Private Registries
Crunchy Postgres for Kubernetes can use containers that are stored in private registries. There are a variety of techniques that are used to load containers from private registries, including image pull secrets. This guide will demonstrate how to install Crunchy Postgres for Kubernetes and deploy a Postgres cluster using the Crunchy Data Customer Portal registry as an example.
Create an Image Pull Secret
The Kubernetes documentation provides several methods for creating image pull secrets. You can choose the method that is most appropriate for your installation. You will need to create image pull secrets in the namespace that Crunchy Postgres for Kubernetes is deployed and in each namespace where you plan to deploy Postgres clusters.
For example, to create an image pull secret for accessing the Crunchy Data Customer Portal image registry in the postgres-operator namespace, you can execute the following commands:
kubectl create ns postgres-operator
kubectl create secret docker-registry crunchy-regcred -n postgres-operator \
--docker-server=registry.crunchydata.com \
--docker-username=$YOUR_USERNAME \
--docker-email=$YOUR_EMAIL \
--docker-password=$YOUR_PASSWORD
This creates an image pull secret named crunchy-regcred in the postgres-operator namespace.
Install Crunchy Postgres for Kubernetes from a Private Registry
To install Crunchy Postgres for Kubernetes from a private registry, you will need to set an image pull secret on the installation manifest.
For example, to set up an image pull secret using the Kustomize install method to install Crunchy Postgres for Kubernetes from the Crunchy Data Customer Portal, you can add the following in the kustomize/install/default/kustomization.yaml manifest:
patches:
- target: { group: apps, version: v1, kind: Deployment, name: pgo }
patch: |-
- path: /spec/template/spec/imagePullSecrets
op: add
value:
- name: crunchy-regcred
If you are using a version of kubectl prior to v1.21.0, you will have to create an explicit patch file named install-ops.yaml:
- path: /spec/template/spec/imagePullSecrets
op: add
value:
- name: crunchy-regcred
and add the following to the manifest:
patchesJson6902:
- target: { group: apps, version: v1, kind: Deployment, name: pgo }
path: install-ops.yaml
You can then install Crunchy Postgres for Kubernetes from the private registry using the standard installation procedure, e.g.:
kubectl apply --server-side -k kustomize/install/default
Deploy a Postgres cluster from a Private Registry
To deploy a Postgres cluster using images from a private registry, you will need to set the value of spec.imagePullSecrets on a PostgresCluster custom resource.
For example, to deploy a Postgres cluster using images from the Crunchy Data Customer Portal with an image pull secret in the postgres-operator namespace, you can use the following manifest:
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: hippo
spec:
imagePullSecrets:
- name: crunchy-regcred
image: registry.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.2-5.5.1-0
postgresVersion: 16
instances:
- name: instance1
dataVolumeClaimSpec:
accessModes:
- 'ReadWriteOnce'
resources:
requests:
storage: 1Gi
backups:
pgbackrest:
image: registry.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-5.5.1-0
repos:
- name: repo1
volume:
volumeClaimSpec:
accessModes:
- 'ReadWriteOnce'
resources:
requests:
storage: 1Gi