Legacy Tower container image registries
The Seqera Labs container registry cr.seqera.io
is the default Tower container image registry from version 22.4. Use of the AWS, Azure, and Google Cloud Tower image registries (referenced below) in existing installations is still supported but will be deprecated for new installations starting June 2023.
???+ example "Legacy Tower image instructions"
=== "AWS" Seqera Labs publishes the Tower Enterprise containers to a private Elastic Container Registry (ECR) on AWS.
-
Provide Seqera Labs with your AWS Account ID.
Supply this value to the Seqera representative managing your onboarding and wait for confirmation that it has been added to the ECR repository policy as an approved Principal.
-
Retrieve a local copy of the container.
Clients using the docker-compose deployment method must retrieve container copies for local use.
-
Install AWS CLI on the target machine.
-
Configure the AWS CLI with an IAM User with at least these privileges:
ecr:BatchGetImage
ecr:GetAuthorizationToken
ecr:GetDownloadUrlForLayer -
Authenticate Docker against the Seqera ECR:
# AWS CLI v2
aws ecr get-login-password --region eu-west-1 | \
docker login --username AWS --password-stdin 195996028523.dkr.ecr.eu-west-1.amazonaws.com
# AWS CLI v1
$(aws ecr get-login --registry-ids 195996028523 --region eu-west-1 --no-include-email) -
Pull the containers to your machine:
export REPOSITORY_URL="195996028523.dkr.ecr.eu-west-1.amazonaws.com/nf-tower-enterprise"
export TAG="v22.3.1"
docker pull ${REPOSITORY_URL}/backend:${TAG}
docker pull ${REPOSITORY_URL}/frontend:${TAG}
-
=== "Azure" Seqera Labs publishes the Tower Enterprise containers to a private Azure Container Registry instance.
-
Acquire credentials from Seqera Labs.
Customers who chose to retrieve their Tower Enterprise containers from Seqera's Azure Container Registry will be supplied with a user id and authentication token during the onboarding process.
-
Retrieve a local copy of the container.
Clients using the docker-compose deployment method must retrieve container copies for local use.
a. Authenticate Docker against the Seqera Azure Container Registry:
# Replace USER and TOKEN with the credentials supplied by Seqera Labs
docker login -u USER -p TOKEN seqera.azurecr.iob. Pull the containers to your local instance:
export REPOSITORY_URL="seqera.azurecr.io/nf-tower-enterprise"
export TAG="v22.3.1"
docker pull ${REPOSITORY_URL}/backend:${TAG}
docker pull ${REPOSITORY_URL}/frontend:${TAG}
=== "Google Cloud" Seqera Labs publishes the Tower Enterprise containers to a private Artifact Registry (AR) on GCP.
-
Provide Seqera Labs with your GCP Service Account.
Supply your GCP Project's Service Account email address to the Seqera representative managing your onboarding and wait for confirmation that it has been added as an approved Artifact Registry Reader.
-
Retrieve a local copy of the container.
Clients using the docker-compose deployment method must retrieve container copies for local use.
a. Install gcloud CLI and Docker on the target machine.
b. Authenticate the Service Account with the gcloud CLI.
c. Configure Docker to interact with the GCP Region where the Seqera AR resides:
gcloud auth configure-docker europe-west2-docker.pkg.dev
d. Confirm you have access to the repository:
gcloud artifacts docker images list europe-west2-docker.pkg.dev/nf-tower-enterprise/containers/ --include-tags
e. Pull the containers to your machine:
export REPOSITORY_URL="europe-west2-docker.pkg.dev/nf-tower-enterprise/containers"
export TAG="v22.3.1"
docker pull ${REPOSITORY_URL}/backend:${TAG}
docker pull ${REPOSITORY_URL}/frontend:${TAG}
If you are unable to pull container images due to a denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resouce "projects/nf-tower-enterprise/locations/eurpoe-west2/repositories/containers" (or it may not exist)
error, try the following:
-
If your Docker requires sudo, add sudo to the
gcloud auth configure-docker europe-west2-docker.pkg.dev
command. -
If you installed Docker onto Ubuntu using
snap
, ensure your containerd config is properly updated.