This tutorial shows how you can expose the registry to the outside of the cluster with Istio.
-
Export cluster address:
export CLUSTER_ADDRESS={YOUR_CLUSTER_ADDRESS}[!NOTE] You can find your cluster address in the
kyma-system/kyma-gatewaygateway resource. -
Expose the registry service by changing the spec.externalAccess.enabled flag to
true:kubectl apply -n kyma-system -f - <<EOF apiVersion: operator.kyma-project.io/v1alpha1 kind: DockerRegistry metadata: name: default namespace: kyma-system spec: externalAccess: enabled: true EOF
Once the DockerRegistry CR becomes
Ready, you see a Secret name used asImagePullSecretwhen scheduling workloads in the cluster.... status: externalAccess: enabled: "True" ... secretName: dockerregistry-config-external
-
Log in to the registry using the docker-cli:
export REGISTRY_USERNAME=$(kubectl get secrets -n kyma-system dockerregistry-config-external -o jsonpath={.data.username} | base64 -d) export REGISTRY_PASSWORD=$(kubectl get secrets -n kyma-system dockerregistry-config-external -o jsonpath={.data.password} | base64 -d) export REGISTRY_ADDRESS=$(kubectl get dockerregistries.operator.kyma-project.io -n kyma-system default -ojsonpath={.status.externalAccess.pushAddress}) docker login -u ${REGISTRY_USERNAME} -p ${REGISTRY_PASSWORD} ${REGISTRY_ADDRESS}
-
Rename the image to contain the registry address:
export IMAGE_NAME=<IMAGE_NAME> # put your image name here docker tag ${IMAGE_NAME} ${REGISTRY_ADDRESS}/${IMAGE_NAME}
-
Push the image to the registry:
docker push ${REGISTRY_ADDRESS}/${IMAGE_NAME}
-
Create a Pod using the image from Docker Registry:
export REGISTRY_INTERNAL_PULL_ADDRESS=$(kubectl get dockerregistries.operator.kyma-project.io -n kyma-system default -ojsonpath={.status.internalAccess.pullAddress}) kubectl run my-pod --image=${REGISTRY_INTERNAL_PULL_ADDRESS}/${IMAGE_NAME} --overrides='{ "spec": { "imagePullSecrets": [ { "name": "dockerregistry-config" } ] } }'