Okteto registry
The Okteto Registry allows every Okteto namespace to have its own space to store its container images.
Authentication
You can use Okteto CLI to build and push images to the Okteto Registry.
Run okteto context
to configure Okteto CLI to be able to push images. This command will download the required tokens and certificates required to push and pull images to the Okteto Registry.
Push images into the Okteto Registry
The Okteto CLI is automatically configured to interact with the Okteto Registry. Just make sure that you're using the registry URL with your Okteto namespace.
okteto build -t okteto.dev/hello-world:golang .
When using the Okteto CLI, you can use the notation okteto.dev
to refer to images in your Namespace. okteto.dev
gets expanded to registry.okteto.example.com/<okteto-namespace>
. For example, okteto.dev/hello-world:golang
expands to registry.okteto.example.com/cindy/hello-world:golang
for the namespace cindy
and expands to registry.okteto.example.com/tom/hello-world:golang
for the namespace tom
. You can configure your current namespace using Okteto CLI's okteto namespace
command.
You can also use okteto.dev
in your Dockerfiles when building using the Okteto CLI.
# Dockerfile
FROM okteto.dev/hello-world:golang
WORKDIR /app
COPY main.go ./
RUN go build -o /usr/local/bin/hello-world
EXPOSE 8080
CMD ["/usr/local/bin/hello-world"]
However, please note that this would not work if you try to build using docker build
instead. In that case, you'll need to use the full expanded URL for your images.
When using the expanded URL for the Okteto Registry, please make sure that your image names follow the following scheme, where <okteto-namespace>
is a valid Okteto Namespace.
registry.okteto.example.com/<okteto-namespace>/<image>:<tag>
Use images from the Okteto Registry
Any image pushed into the Okteto Registry is private. You'll need to authenticate with the registry before pulling an image.
Namespaces in Okteto are automatically allowed to pull images that belong to their namespace automatically. If your application uses images from the Okteto Registry, it'll be able to pull container images without any extra configuration.
To pull an image from a different namespace, you'll need to create and configure the required imagePullSecrets
as outlined here.
Push helm chart into the Okteto Registry
Just as you can push images to the Okteto Registry, you also have the option to push Helm charts. To do this, the first step is to log in to the registry where you want to push the chart. For this you will need some credentials that you can obtain by executing the okteto context show
command. This command will show you information about the current okteto context in use.
{
"name": "https://okteto.example.com",
"id": "3cf4529c-1gbd-4364-99cf-3f4bbe499adb",
"username": "CindyLopez",
"token": "i3kDEh4FKqrJzY7e7Qamd8CfTTrjkPOTN5ftHoKl",
"namespace": "cindy-namespace",
"builder": "tcp://buildkit.okteto.example.com:1234",
"registry": "registry.okteto.example.com",
"personalNamespace": "cindylopez",
"isOkteto": true
}
You can retrieve your username, password (token), and the domain for your registry from the output. Using the deploy section of the manifest, you can use these values using the OKTETO_USERNAME
, OKTETO_TOKEN
, OKTETO_NAMESPACE
and OKTETO_REGISTRY_URL
environment variables since Okteto will resolve their values for you. If the commands are not executed through the manifest, then you must define the values for these environment variables.
helm registry login ${OKTETO_REGISTRY_URL} -u ${OKTETO_USERNAME} -p ${OKTETO_TOKEN}
Once you are logged in you will need to package the chart.
helm package ./chart
After that you can push the packaged Helm chart to the registry.
helm push ./movies-api-0.1.0.tgz oci://${OKTETO_REGISTRY_URL}/${OKTETO_NAMESPACE}
Once the packaged chart has been pushed to the Okteto Registry, you can pull it by using the command below:
helm pull oci://${OKTETO_REGISTRY_URL}/${OKTETO_NAMESPACE}/movies-api --version 0.1.0