Pull an image

Overview

Control Plane can pull container images from public or private repositories. Pull secrets are required when pulling images from private repositories. When using the Control Plane built-in private image repository provided for your org, pull secrets are not required.

Prerequisites

• The user following the steps below must be a member of the superusers group or have the following permissions within a policy:

  • Secrets
    • create
    • use
  • GVC
    • edit
    • create (if a GVC needs to be created)
  • Workload
    • edit
    • create (if a workload needs to be created)

• Optional:

  • CLI installed

Pull From Public Repositories

Use the following formats when pulling from a public repository:

1. Amazon ECR: public.ecr.aws/REGISTRY-ALIAS/IMAGE_NAME:TAG
2. Docker Hub: IMAGE_NAME:TAG
3. GCR: gcr.io/REGISTRY/IMAGE_NAME:TAG

Pull From Private Repositories

Step 1 - Create a Pull Secret

If you are using the Control Plane private repository provided for your org, skip to step 3.

1. Create a new pull secret by either:
   • Clicking Secrets in the left menu and click New, or
   • Click the Create dropdown in the upper right corner and select Secret.
2. Enter a unique name and optional description.
3. From the Secret Type dropdown, select one of the following:
   • For images stored at Docker Hub or Azure Container Registry, create a new Docker secret.
   • For images stored at Amazon ECR, create a new Amazon ECR secret.
   • For images stored at GCR, create a new GCR secret.
4. After entering the secret content, click Next (Tags).
5. Enter any optional tags. Click Create. The secret has been successfully created.

Step 2 - Associate with a GVC

1. Click GVC in the left menu and click the Pull Secrets link.
2. Click the Add button, select the secret created in step 1 and click OK.
3. Click Save. The secret is now associated with the GVC as a pull secret.

Step 3 - Configure Workload

1. Refer to the Create a Workload guide and workload reference page to create/manage your workload.

2. For the step where the image name is entered, follow the syntax below for the target registry:

   Registry:

   • Control Plane: /org/ORG_NAME/image/IMAGE_NAME:TAG or //image/IMAGE_NAME:TAG
   • Amazon ECR: AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/IMAGE_NAME:TAG
   • Azure CR: REGISTRY.azurecr.io
   • Docker: IMAGE_NAME:TAG
   • GCR: gcr.io/IMAGE_NAME:TAG

3. After creating or saving the workload, a new deployment will be queued. Click on the Deployments link to view the deployment status. If there is an error (i.e. authentication failed), it will be display under each deployment.