Customer access to docker.mariadb.com
This documentation aims to provide guidance on how to configure access to docker.mariadb.com in your MariaDB Enterprise Operator resources.
Customer credentials
MariaDB Corporation requires customers to authenticate when logging in to the MariaDB Enterprise Docker Registry. A Customer Download Token must be provided as the password. Customer Download Tokens are available through the MariaDB Customer Portal. To retrieve the customer download token for your account:
Navigate to the Customer Download Token at the MariaDB Customer Portal.
Log in using your MariaDB ID.
Copy the Customer Download Token to use as the password when logging in to the MariaDB Enterprise Docker Registry.
Then, configure a Kubernetes kubernetes.io/dockerconfigjson Secret to authenticate:
kubectl create secret docker-registry mariadb-enterprise \
--docker-server=docker.mariadb.com \
--docker-username=<email> \
--docker-password=<customer-download-token>Openshift
If you are running in Openshift, it is recommended to use the global pull secret to configure customer credentials. The global pull secret is automatically used by all Pods in the cluster, without having to specify imagePullSecrets explicitly.
To configure the global pull secret, you can use the following commands:
Extract your Openshift global pull secret:
oc extract secret/pull-secret -n openshift-config --confirmLogin in the MariaDB registry providing the customer download token as password:
oc registry login \
--registry="docker.mariadb.com" \
--auth-basic="<email>:<customer-download-token>" \
--to=.dockerconfigjsonUpdate the global pull secret:
oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjsonAlternatively, you can also create a dedicated Secret for authenticating:
oc create secret docker-registry mariadb-enterprise \
--docker-server=docker.mariadb.com \
--docker-username=<email> \
--docker-password=<customer-download-token>MariaDB
MariaDBIn order to configure access to docker.mariadb.com in your MariaDB resources, you can use the imagePullSecrets field to specify your customer credentials:
apiVersion: enterprise.mariadb.com/v1alpha1
kind: MariaDB
metadata:
name: mariadb
spec:
...
image: docker.mariadb.com/enterprise-server:11.4.4-2
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: mariadb-enterpriseAs a result, the Pods created as part of the reconciliation process will have the imagePullSecrets.
MaxScale
MaxScaleSimilarly to MariaDB, you are able to configure access to docker.mariadb.com in your MaxScale resources:
apiVersion: enterprise.mariadb.com/v1alpha1
kind: MaxScale
metadata:
name: maxscale
spec:
...
image: docker.mariadb.com/maxscale-enterprise:25.01.1
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: mariadb-enterpriseBackup, Restore and SqlJob
Backup, Restore and SqlJobThe batch Job resources will inherit the imagePullSecrets from the referred MariaDB, as they also make use of its image. However, you are also able to provide dedicated imagePullSecrets for these resources:
apiVersion: enterprise.mariadb.com/v1alpha1
kind: MariaDB
metadata:
name: mariadb
spec:
...
image: docker.mariadb.com/enterprise-server:11.4.4-2
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: mariadb-enterpriseapiVersion: enterprise.mariadb.com/v1alpha1
kind: Backup
metadata:
name: backup
spec:
...
mariaDbRef:
name: mariadb
imagePullSecrets:
- name: backup-registryWhen the resources from the previous examples are created, a Job with both mariadb-enterprise and backup-registry imagePullSecrets will be reconciled.
This page is: Copyright © 2025 MariaDB. All rights reserved.
Last updated
Was this helpful?