# Using images from private registries ## Available variables to use images from private registries There are variables that are customizable for awx the image management. | Name | Description | Default | | ----------------------------- | ----------------------------- | ------------------------------------------ | | image | Path of the image to pull | quay.io/ansible/awx | | image_version | Image version to pull | value of DEFAULT_AWX_VERSION or latest | | image_pull_policy | The pull policy to adopt | IfNotPresent | | image_pull_secrets | The pull secrets to use | None | | ee_images | A list of EEs to register | quay.io/ansible/awx-ee:DEFAULT_AWX_VERSION | | ee_pull_credentials_secret | The pull secret for ee_images | None | | redis_image | Path of the image to pull | docker.io/redis | | redis_image_version | Image version to pull | latest | | control_plane_ee_image | Image version to pull | quay.io/ansible/awx-ee:DEFAULT_AWX_VERSION | | init_container_image | Path of the image to pull | quay.io/ansible/awx-ee | | init_container_image_version | Image version to pull | value of DEFAULT_AWX_VERSION or latest | | init_projects_container_image | Image version to pull | quay.io/centos/centos:stream9 | Example of customization could be: ```yaml --- spec: ... image: myorg/my-custom-awx image_version: latest image_pull_policy: Always image_pull_secrets: - pull_secret_name ee_images: - name: my-custom-awx-ee image: myorg/my-custom-awx-ee control_plane_ee_image: myorg/my-custom-awx-ee:latest init_container_image: myorg/my-custom-awx-ee init_container_image_version: latest init_projects_container_image: myorg/my-mirrored-centos:stream9 ``` !!! warning The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file. ## Default execution environments from private registries In order to register default execution environments from private registries, the Custom Resource needs to know about the pull credentials. Those credentials should be stored as a secret and either specified as `ee_pull_credentials_secret` at the CR spec level, or simply be present on the namespace under the name `-ee-pull-credentials` . Instance initialization will register a `Container registry` type credential on the deployed instance and assign it to the registered default execution environments. The secret should be formatted as follows: ```yaml --- apiVersion: v1 kind: Secret metadata: name: -ee-pull-credentials namespace: stringData: url: username: password: ssl_verify: type: Opaque ``` ## Control plane ee from private registry The images listed in `ee_images` will be added as globally available Execution Environments. The `control_plane_ee_image` will be used to run project updates. In order to use a private image for any of these you'll need to use `image_pull_secrets` to provide a list of k8s pull secrets to access it. Currently the same secret is used for any of these images supplied at install time. You can create `image_pull_secret` ```sh kubectl create secret -cp-pull-credentials regcred --docker-server= --docker-username= --docker-password= --docker-email= ``` If you need more control (for example, to set a namespace or a label on the new secret) then you can customize the Secret before storing it Example spec file extra-config ```yaml --- apiVersion: v1 kind: Secret metadata: name: -cp-pull-credentials namespace: data: .dockerconfigjson: type: kubernetes.io/dockerconfigjson ```