Configuring Registry

Every Camel K installation needs a container registry that will be used to host integration container images. This is required to host the images that will be used by Kubernetes to execute the Camel application you’ve built.

Container registry in action

The Camel K operator is in charge to build a Camel application and to "containerize" it, storing the result into a container registry. The same registry is used by the cluster to run the Camel application. Basically the operator push the image and the cluster pull it from the same source.

For the reason above it’s important that you provide a container registry which is accessible from both the operator Pod and the cluster internal mechanisms. However, a default registry is present in certain platforms such as Minikube, Openshift or Docker Desktop.

For any other platform that do not provide a default container registry, then, a registry must be provided accordingly.

How to configure Camel K container registry

When running a production grade installation, you’ll be probably using a private container registry which is accessible via authenticated method. The secret is something that will be included at deployment time as imagePullSecret configuration.

As each registry may have a slightly different way of securing the access you can use the generic guidelines provided in Secret registry configuration and adjust accordingly. We expect that at the end of the process you have a public address (1) an organization (2) and a secret (3) values that will be used to configure the registry.

You will need to create or edit any existing IntegrationPlatform custom resource with the values as expected in the .spec.build.registry.

apiVersion: camel.apache.org/v1
kind: IntegrationPlatform
metadata:
  labels:
    app: camel-k
  name: camel-k
spec:
  build:
    registry:
      address: <my-registry-address> (1)
      organization: <my-organization> (2)
      secret: <my-secret-credentials> (3)

The changes will be immediately reconciled and the operator will be able to push and pull resources in a secure manner.

Container registry requirements

Each platform may have its default registry of choice. And each container registry may have a slight different configuration. Please, be aware that we won’t be able to support all the available solutions.

The only requirement we have is that the registry must be able to produce/consume images with the following tagging convention: <registry-host>[:<registry-port>]/<k8s-namespace>/kit-<hash-code>@sha256:<sha256-code>, ie 10.110.251.124/default/kit-ck0612dahvgs73ffe5g0@sha256:3c9589dd093b689aee6bf5c2d35aa1fce9d0e76d5bb7da8b61d87e7a1ed6f36a.

This should be within the standard convention adopted by pulling a Docker image by digest (immutable).

you can configure Camel K to use an insecure private registry. However, your Kubernetes cluster may not be able to pull images from an insecure registry without proper configuration.

Special container registry requirements

We have some hints that can help you configuring on the most common platforms:

Run your own container registry

You can also run your own registry, but this option is recommended only for advanced use cases as it may requires certain changes in the cluster configuration, so, make sure to understand how each change may affect your cluster. As you’ve seen in the diagram above, the cluster has to be aware of the presence of the registry in order to pull the images pushed by the operator.

Back to top