Private Registries
PGO, the open source Postgres Operator, can use containers that are stored in private registries. There are a variety of techniques that are used to load containers from private registries, including image pull secrets. This guide will demonstrate how to install PGO and deploy a Postgres cluster using the Crunchy Data Customer Portal registry as an example.
Create an Image Pull Secret
The Kubernetes documentation provides several methods for creating image pull secrets. You can choose the method that is most appropriate for your installation. You will need to create image pull secrets in the namespace that PGO is deployed and in each namespace where you plan to deploy Postgres clusters.
For example, to create an image pull secret for accessing the Crunchy Data Customer Portal image registry in the postgres-operator
namespace, you can execute the following commands:
kubectl create ns postgres-operator
kubectl create secret docker-registry crunchy-regcred -n postgres-operator --docker-server=registry.crunchydata.com --docker-username=$YOUR_USERNAME --docker-email=$YOUR_EMAIL --docker-password=$YOUR_PASSWORD
This creates an image pull secret named crunchy-regcred
in the postgres-operator
namespace.
Install PGO from a Private Registry
To install PGO from a private registry, you will need to set an image pull secret on the installation manifest.
For example, to set up an image pull secret using the Kustomize install method to install PGO from the Crunchy Data Customer Portal, you can add the following in the kustomize/install/default/kustomization.yaml
manifest:
patches:
- target: { group: apps, version: v1, kind: Deployment, name: pgo }
patch: |-
- path: /spec/template/spec/imagePullSecrets
op: add
value:
- name: crunchy-regcred
If you are using a version of kubectl
prior to v1.21.0
, you will have to create an explicit patch file named install-ops.yaml
:
- path: /spec/template/spec/imagePullSecrets
op: add
value:
- name: crunchy-regcred
and add the following to the manifest:
patchesJson6902:
- target: { group: apps, version: v1, kind: Deployment, name: pgo }
path: install-ops.yaml
You can then install PGO from the private registry using the standard installation procedure, e.g.:
kubectl apply --server-side -k kustomize/install/default
Deploy a Postgres cluster from a Private Registry
To deploy a Postgres cluster using images from a private registry, you will need to set the value of spec.imagePullSecrets
on a PostgresCluster
custom resource.
For example, to deploy a Postgres cluster using images from the Crunchy Data Customer Portal with an image pull secret in the postgres-operator
namespace, you can use the following manifest:
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: hippo
spec:
imagePullSecrets:
- name: crunchy-regcred
image: registry.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.4-5.4.7-0
postgresVersion: 16
instances:
- name: instance1
dataVolumeClaimSpec:
accessModes:
- 'ReadWriteOnce'
resources:
requests:
storage: 1Gi
backups:
pgbackrest:
image: registry.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-5.4.7-0
repos:
- name: repo1
volume:
volumeClaimSpec:
accessModes:
- 'ReadWriteOnce'
resources:
requests:
storage: 1Gi