Registry is a service for storing private container images and Helm charts.
Registry is available as an optional service for NKE. It can be deployed using Cockpit and be used from any number of NKE clusters.
Pushing Container Images
To push container images, you will need to login through the URL and username and password combination that is provided in Cockpit.
$ docker login <url> Username: <username> Password: <password> Login Succeded
Afterwards, images can be tagged with
docker tag and pushed with
$ docker tag <image id> <url>/<image name>:<image version> $ docker push <url>/<image name>:<image version> The push refers to repository [<url>] ...
Pushing Helm charts
Note: To push Helm charts to the registry, Helm v3.8.0 or newer is required. Prior to v3.8.0, OCI support was considered experimental and needs to be explicitly enabled by setting the environment variable
HELM_EXPERIMENTAL_OCI=1. You can read more about this here.
To upload a Helm chart to the registry, you will need to login through the URL and username and password combination that is provided in Cockpit.
$ helm registry login -u <user> <url> Password: Login Succeeded
After successful authentication, a chart can be pushed through the
helm push command:
$ helm push <chart.tgz> oci://<url> Pushed: ... Digest: ...
The URL needs to be prefixed with
oci:// instead of
https:// in order to work correctly.
pushcommand can only be used against
.tgzfiles created ahead of time using
For more information about using Helm with the registry, please see the official Helm documentation.
Pulling Container Images in your Kubernetes Cluster
In order to use your private registry in your Kubernetes cluster, a container image pull secret has to be created and referenced in your deployment manifests.
To create the secret, you can fetch the
.dockerconfigjson from Cockpit and use
kubectl to create it in your cluster:
kubectl create secret docker-registry <secret name> \ --from-file=.dockerconfigjson=<path to .dockerconfigjson>
This secret can then be referenced in the Pod’s
imagePullSecrets list. See the official Kubernetes documentation for more information regarding using private registries.