Authenticated Container Registries
If you want to use an image from authenticated docker registry (e.g. for image cache/mirror), you'll need to add an
imagePullSecret to all relevant service accounts. This way all pods created by the operator (for service account:
rook-ceph-system) or all new pods in the namespace (for service account:
default) will have the
imagePullSecret added to their spec.
The whole process is described in the official kubernetes documentation.
Example setup for a ceph cluster¶
To get you started, here's a quick rundown for the ceph example from the quickstart guide.
First, we'll create the secret for our registry as described here (the secret will be created in the
rook-ceph namespace, make sure to change it if your Rook Ceph Operator/Cluster is in another namespace):
Next we'll add the following snippet to all relevant service accounts as described here:
The service accounts are:
rook-ceph): Will affect all pods created by the rook operator in the
rook-ceph): Will affect most pods in the
rook-ceph): Will affect the MGR pods in the
rook-ceph): Will affect the OSD pods in the
rook-ceph): Will affect the RGW pods in the
You can do it either via e.g.
kubectl -n <namespace> edit serviceaccount default or by modifying the
cluster.yaml before deploying them.
Since it's the same procedure for all service accounts, here is just one example:
After doing this for all service accounts all pods should be able to pull the image from your registry.