Private Registries

Crunchy Postgres for Kubernetes can use containers that are stored in private registries. There are a variety of techniques that are used to load containers from private registries, including image pull secrets. This guide will demonstrate how to install Crunchy Postgres for Kubernetes and deploy a Postgres cluster using the Crunchy Data Customer Portal registry as an example.

Create an Image Pull Secret

The Kubernetes documentation provides several methods for creating image pull secrets. You can choose the method that is most appropriate for your installation. You will need to create image pull secrets in the namespace that Crunchy Postgres for Kubernetes is deployed and in each namespace where you plan to deploy Postgres clusters.

For example, to create an image pull secret for accessing the Crunchy Data Customer Portal image registry in the postgres-operator namespace, you can execute the following commands:

kubectl create ns postgres-operator

kubectl create secret docker-registry crunchy-regcred -n postgres-operator --docker-server=registry.crunchydata.com --docker-username=$YOUR_USERNAME --docker-email=$YOUR_EMAIL --docker-password=$YOUR_PASSWORD
Copy

This creates an image pull secret named crunchy-regcred in the postgres-operator namespace.

Install Crunchy Postgres for Kubernetes from a Private Registry

To install Crunchy Postgres for Kubernetes from a private registry, you will need to set an image pull secret on the installation manifest.

Kustomize

When using the Kustomize install method, you can set up the image pull secret by adding a patch to the kustomize/install/default/kustomization.yaml manifest. In this example, we will use the crunchy-regcred secret that we created earlier:

patches:
  - target: { group: apps, version: v1, kind: Deployment, name: pgo }
    patch: |-
      - path: /spec/template/spec/imagePullSecrets
        op: add
        value:
          - name: crunchy-regcred
Copy

If you are using a version of kubectl prior to v1.21.0, you will have to create an explicit patch file named install-ops.yaml:

- path: /spec/template/spec/imagePullSecrets
  op: add
  value:
    - name: crunchy-regcred
Copy

and add the following to the manifest:

patchesJson6902:
  - target: { group: apps, version: v1, kind: Deployment, name: pgo }
    path: install-ops.yaml
Copy

You can then install Crunchy Postgres for Kubernetes from the private registry using the standard installation procedure, e.g.:

kubectl apply --server-side -k kustomize/install/default
Copy

Helm

To set up an image pull secret when using the Helm installer, you need to edit the values.yaml file, adding the name of the image pull secret to the imagePullSecretNames array:

# imagePullSecretNames is a list of secret names to use for pulling controller images.
# More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
imagePullSecretNames: [crunchy-regcred]
Copy

You can then install Crunchy Postgres for Kubernetes from the private registry using the standard installation procedure, e.g.:

helm install $NAME -n $NAMESPACE helm/install
Copy

Deploy a Postgres cluster from a Private Registry

To deploy a Postgres cluster using images from a private registry, you will need to set the value of spec.imagePullSecrets on a PostgresCluster custom resource.

Kustomize

To deploy a Postgres cluster in the postgres-operator namespace, with an image pull secret containing credentials for the Crunchy Data Customer Portal, you can use the following manifest:

apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
  name: hippo
spec:
  imagePullSecrets:
    - name: crunchy-regcred
  image: registry.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.4-5.4.7-0
  postgresVersion: 16
  instances:
    - name: instance1
      dataVolumeClaimSpec:
        accessModes:
          - 'ReadWriteOnce'
        resources:
          requests:
            storage: 1Gi
  backups:
    pgbackrest:
      image: registry.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-5.4.7-0
      repos:
        - name: repo1
          volume:
            volumeClaimSpec:
              accessModes:
                - 'ReadWriteOnce'
              resources:
                requests:
                  storage: 1Gi
Copy

Helm

To deploy a Postgres cluster with Helm, you wouldn't edit the PostgresCluster manifest directly, but would edit the values.yaml file in the chart, adding the name of the image pull secret to the imagePullSecrets array:

# imagePullSecrets references Secrets that credentials for pulling image from
# private repositories
imagePullSecrets: [crunchy-regcred]
Copy