Using Third Party Registries


#1

Replicated can integrate with your third party private registry (ie Docker Trusted Registry, Quay.io, ECR, GCR etc). To connect to these external registries you’ll need to connect your vendor account to these accounts on the app images page.

You’ll need to provide us with a reference name, endpoint, username, password and email address (we recommend creating a specific account for Replicated with read-only access to use).

Your credentials will never be shared or used by the customer to pull your images, instead your images will be proxied by us for each installation.

Native Scheduler

To access these images in your YAML you’ll need to use the reference name as the source & then the image name will need to provide the image name location, along with the version tag.

components:
- name: App
  containers:
  - source: mythirdpartyprivateregistry
    image_name: namespace/imagename
    version: 2.0.0

Swarm and Kubernetes

Swarm and Kubernetes require additional information

images:
- source: mythirdpartyprivateregistry
  name: namespace/imagename
  tag: 2.0.0
---
# kind: scheduler-swarm
version: '3.3'

services:
  my_service:
    image: quay.io/namespace/imagename:2.0.0

Ship

For delivering images in ship, see Ship a Private Image in the Getting Started with Ship guide.


How do I add private Google Container Registry images in my application?
Unable to pull image from Quay: access to the requested resource is not authorized
#2

From the above, it was clear that the alias defined in the field “Name (Ref)” under Application -> Settings needed to be put into the release yaml under ‘components.containers.source’, but it wasn’t clear to me that ‘services.blah.image’ needed to be quay.io/mycompany/blah:v1 (if I’m using quay.io) and not mythirdpartyprivateregistry/mycompany/blah:v1


#4

To clarify the setup of ECR, since what needs to be provided for each field can be a little unclear:

  1. You choose the name
  2. The endpoint is of the form <account id>.dkr.ecr.<region>.amazonaws.com
  3. The username is the AWS access key ID
  4. The password is the AWS access token
    And the email does not matter.