Pull images from private docker registry in Kubernetes cluster š³
vaggeliskls
Posted on June 22, 2024
When working with Kubernetes, especially for deploying applications, authenticating with private image repositories is often necessary. This process is crucial for AWS ECR registries and other Docker-related registries. This post introduces a Helm chart designed to simplify and streamline this authentication process, making your workflow smoother.
š¦ Helm Chart Repository: oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth
Remember to star ā this Helm chart if you find it useful! More info available at GitHub.
Supported Image Registries š
This Helm chart mainly supports AWS ECR registries, but it also includes support for other popular registries. Specifically, it has been tested with the following registries:
- Amazon ECR
- JFrog Artifactory
- Nexus
- Docker Hub
While it has not yet been tested with the following registries, initial support is available:
- Harbor
- IBM Cloud Container Registry
Furthermore, future support is planned for:
- Google Artifact Registry
- Azure Container Registry
It's important to note for those using AWS ECR registries that re-authentication is required every 12 hours. To address this, the Helm chart includes a cronjob that refreshes the login automatically, ensuring you are always authenticated to your registry.
Prerequisites š ļø
Helm version 3 or higher must be installed on your system before proceeding.
Using the Helm Chart š
Configuration
Configure the registry field to specify the target registry for authentication. You can set registry credentials in two ways:
- Using an Existing Secret
- Providing Static Username and Password in values.yaml
For examples for both AWS ECR and generic Docker registries, see the dedicated examples section.
Examples
AWS ECR
Assuming your Helm is set up correctly, use one of the following commands:
For existing secrets:
helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth --set registry=123456789123.dkr.ecr.region.amazonaws.com --set awsEcr.enabled=true --set secretConfigName=secret-name
For static credentials:
helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth --set registry=123456789123.dkr.ecr.region.amazonaws.com --set awsEcr.enabled=true --set registryUsername=username --set registryPassword=password
Replace
123456789123.dkr.ecr.region.amazonaws.com
with your own AWS ECR registry URL. If you're using a specific version of this OCI repository, add--version 1.0.1
.
Docker Based Registries Examples
For existing secrets:
helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth --set registry=yourdomain.com --set docker.enabled=true --set secretConfigName=secret-name
For static credentials:
helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth --set registry=yourdomain.com --set docker.enabled=true --set registryUsername=username --set registryPassword=password
Replace
yourdomain.com
with your registry's domain name.
Conclusion
Authenticating image registries doesn't have to be a painful process when deploying applications on Kubernetes. With this Helm chart, you can easily manage and automate this process
Posted on June 22, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.