Skip to main content

Using CCR with Crusoe Managed Kubernetes (CMK)

To pull images from a CCR repository in your CMK cluster, you must provide credentials via a Kubernetes Secret. This allows your pods to authenticate with CCR.

Create a Registry Token

First, generate a new, long-lived token for your cluster to use.

crusoe registry tokens create --alias cmk-prod-cluster-token

To create a token in the UI, select “Registry” on the sidebar, then your repository’s details page, then “Create Token”.

Save the token securely.

Create the Kubernetes Secret

Next, use kubectl to create a docker-registry secret in your cluster. Provide your CCR repository URL, your Crusoe account email as the username, and the token from the previous step as the password.

kubectl create secret docker-registry ccr-credentials \
  --docker-server=<your-ccr-repository-url> \
  --docker-username=<[email protected]> \
  --docker-password=<paste-your-ccr-token-here> \
  --namespace=my-app-namespace

Reference the Secret in a Deployment

In your Kubernetes Deployment manifest, reference the secret in the spec.template.spec.imagePullSecrets field. This allows pods created by this deployment to authenticate with CCR.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: example-app-on-cmk
spec:
  template:
    spec:
      containers:
        - image: registry.us-east1-a.ccr.crusoecloudcompute.com/my-app-repo.7dhg29ls/my-app:v1.2
          name: app-image
      imagePullSecrets:
        - name: ccr-credentials

Now, when you apply this deployment, your pods will be able to successfully pull the private image from your CCR repository.