.. index:: Registry setup

.. _private-docker-registry:

Docker registry
=============================

The compiled :term:`Docker Images` are stored in a private registry.
You need to setup :term:`Docker Credentials` in order to be able to pull these images.

One of the first steps is to setup a secret to access this registry.

1. You'll get an access token in a file from Sagemath, Inc. – in the following it will be called ``registry-token.txt``.
2. Tell Kubernetes about this registry secret, in the namespace where you'll deploy CoCalc, with the name: ``regcred``:

.. code:: bash

   kubectl [--namespace cocalc] create secret docker-registry regcred \
      --docker-server=docker.io \
      --docker-username=hsysmi \
      --docker-password="$(cat ./registry-token.txt)" \
      --docker-email=hsy@sagemath.com

→ expected output: ``secret/regcred created``

.. note::

  If you name this secret differently than ``regcred``,
  you need to adjust the ``imagePullSecrets`` in the ``values.yaml`` file.

.. note::

  If you received a new token or made a mistake, you have to delete the secret first.
  In particular, the ``create`` command will say:
  ``error: failed to create secret secrets "regcred" already exists``.

  ::

      kubectl [--namespace cocalc] delete secret regcred


Ref:

-  `Blog: Google Container Registry <https://blog.container-solutions.com/using-google-container-registry-with-kubernetes>`_
-  `K8S: Pull image from private registry <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/>`_