As part of Okteto's installation, some Custom Resource Definitions (CRDs) are installed in your cluster. These CRDs are used by Okteto to mainly store different information. You can see the list of CRDs installed by Okteto exploring the folder
crds in the templates of the Okteto Helm Chart or by running the following command in your cluster:
kubectl get crd | grep okteto.com
You can let Okteto install these CRDs or you can install them manually on your own, but be aware they are needed for Okteto to work properly. You can use the following configuration setting to let Okteto know if it should install them or not. By default, Okteto will install them.
In Okteto version
1.14 we've changed the way private registry configuration is managed. In
1.14 onward you must configure private registries via the Admin dashboard or by defining them directly in your cluster through one of the CRDs installed by Okteto:
admin.okteto.com. This last case is useful, for example, if you have your own mechanism to provision credentials/secrets in your cluster.
If you prefer to define the registries directly in your cluster, you can do it by creating an Opaque Kubernetes secret in the cluster with the data needed for the registry. Depending on the type of registry, you will need different fields.
Once the secret is created, you will need to create a resource with the apiVersion
admin.okteto.com/v1, which is one of the CRDs installed by Okteto, referring to the secret which contains the credentials.
If you want to define static credentials (username and password) for a private registry you need to create a secret in the Okteto namespace with the username and password to be used. Once created, you need to define a CRD using the name of the resource as the hostname of the registry (e.g.
111122223333.dkr.ecr.eu-central-1.amazonaws.com). For example, if you want to add a configuration for Docker's registry, you will need to create a resource like this:
Defining the port through
spec.static.port is optional and only available for static registries. It should only be used if the registry listens on a port other than the default http(s) 80/443
If you are using custom ports, make sure to run Okteto Chart >=1.14.2
name: index.docker.io # hostname of the registry to be configured
port: 5000 # optional
key: <field in referenced secret> # key of the secret which contains the password
name: <secret-name> # name of the secret where the password is stored
key: <field in referenced secret> # key of the secret which contains the username
name: <secret-name> # name of the secret where the username is stored
In the case of AWS, where you have to specify the Access Key and Access Secret, the process is similar to the static credentials one. You will need to create a secret with those values, and then, create a CRD like this (the name of the resource has to be the hostname of the registry to be configured and it has to end with
name: 111122223333.dkr.ecr.eu-central-1.amazonaws.com # hostname of the registry to be configured
key: <field in referenced secret> # key of the secret which contains the access key
name: <secret-name> # name of the secret where the access key is stored
key: <field in referenced secret> # key of the secret which contains the access secret key
name: <secret-name> # name of the secret where the access secret is stored
Any changes you make to credentials can take a few minutes to propagate to all components in the cluster. To make sure Okteto is able to access the registries, you can check in the Admin dashboard. If you add credentials using CRDs they will be displayed in the UI, but they can't be modified from the UI. If you want to manage them from the UI, they must be created from there.