documentation.suse.com / Getting started with SUSE Private Registry / Deployment

2 Deployment

The following procedures describe how to deploy SUSE Private Registry (Private Registry) on a Kubernetes cluster.

2.1 Prerequisites

  • A Kubernetes cluster version 1.20 or higher

  • Helm version 3.2.0 or higher

  • Persistent Volume (PV) provisioner support in your infrastructure

  • An active subscription for SUSE Private Registry

2.2 Obtaining Kubernetes secrets from the SUSE Customer Center

To download and install the Private Registry images from SUSE Registry, you need a Kubernetes secret with SUSE Customer Center (SCC) mirroring credentials. To obtain the credentials from SCC, follow these steps:

  1. Visit SUSE Customer Center at https://scc.suse.com and log in.

  2. Select the organization with an active Private Registry subscription from the left sidebar.

  3. Select Proxies in the top menu. The credentials are displayed in the top right corner.

  4. To see the password, click the 'eye' icon.

  5. Create a password.txt file containing the obtained password.

      $ head -1 ./password.txt | helm registry login registry.suse.com \
      --username <PRIVATE_REGISTRY_USERNAME> --password-stdin
  6. Create a namespace for SUSE Registry.

    $ kubectl create namespace <PRIVATE_REGISTRY_NAMESPACE>
  7. Store the mirroring credentials retrieved from SCC as Kubernetes secrets by running the following command:

      $ kubectl create secret docker-registry suse-registry \
      --namespace <PRIVATE_REGISTRY_NAMESPACE> \
      --docker-server=registry.suse.com \
      --docker-username=<PRIVATE_REGISTRY_USERNAME> \
      --docker-password=$(head -1 ./password.txt)
  8. Optionally, to use TLS encrypted communication, create a TLS secret from your private key and certificate files.

      $ kubectl create secret tls suse-registry-tls \
      --namespace <PRIVATE_REGISTRY_NAMESPACE> \
      --cert=<CERTIFICATE>.pem \
      --key=<PRIVATE_KEY>.pem

2.3 Installing and running Private Registry using Helm

The following procedure describes how to install Private Registry using Helm. Replace <RELEASE_NAME> with your custom release name for the Helm chart deployment.

  1. Log in to SUSE Registry using the obtained SCC mirroring credentials.

  2. Install the latest version of the Private Registry Helm chart. To override the default installation with custom values from the suse_registry_override.yaml file`, refer to Appendix A, Overriding the SUSE Private Registry Helm chart.

      $ helm install <RELEASE_NAME> \
      oci://registry.suse.com/private-registry/private-registry-helm \
      --namespace <PRIVATE_REGISTRY_NAMESPACE>
    The command starts deploying several related containers and may take several minutes to complete.
    It also prints a message with the URL to the {productnameshort} Web portal and commands to obtain the administrator credentials.

2.4 Upgrading Private Registry

To upgrade the release of the Helm chart to a specific newer version, run the following command:

$ helm upgrade <RELEASE_NAME> \
oci://registry.suse.com/private-registry/private-registry-helm --version <NEW_VERSION_OF_HELM_CHART>>
-namespace <PRIVATE_REGISTRY_NAMESPACE>
Documentation survey