The Minimus container registry is located at: reg.mini.dev. An active token is required to pull images from the Minimus registry. With an active token, you can pull any of the Minimus images included in your subscription (or available without a subscription). A token is a type of secret so, like with all secrets, you should ensure that the token isn’t stored where it can be leaked.

Docker environment

Insert token inline (on-demand authentication)

Insert your Minimus token directly in the docker pull / docker run command to login to the Minimus registry on demand. The token isn’t persisted in Docker’s credential store. This approach works well for ad-hoc testing. 
# reg.mini.dev is the minimus registry
docker pull reg.mini.dev/{token}/{image name}
docker run reg.mini.dev/{token}/{image name}
When you copy the pull command from the gallery, it will contain an inline token.

docker login command (persistent authentication)

Authenticate to the Minimus registry using the docker login command to keep your session active until the token expires. This way you will not need to use an inline token. 
docker login reg.mini.dev -u minimus -p {token}
# The username is always minimus
Once authenticated to the Minimus registry, you can pull any image included in your subscription (and any image tag that doesn’t require a subscription). For example: 
docker pull reg.mini.dev/nginx:latest
docker pull reg.mini.dev/nginx:latest-dev
Once your token expires, you will need to run docker login again with an active token to continue working. A valid inline token will not work since docker login takes priority.
You can run docker logout reg.mini.dev to reset your access if you prefer to work with an inline token.

Using a credential store

You have the option to use a credential store for additional security. Learn more from Docker

Kubernetes environment

Create Kubernetes Secret (K8s Secret)

To avoid embedding tokens in Kubernetes files or Helm charts, we can reference a Kubernetes Secret. The Kubernetes Secret must be created in the same namespace as the deployment. Run the following to create a Kubernetes Secret of type docker-registry . Once created, you can reference this Secret to let Kubernetes pull images from the Minimus registry automatically. Throughout the Minimus documentation, we assume the K8s Secret is named minimus-registry. 
kubectl create secret docker-registry minimus-registry \
    --docker-server=reg.mini.dev \
    --docker-username=minimus \
    --docker-password={token} \
    --namespace={same namespace as your helm chart}

Create Kubernetes Secret using an encoded file

After logging in using the docker login steps above, we can create an encoded config.json file locally with the value necessary to generate the Kubernetes Secret.
  1. Login to reg.mini.dev using the steps above.
  2. Execute cat ~/.docker/config.json | base64 -w 0 to base64 encode the credentials.
  3. Create a Kubernetes YAML file named minimus-registry.yaml .
    minimus-registry.yaml
    apiVersion: v1
kind: Secret
metadata:
  name: minimus-registry
data:
  .dockerconfigjson: {paste your base64 encoded string}
type: kubernetes.io/dockerconfigjson
  4. Create the K8s Secret in the application namespace: 
    kubectl apply -n {namespace} -f minimus-registry.yaml
  5. Add the ImagePullSecret parameter to your deployment by changing the spec as shown in the snippet below and redeploy: 
        spec:
      containers:
      - name: nginx
        image: reg.mini.dev/nginx:latest
        
# add the next two lines
      imagePullSecrets:
      - name: minimus-registry

Helm charts

Insert token inline (on-demand)

You can insert the token directly in the helm install command. The token can either be inserted as part of the registry, or image, depending on the structure of the Helm chart. See the following examples. 
# token prepended to image in image.repository
helm install mongodb bitnami/mongodb \
    --set image.registry=reg.mini.dev \
    --set image.repository={token}/mongo-advanced \
    --set image.tag=latest \
    --set global.security.allowInsecureImages=true

Reference Kubernetes Secret on-demand

Assuming your Kubernetes secret is named minimus-registry as in the above example, you can add the following flag to your Helm install/upgrade commands: --set=global.imagePullSecrets[0].name=minimus-registry . 
  --set=global.imagePullSecrets[0].name={K8s secret}
The flag overrides the value in the chart without editing the values.yaml .

Add imagePullSecrets to values.yaml

You can edit the values.yaml file to override the values in the chart. To deploy Minimus images to a Kubernetes cluster, add the ImagePullSecrets parameter to point to the minimus-registry K8s Secret:
example of values.yaml
    spec:
      containers:
      - name: nginx
        image: reg.mini.dev/nginx:1.29.0
        
# add the next two lines
      imagePullSecrets:
      - name: minimus-registry

Supported images

The images you have permissions to pull depend on the images included in your subscription. Learn more

Troubleshooting

Valid inline token returned unauthorized error

To fix the problem: Run docker logout reg.mini.dev to reset your access and try the pull command again. Explanation: Most likely, you previously authenticated with the docker login command and the token has since expired or been deleted. The token from the docker login command takes precedence over the inline token and this is causing the error.