Setup Katapult Container Registry with Kubernetes

To pull container images from the Katapult Container Registry (KCR) in your Kubernetes cluster, you need to create an image pull secret. This allows your cluster to authenticate with the registry when deploying containers.

Creating an Image Pull Secret

To create a Kubernetes secret for pulling images from the Katapult Container Registry, use the following kubectl command:

kubectl create secret docker-registry katapult-registry-secret \
    --docker-server=kcr.io \
    --docker-username=<your-katapult-username> \
    --docker-password=<your-registry-token> \
    --namespace=<your-namespace>

Using the Image Pull Secret

Once you've created the image pull secret, you need to reference it in your Kubernetes manifests. This can be done in one of two ways:

Option 1: Add imagePullSecrets to your Pod spec

apiVersion: v1
kind: Pod
metadata:
    name: my-app
    namespace: your-namespace
spec:
    containers:
    - name: app-container
        image: kcr.io/your-organization/your-image:tag
    imagePullSecrets:
    - name: katapult-registry-secret

Option 2: Add the Secret to a ServiceAccount

You can add the image pull secret to a ServiceAccount, which will automatically apply it to all pods created using that ServiceAccount:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: your-namespace
imagePullSecrets:
  - name: katapult-registry-secret

To use this ServiceAccount in your pod:

apiVersion: v1
kind: Pod
metadata:
    name: my-app
    namespace: your-namespace
spec:
    serviceAccountName: default  # Reference the ServiceAccount with the pull secret
    containers:
    - name: app-container
        image: kcr.io/your-organization/your-image:tag