You can use an external registry for Epinio to store application images.
You can do this by setting the following variables during the
helm install \
--set containerregistry.enabled=false \
--set global.registryURL=$REGISTRY_URL \
--set global.registryNamespace=$REGISTRY_NAMESPACE \
--set global.registryUsername=$REGISTRY_USER \
--set global.registryPassword=$REGISTRY_PASSWORD \
... (other options here) \
Using Docker Hub as an example, you would have to set
the value of
$REGISTRY_PASSWORD are set to the Docker Hub credentials.
would be either an organization or username.
With these arguments set, Epinio doesn't deploy a registry on the cluster.
Advanced setup for a secure external registry
When access to the external registry is secured via TLS it's necessary to make the correct certificate known to both Epinio and the cluster (that is, the kubelets).
epinio-external-registry-tls is the name of the Kubernetes secret used to store the certificate then adding to the
helm install command:
is enough to make the certificate known to Epinio.
The secret needs to be in the
The certificate needs to be under the key
tls.crt of that secret
and needs to be in PEM format.
Making the same information known to the cluster itself, that is, the kubelets, differs between distributions of Kubernetes.
Assuming a k3s cluster running on an openSUSE or SLE-based host, and the certificate is in a file named
CA.pem, in the current working directory the commands would be:
sudo cp CA.pem /etc/pki/trust/anchors/
sudo systemctl restart k3s[-agent].service