2 Deployment #
The following procedures describe how to deploy SUSE Private Registry (Private Registry) on a Kubernetes cluster.
2.1 Prerequisites #
- A Kubernetes cluster version 1.20 or higher 
- Helm version 3.2.0 or higher 
- Persistent Volume (PV) provisioner support in your infrastructure 
- An active subscription for SUSE Private Registry 
2.2 Obtaining Kubernetes secrets from the SUSE Customer Center #
To download and install the Private Registry images from SUSE Registry, you need a Kubernetes secret with SUSE Customer Center (SCC) mirroring credentials. To obtain the credentials from SCC, follow these steps:
- Visit SUSE Customer Center at https://scc.suse.com and log in. 
- Select the organization with an active Private Registry subscription from the left sidebar. 
- Select - Proxiesin the top menu. The credentials are displayed in the top right corner.
- To see the password, click the 'eye' icon. 
- Create a - password.txtfile containing the obtained password.- $ head -1 ./password.txt | helm registry login registry.suse.com \ --username <PRIVATE_REGISTRY_USERNAME> --password-stdin 
- Create a namespace for SUSE Registry. - $ kubectl create namespace <PRIVATE_REGISTRY_NAMESPACE> 
- Store the mirroring credentials retrieved from SCC as Kubernetes secrets by running the following command: - $ kubectl create secret docker-registry suse-registry \ --namespace <PRIVATE_REGISTRY_NAMESPACE> \ --docker-server=registry.suse.com \ --docker-username=<PRIVATE_REGISTRY_USERNAME> \ --docker-password=$(head -1 ./password.txt) 
- Optionally, to use TLS encrypted communication, create a TLS secret from your private key and certificate files. - $ kubectl create secret tls suse-registry-tls \ --namespace <PRIVATE_REGISTRY_NAMESPACE> \ --cert=<CERTIFICATE>.pem \ --key=<PRIVATE_KEY>.pem 
2.3 Installing and running Private Registry using Helm #
The following procedure describes how to install Private Registry using Helm.
Replace <RELEASE_NAME> with your custom release name for the Helm chart deployment.
- Log in to SUSE Registry using the obtained SCC mirroring credentials. - $ head -1 ./password.txt | helm registry login registry.suse.com \ --username <SUSE_REGISTRY_USERNAME> --password-stdin
- Install the latest version of the Private Registry Helm chart. - $ helm install <RELEASE_NAME> \ oci://registry.suse.com/private-registry/private-registry-helm \ --namespace <PRIVATE_REGISTRY_NAMESPACE>
To override the default installation with custom values from the suse_registry_override.yaml file, refer to Appendix A, Overriding the SUSE Private Registry Helm chart.
The command starts deploying several related containers and may take several minutes to complete. It also prints a message with the URL to the Private Registry Web portal and commands to obtain the administrator credentials.
2.4 Upgrading Private Registry #
To upgrade the release of the Helm chart to a specific newer version, run the following command:
$ helm upgrade <RELEASE_NAME> \ oci://registry.suse.com/private-registry/private-registry-helm --version <NEW_VERSION_OF_HELM_CHART> --namespace <PRIVATE_REGISTRY_NAMESPACE>