To pull images from a private container registry for a TKG Service cluster, configure the workload YAML with the private registry details.

This procedure can be used to pull images from a private container registry, such as Harbor Registry. In this example, we create a pod specification that will use an image stored in a Harbor Registry and utilize the image pull secret previously configured.

Prerequisites

Create an registry credential secret. See Create Private Registry Credential Secret

Procedure

  1. Provision a TKG cluster.
  2. Log in to the cluster.
  3. Create an registry credential secret.
  4. Create an example pod spec with the details about the private registry.
    pod-example.yaml
    apiVersion: v1
    kind: Pod
    metadata:
      name: <workload-name>
      namespace: <kubernetes-namespace>
    spec:
      containers:
      - name: private-reg-container
        image: <Registry-IP-or-FQDN>/<vsphere-namespace>/<image-name>:<version>
      imagePullSecrets:
      - name: <registry-secret-name>
    • Replace <workload-name> with the name of the pod workload.
    • Replace <kubernetes-namespace> with the Kubernetes namespace in the cluster where the pod will be created. This must be the same Kubernetes namespace where the Registry Service image pull secret is stored in the TKG cluster (such as the default namespace).
    • Replace <Registry-IP-or-FQDN> with the IP address or FQDN for the Harbor Registry instance running on the Supervisor.
    • Replace <vsphere-namespace> with the vSphere Namespace where the target TKG cluster is provisioned.
    • Replace <image-name> with an image name of your choice.
    • Replace <version> with an appropriate version of the image, such as "latest".
    • Replace <registry-secret-name> with the name of the Registry Service image pull secret that you created previously.
  5. Create the workload using the pod specification you defined.
    kubectl apply -f pod-example.yaml
    The pod should be created from the image pulled from the registry.