Skip to main content
Version: 1.24

Custom Resource Definitions

As part of Okteto's installation, several Custom Resource Definitions (CRDs) are installed in your cluster. These CRDs primarily store different types of information necessary for Okteto's functionality. You can view the list of Okteto's CRDs by exploring the crds folder in the templates of the Okteto Helm Chart or by running the following command:

kubectl get crd | grep okteto.com

You can let Okteto install these CRDs or you can choose to install them manually, but be aware they are needed for Okteto to work properly. You can use the following configuration setting to let Okteto know if it should install them or not. By default, Okteto will install them.

Private Registries

Private registry configurations can be managed either through the Admin dashboard or by using one of Okteto’s installed CRDs: admin.okteto.com. This last case is useful, for example, if you have your own mechanism to provision credentials/secrets in your cluster.

There are 3 types of registries you can configure: Static credentials, AWS IAM User and AWS IAM Role.

Static Credentials

To define your private registries with static credentials using CRDs, you must first create an Opaque Kubernetes secret containing the necessary data to access your private registry. This secret should include both the username and password for accessing the registry.

Once the secret is created, you will need to create a resource with the apiVersion: admin.okteto.com/v1 and Registry kind, which is one of the CRDs installed by Okteto, referring to the secret which contains the credentials.

The name of this new resource should be the hostname of the registry (e.g. index.docker.io). For example, if you want to add a configuration for Docker's registry, you will need to create a resource like this:

note

Defining the port through spec.static.port is optional and only available for static registries. It should only be used if the registry listens on a port other than the default http(s) 80/443

apiVersion: admin.okteto.com/v1
kind: Registry
metadata:
  name: index.docker.io # hostname of the registry to be configured
  namespace: okteto
spec:
  static:
    port: 5000 # optional
    passwordSecretRef:
      key: <field in referenced secret> # key of the secret which contains the password
      name: <secret-name> # name of the secret where the password is stored
    userSecretRef:
      key: <field in referenced secret> # key of the secret which contains the username
      name: <secret-name> # name of the secret where the username is stored

AWS IAM User

In the case of AWS IAM User, where you have to specify the Access Key and Access Secret, the process is similar to the static credentials one. For AWS IAM User credentials (Access Key and Secret Access Key), the process is similar to configuring static credentials. First, create a secret containing the Access Key and Secret Access Key values. Then, create a CRD like this (the name of the resource has to be the hostname of the registry to be configured and it has to end with .amazonaws.com, e.g. 111122223333.dkr.ecr.eu-central-1.amazonaws.com):

apiVersion: admin.okteto.com/v1
kind: Registry
metadata:
  name: 111122223333.dkr.ecr.eu-central-1.amazonaws.com # hostname of the registry to be configured
  namespace: okteto
spec:
  awsIamUser:
    accessKeyIDSecretRef:
      key: <field in referenced secret> # key of the secret which contains the access key
      name: <secret-name> # name of the secret where the access key is stored
    secretAccessKeySecretRef:
      key: <field in referenced secret> # key of the secret which contains the access secret key
      name: <secret-name> # name of the secret where the access secret is stored

You can find more information here about how to obtain the values to use.

AWS IAM Role

In this case, the process is a bit simpler. It doesn't require a secret, as it doesn't store sensitive information. So, you will only need to create a CRD like the following one specifying the registry hostname as the resource name (it has to end with .amazonaws.com, e.g. 111122223333.dkr.ecr.eu-central-1.amazonaws.com):

apiVersion: admin.okteto.com/v1
kind: Registry
metadata:
  name: 111122223333.dkr.ecr.eu-central-1.amazonaws.com # hostname of the registry to be configured
  namespace: okteto
spec:
  awsIamRole:
    audience: okteto.example.com/us-east-2 # Audience used to exchange token to access the registry
    roleARN: arn:aws:iam::112233445566:role/my-private-registry # ARN role with the permissions needed to access to the registry

You can find more information here about how to obtain the values to use.

Catalog Items

Catalog items are typically managed via the Admin dashboard, but can also be managed via one of the CRDs installed by Okteto: catalogitems.git.okteto.com. This approach is useful if you want to add catalog items manually with kubectl commands or manage your catalog using GitOps.

To configure a catalog item, create a resource like this:

  • metadata.name: name of the CatalogItem resource to be created
  • spec.branch: default branch for the CatalogItem. (optional)
  • spec.manifestPath: path to the manifest file in the repository (optional)
  • spec.name: Display name in the Catalog UI list
  • spec.repositoryUrl: URL of the repository
  • spec.variables: list of variables suggested to the user at deployment time. Each variable can be defined by name only, or by name and value (optional)
my-catalog-item.yaml
apiVersion: git.okteto.com/v1
kind: CatalogItem
metadata:
  name: my-catalog-item
  namespace: okteto
spec:
  branch: ""
  manifestPath: ""
  name: my-catalog-item
  repositoryUrl: https://github.com/okteto/movies-with-helm
  variables:
    - name: VARIABLE_WITH_VALUE
      value: my-value
    - name: VARIABLE_WITHOUT_VALUE

To apply the changes manually, run the command kubectl apply -f my-catalog-item.yaml from your terminal to add the catalog item to the your Catalog in the cluster.