From 0a9a4a8a0c9f0b42b08bf6642d0dfde272e8bf07 Mon Sep 17 00:00:00 2001 From: Paige Calvert Date: Tue, 5 Aug 2025 10:43:48 -0600 Subject: [PATCH 1/4] scope registry to one or more apps --- docs/vendor/packaging-private-images.md | 50 ++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 5 deletions(-) diff --git a/docs/vendor/packaging-private-images.md b/docs/vendor/packaging-private-images.md index 40588ff1a8..6d6e7c76bc 100644 --- a/docs/vendor/packaging-private-images.md +++ b/docs/vendor/packaging-private-images.md @@ -1,4 +1,4 @@ -# Connect to an External Registry +# Add and Manage External Registries This topic describes how to add credentials for an external private registry using the Replicated Vendor Portal or Replicated CLI. Adding an external registry allows you to grant proxy access to private images using the Replicated proxy registry. For more information, see [About the Replicated Proxy Registry](private-images-about). @@ -37,6 +37,8 @@ To add an external registry using the Vendor Portal: 1. In the **Provider** drop-down, select your registry provider. +1. For **Registry Name**, optionally add a unique name for the registry. This can be useful if you intend to add multiple registries or duplicate any of your registries. + 1. Complete the fields in the dialog, depending on the provider that you chose: :::note @@ -201,9 +203,17 @@ To add an external registry using the Vendor Portal: -1. For **Image name & tag**, enter the image name and image tag and click **Test** to confirm that the Vendor Portal can access the image. For example, `api:v1.0.1` or `my-app/api:v1.01`. +1. For **App Access**, select one of these options: + * **All Apps**: Make the registry available to all applications in your Vendor Portal team. This means that all customers have pull-through access to the images in this registry with their valid license. + * **Specific apps**: Make this registry available only to the applications that you specify. When the registry is scoped to specific applications, only customers with a valid license for the specified applications have pull-through access to the images in the registry. -1. Click **Link registry**. +1. Click **Test** and provide your image name and tag (for example, `api:v1.0.1` or `my-app/api:v1.01`.). Click **Test** to confirm that the Vendor Portal can access the image. + + :::note + This tests credential validity only. Replicated strongly recommends that you still test your application end-to-end in a development environment. + ::: + +1. Click **Save**. ### Using the CLI @@ -249,6 +259,36 @@ For example: replicated registry test index.docker.io --image my-company/my-image:v1.2.3 ``` -## Related Topic +## Scope a Registry to Specific Applications + +You can scope each external registry to one or more applications in your Vendor Portal team. + +When the registry is scoped to specific applications, only customers with a valid license for the specified applications have pull-through access to the images in the registry. Additionally, when you add new applications to your team, those applications do not automatically get access to the registry. + +To scope a registry to specific applications: + +1. In the **Vendor Portal**, go to **Images** and click **Edit** next to the target registry. + +1. For **App Access**, select one of these options: + * **All Apps**: Make the registry available to all applications in your Vendor Portal team. This means that all customers have pull-through access to the images in this registry with their valid license. + * **Specific apps**: Make this registry available only to the applications that you specify. + +1. Click **Save**. + +## Duplicate a Registry + +You can duplicate an existing registry. This can be useful when you want to add an external registry with the same credentials, but make the registry available to a different application in your Vendor Portal team. + +To duplicate an existing external registry: + +1. In the Vendor Portal, go to **Images** and click **Edit** next to the registry that you want to duplicate. + +1. Click **Duplicate**. + + The fields are automatically populated with the credentials and provider from the duplicated registry. + +1. For **Registry Name**, provide a name for the registry. + +1. For **App access**, specify the application or applications that have access to the images in this registry. -[Tutorial: Using ECR for Private Images](tutorial-ecr-private-images) +1. Click **Save**. From 52123f30124c2b60a459f32612645529ff169267 Mon Sep 17 00:00:00 2001 From: Paige Calvert Date: Tue, 5 Aug 2025 12:43:49 -0600 Subject: [PATCH 2/4] edit xrefs with new page name --- docs/vendor/operator-defining-additional-images.mdx | 2 +- docs/vendor/private-images-about.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/vendor/operator-defining-additional-images.mdx b/docs/vendor/operator-defining-additional-images.mdx index bc7cbebcba..c0f25c5549 100644 --- a/docs/vendor/operator-defining-additional-images.mdx +++ b/docs/vendor/operator-defining-additional-images.mdx @@ -17,7 +17,7 @@ Any required images that are _not_ defined in your application manifests must be KOTS supports including the following types of images in the `additionalImages` field: * Public images referenced by the docker pullable image name. -* Images pushed to a private registry that was configured in the Vendor Portal, referenced by the docker-pullable, upstream image name. For more information about configuring private registries, see [Connect to an External Registry](/vendor/packaging-private-images). +* Images pushed to a private registry that was configured in the Vendor Portal, referenced by the docker-pullable, upstream image name. For more information about configuring private registries, see [Add and Manage External Registries](/vendor/packaging-private-images). :::note If you use the [Replicated proxy registry](/vendor/private-images-about) for online (internet-connected) installations, be sure to use the _upstream_ image name in the `additionalImages` field, rather than referencing the location of the image at `proxy.replicated.com`. ::: diff --git a/docs/vendor/private-images-about.md b/docs/vendor/private-images-about.md index 6236aba82c..9bbf334587 100644 --- a/docs/vendor/private-images-about.md +++ b/docs/vendor/private-images-about.md @@ -16,7 +16,7 @@ The following diagram demonstrates how the proxy registry pulls images from your ## About Enabling the Proxy Registry -The proxy registry requires read-only credentials to your private registry to access your application images. See [Connect to an External Registry](/vendor/packaging-private-images). +The proxy registry requires read-only credentials to your private registry to access your application images. See [Add and Manage External Registries](/vendor/packaging-private-images). After connecting your registry, the steps the enable the proxy registry vary depending on your application deployment method. For more information, see: * [Use the Proxy Registry with Replicated Installers](/vendor/private-images-kots) From f28618214f2a19b4cd05e8305081e2f58b52d698 Mon Sep 17 00:00:00 2001 From: Paige Calvert Date: Tue, 5 Aug 2025 12:49:41 -0600 Subject: [PATCH 3/4] remove outdated image from step --- docs/vendor/packaging-private-images.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/vendor/packaging-private-images.md b/docs/vendor/packaging-private-images.md index 6d6e7c76bc..22857a385d 100644 --- a/docs/vendor/packaging-private-images.md +++ b/docs/vendor/packaging-private-images.md @@ -31,10 +31,6 @@ To add an external registry using the Vendor Portal: 1. Log in to the [Vendor Portal](https://vendor.replicated.com) and go to the **Images** page. 1. Click **Add External Registry**. - /images/add-external-registry.png - - [View a larger version of this image](/images/add-external-registry.png) - 1. In the **Provider** drop-down, select your registry provider. 1. For **Registry Name**, optionally add a unique name for the registry. This can be useful if you intend to add multiple registries or duplicate any of your registries. From 48b6270ec4e1f5a6d1b24199de8eac80e77a00a8 Mon Sep 17 00:00:00 2001 From: Paige Calvert Date: Tue, 5 Aug 2025 12:50:37 -0600 Subject: [PATCH 4/4] fix spacing --- docs/vendor/packaging-private-images.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/vendor/packaging-private-images.md b/docs/vendor/packaging-private-images.md index 22857a385d..48e382aea3 100644 --- a/docs/vendor/packaging-private-images.md +++ b/docs/vendor/packaging-private-images.md @@ -266,8 +266,8 @@ To scope a registry to specific applications: 1. In the **Vendor Portal**, go to **Images** and click **Edit** next to the target registry. 1. For **App Access**, select one of these options: - * **All Apps**: Make the registry available to all applications in your Vendor Portal team. This means that all customers have pull-through access to the images in this registry with their valid license. - * **Specific apps**: Make this registry available only to the applications that you specify. + * **All Apps**: Make the registry available to all applications in your Vendor Portal team. This means that all customers have pull-through access to the images in this registry with their valid license. + * **Specific apps**: Make this registry available only to the applications that you specify. 1. Click **Save**.