Authentication

Create an access token and start using the Application Collection

Most of the operations available in the Application Collection require authentication, such as: installing a Helm chart, running a container image or consuming the REST API. In this page, you will learn how to generate an access token and configure the most common tools to use the Collection.

Creating an access token

Before reading this block, make sure you have an account with access to Application Collection.

  1. Open the webapp in your browser of choice and sign in
  2. In the upper-right corner you will see your profile picture. Click on it
  3. In the pop-up, click on Access tokens
  4. Insert a meaningful description for the new token in the input below Create Token
  5. Click on Create. This will show a green box, with the token contents on it

Token example

Integrations

At this point, you already created an access token, but you are not sure about how to use it. Below we will show you how to quickly use it with docker, podman, helm, kubectl and curl.

Note: every time an access token is created, copy-pastable helper commands are shown for configuring the token inmediately.

Docker

In order to set up docker with the new token, you will need to open a terminal and run:

docker login dp.apps.rancher.io/containers -u <your-suse-email> -p <the-access-token>

After that, you can check the configuration by pulling an image. This is an example of the output you should get upon a successful pull:

$ docker pull dp.apps.rancher.io/containers/openjdk:17.0.10
17.0.10: Pulling from containers/openjdk
26cbacfd9b54: Pull complete 
d3e7d6906a04: Pull complete 
Digest: sha256:0f14a2a18e441da428b63e3854fe29fa6f9f20af5b99ba9780adb36bee65f5e4
Status: Downloaded newer image for dp.apps.rancher.io/containers/openjdk:17.0.10
dp.apps.rancher.io/containers/openjdk:17.0.10

Podman

You can also configure podman to pull images from the Collection. Execute the following command:

podman login dp.apps.rancher.io/containers -u <your-suse-email> -p <the-access-token>

You can verify that the configuration is correct by pulling an image, for example:

$ podman pull dp.apps.rancher.io/containers/ruby:3.3.0
Trying to pull dp.apps.rancher.io/containers/ruby:3.3.0...
Getting image source signatures
Copying blob sha256:6911d8a6e0d680cdfa227956a00667fe6cd1e2c111fa3c588d1cccc0b621bfe2
Copying blob sha256:4191f2fe96e960b152f79a6b0dcb40ad599b834e72b79edc61e6a627fec776c7
Copying config sha256:c7b272c4b0b6d09b43a32cf3215d0c86c5f148c00d6d049755f292e1c018cfa6
Writing manifest to image destination
c7b272c4b0b6d09b43a32cf3215d0c86c5f148c00d6d049755f292e1c018cfa6

Helm

Configuring helm to use the Collection is a matter of running a single command:

helm registry login dp.apps.rancher.io/charts -u <your-suse-email> -p <the-access-token>

You can check that it worked by pulling one of the Collection’s charts:

$ helm pull oci://dp.apps.rancher.io/charts/apache-apisix --version 2.4.0    
Pulled: dp.apps.rancher.io/charts/apache-apisix:2.4.0
Digest: sha256:533b7684559691782b42ee81bfde1a19ddfe81eb7cce108b01435ce7d25a7027

NOTE: it’s likely you will want to install charts on a Kubernetes cluster. For that, you will need to continue to the next section of this document.

Kubernetes

If you want to deploy images from the Collection to k8s workloads, then you will need to configure a Kubernetes pull secret:

kubectl create secret docker-registry application-collection --docker-server=dp.apps.rancher.io --docker-username=<your-suse-email> --docker-password=<the-access-token>

After that, you should be able to run any workload using our images:

$ kubectl run nginx --image dp.apps.rancher.io/containers/nginx:1.24.0 --overrides='{"spec": {"imagePullSecrets":[{"name": "application-collection"}]}}'
$ kubectl get pod nginx
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          10s

There are other ways of passing the imagePullSecret that may fit your needs better. For that, you can check this article.

cURL

If you got to this point, you probably want to start using the REST API.

This is an example of making a request with cURL, that uses basic authentication with the newly created token:

curl -u <your-suse-email>:<the-access-token> https://api.apps.rancher.io/v1/applications

However, if you’re going to intensively use the API, we suggest using other tools such as Postman or the embedded Swagger UI. In any case, you will need to pick Basic Authentication, using your email as username and token as password.

Last modified May 9, 2024