Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.controlplane.com/llms.txt

Use this file to discover all available pages before exploring further.

Control Plane can pull container images from any Docker-compatible registry. Public images work out of the box, while private registries require pull secrets.

When to use this

Private registries

Pull from Docker Hub private repos, Amazon Elastic Container Registry (ECR), Google Container Registry (GCR), Google Artifact Registry (GAR), Azure Container Registry (ACR), or GitHub Container Registry (GHCR).

Cross-org images

Use images from another Control Plane organization

Enterprise registries

Connect to self-hosted or enterprise container registries

Secure supply chain

Control access to private images with pull secrets

Prerequisites

The CLI is optional but helpful. See Installation.

Pull from public registries

Public images do not require pull secrets. Use these formats:
RegistryFormat
Docker HubIMAGE_NAME:TAG
Amazon ECR Publicpublic.ecr.aws/REGISTRY-ALIAS/IMAGE:TAG
Google Artifact RegistryLOCATION-docker.pkg.dev/PROJECT/REPO/IMAGE:TAG
GitHub Container Registryghcr.io/OWNER/IMAGE:TAG

Pull from private registries

1

Create a pull secret

  1. Navigate to Secrets in the left menu.
  2. Click New or use the Create dropdown.
  3. Enter a name for the secret.
  4. Select the secret type:
    • Docker for Docker Hub, Azure Container Registry, Google Artifact Registry, GitHub Container Registry, or another Control Plane org
    • ECR for Amazon ECR
    • GCP for Google Container Registry
  5. Click Data, then enter the credentials.
  6. Click Create.
Images from your own org’s Control Plane registry do not need a pull secret.
2

Associate with a GVC

  1. Navigate to your GVC.
  2. Click Pull Secrets.
  3. Click Add Pull Secret, select your secret, and click OK.
  4. Click Update.
3

Configure your workload

Reference the image in your workload using the appropriate format:
RegistryImage Format
Control Plane (same org)//image/IMAGE:TAG
Control Plane (cross-org)ORG.registry.cpln.io/IMAGE:TAG
Docker HubIMAGE:TAG
Amazon ECRACCOUNT.dkr.ecr.REGION.amazonaws.com/IMAGE:TAG
Azure Container RegistryREGISTRY.azurecr.io/IMAGE:TAG
Google Container Registrygcr.io/PROJECT/IMAGE:TAG
GitHub Container Registryghcr.io/OWNER/IMAGE:TAG

Pull from Control Plane registry

Same organization

No pull secret is needed: 
containers:
  - name: my-container
    image: //image/my-app:v1

Cross-organization

  1. Create a Docker secret with the other org’s credentials.
  2. Add it as a pull secret to your GVC.
  3. Reference the image:
containers:
  - name: my-container
    image: other-org.registry.cpln.io/my-app:v1

Troubleshooting

  1. Verify the secret credentials are correct.
  2. Check the secret is associated with the GVC.
  3. Ensure the secret type matches your registry.
Verify the image name and tag are correct. Check the registry for the exact image path.
  • Ensure the source org has granted access and your Docker secret has the correct credentials.
  • Learn more about configuring a secret for pulling images from other Control Plane orgs.

Next steps

Push Images

Push images to Control Plane registry

Copy Images

Copy images between organizations

Create a Workload

Deploy containers with your images

Secrets Reference

Learn about secret types