# Install Bundle from a Private Image Registry
This tutorial provides to way to utilize bundles from a private image registry in your Entando projects. The steps below use environment variables to pass the Secret for the authentication required by private registries.
For microservices in a private image registry, follow the install guide here.
# Prerequisites
- A working instance of Entando
- Verify dependencies with the Entando CLI:
ent check-env develop
# Tutorial
# Step 1: Create the Registry Credentials
- Create the registry JSON configuration using your registry and credentials on the port of your choice:
{
"auths": {
"YOUR-REGISTRY.com": {
"username": "YOUR-USERNAME",
"password": "YOUR-PASSWORD"
}
}
}
# Step 2: Create and Apply the Secret
- Create
container-registry-secret.yaml
in your namespace with the following snippet. Replace the registryCredentials value with your own.
kind: Secret
apiVersion: v1
metadata:
name: container-registry-secret
type: Opaque
data:
registryCredentials: "ewogICJhdXRocyI6IHsKICAgICJyZWdpc3RyeS5odWIuZG9ja2VyLmNvbSI6IHsKICAgICAgICAidXNlcm5hbWUiOiAidGVzdG5hbWV4eHgiLAogICAgICAgICJwYXNzd29yZCI6ICJUZXN0bmFtZXBhc3N3ZCIKfQp9Cn0="
- Apply the registry Secret YAML to your Entando instance, replacing the namespace with your own as needed:
ent kubectl apply -f container-registry-secret.yaml -n entando
# Step 3: Add the Environment Variable and Deploy
- Add the environment variable, ENTANDO_CONTAINER_REGISTRY_CREDENTIALS, to your EntandoApp custom resource. To edit the EntandoApp using your namespace:
ent kubectl get EntandoApp -n entando
ent kubectl edit EntandoApp/quickstart -n entando
- Add the
environmentVariables
under the spec property as shown here:
kind: EntandoApp
spec:
environmentVariables:
- name: ENTANDO_CONTAINER_REGISTRY_CREDENTIALS
valueFrom:
secretKeyRef:
name: container-registry-secret
key: registryCredentials
- (Entando 7.1.0-7.1.1 only) The Component Manager (CM) deployment requires modification due to an open issue. Scale the deployment down to 0, add the following spec for the HOME variable, and then restart the CM.
spec:
containers:
- env:
- name: HOME
value: /deployments
- Deploy and install the bundle into Entando:
ent bundle deploy
ent bundle install
# Troubleshooting
# Self-signed Certificate
If your private registry is secured via a self-signed certificate, you need to configure a CA certificate to validate the registry to download the bundle.
- Create an opaque Secret containing the base64 encoded value of the certificate, with
-----BEGIN CERTIFICATE-----
prefix and-----END CERTIFICATE-----
suffix, shown in the following example.
apiVersion: v1
data:
registry.eng-entando.com.crt: >-
# your base64 root certificate
kind: Secret
metadata:
name: YOUR-CA-CERT-SECRET
- Apply the certificate Secret:
kubectl apply -f YOUR-CA-CERT-SECRET.yaml -n entando
- Edit
entando-operator-config
to add the certificate secret to the ConfigMap.
kubectl get ConfigMap -n entandokubectl edit ConfigMap/entando-operator-config -n entando
Add the YOUR-CA-CERT-SECRET
under the data property to refer to your secret, as shown here:
apiVersion: v1
data:
entando.ca.secret.name: YOUR-CA-CERT-SECRET
entando.ingress.class: nginx
entando.k8s.operator.image.pull.secrets: container-registry-secret
entando.k8s.operator.impose.limits: "true"
entando.requires.filesystem.group.override: "true"
entando.tls.secret.name: test-fire-tls-secret
kind: ConfigMap
metadata:
name: entando-operator-config
namespace: entando
Next Steps
- Install Microservices from a Private Image Registry.
- Learn how to create a page in the Entando App Builder.