Skip to main content
Version: 1.19

Custom Resource Definitions

As part of Okteto's installation, some Custom Resource Definitions (CRDs) are installed in your cluster. These CRDs are used by Okteto to mainly store different information. You can see the list of CRDs installed by Okteto exploring the folder crds in the templates of the Okteto Helm Chart or by running the following command in your cluster:

kubectl get crd | grep okteto.com

You can let Okteto install these CRDs or you can install them manually on your own, but be aware they are needed for Okteto to work properly. You can use the following configuration setting to let Okteto know if it should install them or not. By default, Okteto will install them.

Private Registries

Private registry configuration is managed via the Admin dashboard or via one of the CRDs installed by Okteto: admin.okteto.com. This last case is useful, for example, if you have your own mechanism to provision credentials/secrets in your cluster.

To define your private registries using CRDs, you have to create an Opaque Kubernetes secret first with the data needed to access your private registry. Depending on the type of registry, you will need different fields.

Once the secret is created, you will need to create a resource with the apiVersion admin.okteto.com/v1, which is one of the CRDs installed by Okteto, referring to the secret which contains the credentials.

If you want to define static credentials (username and password) for a private registry you need to create a secret in the Okteto namespace with the username and password to be used. Once created, you need to define a CRD using the name of the resource as the hostname of the registry (e.g. index.docker.io or 111122223333.dkr.ecr.eu-central-1.amazonaws.com). For example, if you want to add a configuration for Docker's registry, you will need to create a resource like this:

note

Defining the port through spec.static.port is optional and only available for static registries. It should only be used if the registry listens on a port other than the default http(s) 80/443

apiVersion: admin.okteto.com/v1
kind: Registry
metadata:
  name: index.docker.io # hostname of the registry to be configured
  namespace: okteto
spec:
  static:
    port: 5000 # optional
    passwordSecretRef:
      key: <field in referenced secret> # key of the secret which contains the password
      name: <secret-name> # name of the secret where the password is stored
    userSecretRef:
      key: <field in referenced secret> # key of the secret which contains the username
      name: <secret-name> # name of the secret where the username is stored

In the case of AWS, where you have to specify the Access Key and Access Secret, the process is similar to the static credentials one. You will need to create a secret with those values, and then, create a CRD like this (the name of the resource has to be the hostname of the registry to be configured and it has to end with .amazonaws.com):

apiVersion: admin.okteto.com/v1
kind: Registry
metadata:
  name: 111122223333.dkr.ecr.eu-central-1.amazonaws.com # hostname of the registry to be configured
  namespace: okteto
spec:
  awsIamUser:
    accessKeyIDSecretRef:
      key: <field in referenced secret> # key of the secret which contains the access key
      name: <secret-name> # name of the secret where the access key is stored
    secretAccessKeySecretRef:
      key: <field in referenced secret> # key of the secret which contains the access secret key
      name: <secret-name> # name of the secret where the access secret is stored