From 62441bbfac0cf927f87614d7e283800035f96d72 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Fri, 28 Jun 2019 17:38:03 -0700 Subject: [PATCH] Add info on how to add private registry in pod spec --- .../en/k8s-in-rancher/registries/_index.md | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/content/rancher/v2.x/en/k8s-in-rancher/registries/_index.md b/content/rancher/v2.x/en/k8s-in-rancher/registries/_index.md index 2578c3ea46a..7cdc97f89ac 100644 --- a/content/rancher/v2.x/en/k8s-in-rancher/registries/_index.md +++ b/content/rancher/v2.x/en/k8s-in-rancher/registries/_index.md @@ -33,10 +33,24 @@ Currently, credentials are pulled automatically only if the workload is created **Result:** Your secret is added to the project or namespace, depending on the scope you chose. You can view the secret in the Rancher UI from the **Resources > Registries** view. Any workload that you create in the Rancher UI will be able to access your registry if it is within the registry's scope. -## How to Deploy Workloads with Images in a Private Registry +## How to Deploy Workloads with an Image from a Private Registry -After adding a registry to a project, any workloads deployed via the Rancher UI will be able to pull images from that registry. +You can deploy a workload with an image from a private registry through the Rancher UI, or with `kubectl`. -Now that you have a registry added to the project or namespace, you can add it to a workload that you want to deploy an image from your private registry. +### Deploying the Workload with the Rancher UI + +When you create the workload, in the **Docker Image** field, you need to enter the URL of the path to the Docker image in your private registry. + +You don't need to enter your private registry credentials because the pod automatically has access to the Kubernetes registry secret if the workload is in the scope of a registry that you added. + +### Deploying the Workload with kubectl + +When you create the workload using `kubectl`, you need to configure the pod so that its YAML has: + +- The path to the container image in the private registry, for example `quay.io/$(registry owner's name)/$(name of registry)` +- The name of the Kubernetes secret that has the private registry credentials + +To reference this secret in the Pod yaml, you will add the field `imagePullSecrets` with the name of the secret. For more information, refer to the Kubernetes documentation on [creating a pod that uses your secret.](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) + +The reason you have to add the Kubernetes secret manually is that the pod only automatically gets the private registry credentials if you create it in the Rancher UI. -For more information on adding a registry to a workload, see [Deploying Workloads]({{< baseurl >}}/rancher/v2.x/en/k8s-in-rancher/workloads/deploy-workloads/).