Pull an image

Overview

Control Plane can pull container images from public or private Docker compatible repositories. Pull secrets are required when pulling images from private repositories or from another Control Plane Org. When using the Control Plane built-in private image repository provided for your org, a pull secret is not required.

Prerequisites

• The user following the steps below must be a member of the superusers group or have the following permissions within a policy:

  • Secrets
    • create
    • use
  • GVC
    • edit
    • create (if a GVC needs to be created)
  • Workload
    • edit
    • create (if a workload needs to be created)

• Optional:

  • CLI installed

Pull From Public Repositories

Use the following formats when pulling from a public repository:

1. Amazon ECR: public.ecr.aws/REGISTRY-ALIAS/IMAGE_NAME:TAG
2. Docker Hub: IMAGE_NAME:TAG
3. GCR: gcr.io/REGISTRY/IMAGE_NAME:TAG
4. GitHub Container Registry: ghcr.io/OWNER/IMAGE_NAME:TAG

Pull From Private Repositories

Step 1 - Create a Pull Secret

1. Create a new pull secret by either:
   • Clicking Secrets in the left menu and click New, or
   • Click the Create dropdown in the upper right corner and select Secret.
2. Enter a unique name and optional description.
3. From the Secret Type dropdown, select one of the following:
   • Create a new Docker secret for images stored at:
     • Another Org's private repository at Control Plane.
     • Docker Hub.
     • Azure Container Registry.
     • GitHub Container Registry.
   • Create a new Amazon ECR secret for images stored at:
     • Amazon ECR.
   • Create a new GCR secret for images stored at:
     • GCR.
4. After entering the secret content, click Next (Tags).
5. Enter any optional tags. Click Create. The secret has been successfully created.

Step 2 - Associate with a GVC

1. Click GVC in the left menu and click the Pull Secrets link.
2. Click the Add button, select the secret created in step 1 and click OK.
3. Click Save. The secret is now associated with the GVC as a Pull Secret.

Step 3 - Configure Workload

1. Refer to the Create a Workload guide and Workload reference page to create/manage your workload.

2. For the step where the image name is entered, follow the syntax below for the target registry:

   Registry:

   • Control Plane (Same Org): /org/ORG_NAME/image/IMAGE_NAME:TAG or //image/IMAGE_NAME:TAG
   • Control Plane (Cross Org): ORG_NAME.registry.cpln.io/IMAGE_NAME:TAG
   • Amazon ECR: AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/IMAGE_NAME:TAG
   • Azure CR: REGISTRY.azurecr.io
   • Docker: IMAGE_NAME:TAG
   • GCR: gcr.io/IMAGE_NAME:TAG
   • GitHub Container Registry: ghcr.io/OWNER/IMAGE_NAME:TAG

3. After creating or saving the Workload, a new deployment will be queued. Click on the Deployments link to view the deployment status. If there is an error (i.e. authentication failed), it will be display under each deployment.