.. index:: Registry setup .. _private-docker-registry: Docker registry ============================= The compiled :term:`Docker Images` are stored in a private registry. You need to setup :term:`Docker Credentials` in order to be able to pull these images. One of the first steps is to setup a secret to access this registry. 1. You'll get an access token in a file from Sagemath, Inc. – in the following it will be called ``registry-token.txt``. 2. Tell Kubernetes about this registry secret, in the namespace where you'll deploy CoCalc, with the name: ``regcred``: .. code:: bash kubectl [--namespace cocalc] create secret docker-registry regcred \ --docker-server=docker.io \ --docker-username=hsysmi \ --docker-password="$(cat ./registry-token.txt)" \ --docker-email=hsy@sagemath.com → expected output: ``secret/regcred created`` .. note:: If you name this secret differently than ``regcred``, you need to adjust the ``imagePullSecrets`` in the ``values.yaml`` file. .. note:: If you received a new token or made a mistake, you have to delete the secret first. In particular, the ``create`` command will say: ``error: failed to create secret secrets "regcred" already exists``. :: kubectl [--namespace cocalc] delete secret regcred GCP Artifact Registry (deprecated) ------------------------------------------- Until April 2024, the images were hosted elsewhere. The instructions are very similar, though. For a file containing secrets with the name ``regcred.json``, run the following command:: kubectl [--namespace cocalc] create secret docker-registry regcred \ --docker-server=europe-docker.pkg.dev \ --docker-username=_json_key \ --docker-password="$(cat ./regcred.json)" \ --docker-email=any@valid.email Ref: - `Blog: Google Container Registry `_ - `K8S: Pull image from private registry `_