documentation.suse.com / Getting started with SUSE Private Registry / Deployment

2 Deployment

 

The following procedures describe how to deploy SUSE Private Registry (Private Registry) on a Kubernetes cluster.

2.1 Prerequisites

 

  • A Kubernetes cluster version 1.20 or higher

  • Helm version 3.2.0 or higher

  • Persistent Volume (PV) provisioner support in your infrastructure

  • An active subscription for SUSE Private Registry

2.2 Obtaining Kubernetes secrets from the SUSE Customer Center

 

To download and install the Private Registry images from SUSE Registry, you need a Kubernetes secret with SUSE Customer Center (SCC) mirroring credentials. To obtain the credentials from SCC, follow these steps:

  1. Visit SUSE Customer Center at https://scc.suse.com and log in.

  2. Select the organization with an active Private Registry subscription from the left sidebar.

  3. Select Proxies in the top menu. The credentials are displayed in the top right corner.

  4. To see the password, click the 'eye' icon.

  5. Create a password.txt file containing the obtained password.

      $ head -1 ./password.txt | helm registry login registry.suse.com \
  --username <PRIVATE_REGISTRY_USERNAME> --password-stdin

  6. Create a namespace for SUSE Registry.

    $ kubectl create namespace <PRIVATE_REGISTRY_NAMESPACE>

  7. Store the mirroring credentials retrieved from SCC as Kubernetes secrets by running the following command:

      $ kubectl create secret docker-registry suse-registry \
  --namespace <PRIVATE_REGISTRY_NAMESPACE> \
  --docker-server=registry.suse.com \
  --docker-username=<PRIVATE_REGISTRY_USERNAME> \
  --docker-password=$(head -1 ./password.txt)

  8. Optionally, to use TLS encrypted communication, create a TLS secret from your private key and certificate files.

      $ kubectl create secret tls suse-registry-tls \
  --namespace <PRIVATE_REGISTRY_NAMESPACE> \
  --cert=<CERTIFICATE>.pem \
  --key=<PRIVATE_KEY>.pem

2.3 Installing and running Private Registry using Helm

 

The following procedure describes how to install Private Registry using Helm. Replace <RELEASE_NAME> with your custom release name for the Helm chart deployment.

  1. Log in to SUSE Registry using the obtained SCC mirroring credentials.

      $ head -1 ./password.txt | helm registry login registry.suse.com \
  --username <SUSE_REGISTRY_USERNAME> --password-stdin

  2. Install the latest version of the Private Registry Helm chart.

      $ helm install <RELEASE_NAME> \
  oci://registry.suse.com/private-registry/private-registry-helm \
  --namespace <PRIVATE_REGISTRY_NAMESPACE>

To override the default installation with custom values from the suse_registry_override.yaml file, refer to Appendix A, Overriding the SUSE Private Registry Helm chart.

The command starts deploying several related containers and may take several minutes to complete. It also prints a message with the URL to the Private Registry Web portal and commands to obtain the administrator credentials.

2.4 Upgrading Private Registry

 

To upgrade the release of the Helm chart to a specific newer version, run the following command:

$ helm upgrade <RELEASE_NAME> \
oci://registry.suse.com/private-registry/private-registry-helm --version <NEW_VERSION_OF_HELM_CHART>
--namespace <PRIVATE_REGISTRY_NAMESPACE>