To pull images from a private container registry for a Tanzu Kubernetes cluster workload, configure the workload YAML with the private registry details.

This procedure can be used to pull images from a private container registry, or the embedded Harbor Registry. In this example, we create a pod specification that will use an image stored in the embedded Harbor Registry and utilize the image pull secret previously configured.


Review the workflow for using the embedded Harbor Registry with Tanzu Kubernetes clusters. See Using a Container Registry for vSphere with Tanzu Workloads.

Configure a Tanzu Kubernetes cluster with the image pull secret for the embedded Harbor Registry. See Configure a Tanzu Kubernetes Cluster with the Image Pull Secret for the Embedded Harbor Registry.

To perform this task you will need to have an image in the registry. See Push Images to the Embedded Harbor Registry.


  1. Create an example pod spec with the details about the private registry.
    apiVersion: v1
    kind: Pod
      name: <workload-name>
      namespace: <kubernetes-namespace>
      - name: private-reg-container
        image: <Registry-IP-Address>/<vsphere-namespace>/<image-name>:<version>
      - name: <registry-secret-name>
    • Replace <workload-name> with the name of the pod workload.
    • Replace <kubernetes-namespace> with the Kubernetes namespace in the cluster where the pod will be created. This must be the same Kubernetes namespace where the Registry Service image pull secret is stored in the Tanzu Kubernetes cluster (such as the default namespace).
    • Replace <Registry-IP-Address> with the IP address for the embedded Harbor Registry instance running on the Supervisor Cluster.
    • Replace <vsphere-namespace> with the vSphere Namespace where the target Tanzu Kubernetes is provisioned.
    • Replace <image-name> with an image name of your choice.
    • Replace <version> with an appropriate version of the image, such as "latest".
    • Replace <registry-secret-name> with the name of the Registry Service image pull secret that you created previously.
  2. Create a workload in the Tanzu Kubernetes cluster based on the pod specification you defined.
    kubectl --kubeconfig=<path>/cluster-kubeconfig apply -f <pod.yaml>
    The pod should be created from the image pulled from the registry.