Overview

Control Plane can pull container images from public or private Docker compatible repositories. Pull secrets are required when pulling images from private repositories or from another Control Plane Org. When using the Control Plane built-in private image registry provided for your Org, a pull secret is not required.

Prerequisites

  • The user following the steps below must be a member of the superusers group or have the following permissions within a policy:

    • Secrets
      • create
      • use
    • GVC
      • edit
      • create (if a GVC needs to be created)
    • Workload
      • edit
      • create (if a workload needs to be created)
  • Optional:

    • CLI installed

Pull From Public Repositories

Use the following formats when pulling from a public repository:

  1. Amazon ECR: public.ecr.aws/REGISTRY-ALIAS/IMAGE_NAME:TAG
  2. Docker Hub: IMAGE_NAME:TAG
  3. GCR: gcr.io/REGISTRY/IMAGE_NAME:TAG
  4. GitHub Container Registry: ghcr.io/OWNER/IMAGE_NAME:TAG

Pull From Private Repositories

Step 1 - Create a Pull Secret

  • If pulling an image from the Control Plane private image registry provided for your Org, skip to step 3.

  • If pulling an image from another Control Plane Org, continue with this step.

  1. Create a new pull secret by either:
    • Clicking Secrets in the left menu and clicking New, or
    • Using the Create dropdown in the upper right corner and selecting Secret.
  2. Enter a unique name and an optional description.
  3. From the Secret Type dropdown, select one of the following:
  4. After entering the secret content, click Next (Tags).
  5. Enter any optional tags. Click Create. The secret has been successfully created.

If you wish, the CLI can be used instead of the console.

See secret create-docker, secret create-gcp

Step 2 - Associate with a GVC

  1. Click GVC in the left menu and click the Pull Secrets link.
  2. Click the Add button, select the secret created in step 1 and click OK.
  3. Click Save. The secret is now associated with the GVC as a Pull Secret.

Step 3 - Configure Workload

  1. Refer to the Create a Workload guide and workload reference page to create/manage your workload.

  2. For the step where the image name is entered, follow the syntax below for the target registry:

    Registry:

    • Control Plane (Same Org): /org/ORG_NAME/image/IMAGE_NAME:TAG or //image/IMAGE_NAME:TAG
    • Control Plane (Cross Org): ORG_NAME.registry.cpln.io/IMAGE_NAME:TAG
    • Amazon ECR: AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/IMAGE_NAME:TAG
    • Azure CR: REGISTRY.azurecr.io
    • Docker: IMAGE_NAME:TAG
    • GCR: gcr.io/IMAGE_NAME:TAG
    • GitHub Container Registry: ghcr.io/OWNER/IMAGE_NAME:TAG
  3. After creating or saving the workload, a new deployment will be queued. Click on the Deployments link to view the deployment status. If there is an error (i.e. authentication failed), it will be display under each deployment.