Docker registry

The compiled Docker Images are stored in a private registry. You need to setup Docker Credentials in order to be able to pull these images.

One of the first steps is to setup a secret to access this registry.

  1. You’ll get an access token in a file from Sagemath, Inc. – in the following it will be called registry-token.txt.

  2. Tell Kubernetes about this registry secret, in the namespace where you’ll deploy CoCalc, with the name: regcred:

kubectl [--namespace cocalc] create secret docker-registry regcred \ \
   --docker-username=hsysmi \
   --docker-password="$(cat ./registry-token.txt)" \
   --docker-email=[email protected]

→ expected output: secret/regcred created


If you name this secret differently than regcred, you need to adjust the imagePullSecrets in the values.yaml file.


If you received a new token or made a mistake, you have to delete the secret first. In particular, the create command will say: error: failed to create secret secrets "regcred" already exists.

kubectl [--namespace cocalc] delete secret regcred

GCP Artifact Registry (deprecated)

Until April 2024, the images were hosted elsewhere. The instructions are very similar, though. For a file containing secrets with the name regcred.json, run the following command:

kubectl [--namespace cocalc] create secret docker-registry regcred \ \
    --docker-username=_json_key \
    --docker-password="$(cat ./regcred.json)" \