, you can check the configuration by pulling an image. This is an example of the output you should get upon a successful pull:
$ docker pull dp.apps.rancher.io/containers/openjdk:17.0.10
17.0.10: Pulling from containers/openjdk
26cbacfd9b54: Pull complete
d3e7d6906a04: Pull complete
Digest: sha256:0f14a2a18e441da428b63e3854fe29fa6f9f20af5b99ba9780adb36bee65f5e4
Status: Downloaded newer image for dp.apps.rancher.io/containers/openjdk:17.0.10
dp.apps.rancher.io/containers/openjdk:17.0.10
Podman
You can also configure Podman to pull images from Application Collection. Execute the following command:
podman login dp.apps.rancher.io/containers -u <your-suse-username-or-sa-username> -p <acces-token-or-sa-token>
You can verify that the configuration is correct by pulling an image, for example:
$ podman pull dp.apps.rancher.io/containers/ruby:3.3.0
Trying to pull dp.apps.rancher.io/containers/ruby:3.3.0...
Getting image source signatures
Copying blob sha256:6911d8a6e0d680cdfa227956a00667fe6cd1e2c111fa3c588d1cccc0b621bfe2
Copying blob sha256:4191f2fe96e960b152f79a6b0dcb40ad599b834e72b79edc61e6a627fec776c7
Copying config sha256:c7b272c4b0b6d09b43a32cf3215d0c86c5f148c00d6d049755f292e1c018cfa6
Writing manifest to image destination
c7b272c4b0b6d09b43a32cf3215d0c86c5f148c00d6d049755f292e1c018cfa6
Helm
Configuring Helm to use Application Collection is a matter of running a single command:
helm registry login dp.apps.rancher.io/charts -u <your-suse-username-or-sa-username> -p <acces-token-or-sa-token>
You can check that it worked by pulling one of the Collection’s charts:
$ helm pull oci://dp.apps.rancher.io/charts/apache-apisix --version 2.4.0
Pulled: dp.apps.rancher.io/charts/apache-apisix:2.4.0
Digest: sha256:533b7684559691782b42ee81bfde1a19ddfe81eb7cce108b01435ce7d25a7027
NOTE: If you want to install charts on a Kubernetes cluster, continue to the next section.
Kubernetes
To deploy images from Application Collection to k8s workloads, you will need to configure a Kubernetes pull secret:
kubectl create secret docker-registry application-collection --docker-server=dp.apps.rancher.io --docker-username=<your-suse-username-or-sa-username> --docker-password=<acces-token-or-sa-token>
After that, you should be able to run any workload using our images:
$ kubectl run nginx --image dp.apps.rancher.io/containers/nginx:1.24.0 --overrides='{"spec": {"imagePullSecrets":[{"name": "application-collection"}]}}'
$ kubectl get pod nginx
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 10s
There are other ways of passing the imagePullSecret
that may fit your needs better. For that, you can check this article.
cURL
If you get to this point, you may want to start using the REST API.
This is an example of making a request with cURL, that uses basic authentication with the newly created token:
curl -u <your-suse-username-or-sa-username>:<acces-token-or-sa-token> https://api.apps.rancher.io/v1/applications
If you’re going to use the API intensively, we suggest using other tools such as Postman or the embedded Swagger UI.
In any case, you will need to pick basic authentication, using your email as username
and token as password
.