Use Custom Docker Registry for Confluent Platform

Confluent for Kubernetes (CFK) deploys publicly available Docker images hosted on Docker Hub from the confluentinc repositories.

If you want to have CFK deploy Confluent Platform images from a different registry, or from your own set of repositories on Docker Hub, take the following steps:

  1. Pull the desired images from the Confluent repositories and push them to your target registry.

    The list of the default Docker image URIs are listed below.

    The <tag> for a Confluent Platform component image is the version of the component. For example, the URI for the ZooKeeper version 7.1.0 image is docker.io/confluentinc/cp-zookeeper:7.1.0.

    To select the tag for the confluent-operator image, refer to Confluent for Kubernetes image tags and versions.

    The <tag> for the init container is the version of CFK.

    docker.io/confluentinc/confluent-init-container:<tag>
    docker.io/confluentinc/confluent-operator:<tag>
    docker.io/confluentinc/cp-enterprise-control-center:<tag>
    docker.io/confluentinc/cp-enterprise-replicator:<tag>
    docker.io/confluentinc/cp-kafka-rest:<tag>
    docker.io/confluentinc/cp-ksqldb-server:<tag>
    docker.io/confluentinc/cp-schema-registry:<tag>
    docker.io/confluentinc/cp-server:<tag>
    docker.io/confluentinc/cp-server-connect:<tag>
    docker.io/confluentinc/cp-zookeeper:<tag>
    
  2. If you need to authenticate to image registries with the username and password, for each of those registries, create a Kubernetes secret of the docker-registry type in the same namespace as the Confluent Platform component.

    An image pull secret contains the credentials to the registry where the image will be pulled from.

    <confluent-namespace> denotes the namespace you deploy this Confluent Platform component in.

    kubectl create secret docker-registry <registry-secret> \
      --namespace <confluent-namespace>
      --docker-server=<Docker-registry-FQDN> \
      --docker-username=<Docker-username> \
      --docker-password=<Docker-password> \
      --docker-email=<Docker-email>
    
  3. Configure the following settings in the custom resource (CR) for each Confluent Platform component:

    spec:
      image:            # Changes in this property will roll the cluster.
    
        application:    # Required. Specify
                        # <Docker-registry FQDN>/<docker-repository-name>/<component-image-name>:<tag>
    
        init:           # Required. Specify
                        # <Docker-registry FQDN>/<docker-repository-name>/<init-container-image-name>:<tag>
    
        pullSecretRef:  # The image pull secret added in the previous step.
    

    For example, to pull the Schema Registry image from a custom registry using the registry-secret created in the previous step:

    spec:
      image:
        application: docker.io/myrepository/cp-schema-registry:7.1.0
        init: docker.io/myrepository/confluent-init-container:2.3.4
        pullSecretRef:
          - registry-secret