DEV Community

Cover image for Pull images from private docker registry in Kubernetes cluster 🐳
vaggeliskls
vaggeliskls

Posted on

Pull images from private docker registry in Kubernetes cluster 🐳

When working with Kubernetes, especially for deploying applications, authenticating with private image repositories is often necessary. This process is crucial for AWS ECR registries and other Docker-related registries. This post introduces a Helm chart designed to simplify and streamline this authentication process, making your workflow smoother.

πŸ“¦ Helm Chart Repository: oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth

Remember to star ⭐ this Helm chart if you find it useful! More info available at GitHub.

Supported Image Registries 🌐

This Helm chart mainly supports AWS ECR registries, but it also includes support for other popular registries. Specifically, it has been tested with the following registries:

  1. Amazon ECR
  2. JFrog Artifactory
  3. Nexus
  4. Docker Hub

While it has not yet been tested with the following registries, initial support is available:

  1. Harbor
  2. IBM Cloud Container Registry

Furthermore, future support is planned for:

  1. Google Artifact Registry
  2. Azure Container Registry

It's important to note for those using AWS ECR registries that re-authentication is required every 12 hours. To address this, the Helm chart includes a cronjob that refreshes the login automatically, ensuring you are always authenticated to your registry.

Prerequisites πŸ› οΈ

Helm version 3 or higher must be installed on your system before proceeding.

Using the Helm Chart πŸš€

Configuration

Configure the registry field to specify the target registry for authentication. You can set registry credentials in two ways:

  1. Using an Existing Secret
  2. Providing Static Username and Password in values.yaml

For examples for both AWS ECR and generic Docker registries, see the dedicated examples section.

Examples

AWS ECR

Assuming your Helm is set up correctly, use one of the following commands:

For existing secrets:

helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth  --set registry=123456789123.dkr.ecr.region.amazonaws.com --set awsEcr.enabled=true --set secretConfigName=secret-name
Enter fullscreen mode Exit fullscreen mode

For static credentials:

helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth  --set registry=123456789123.dkr.ecr.region.amazonaws.com --set awsEcr.enabled=true --set registryUsername=username --set registryPassword=password
Enter fullscreen mode Exit fullscreen mode

Replace 123456789123.dkr.ecr.region.amazonaws.com with your own AWS ECR registry URL. If you're using a specific version of this OCI repository, add --version 1.0.1.

Docker Based Registries Examples

For existing secrets:

helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth  --set registry=yourdomain.com --set docker.enabled=true --set secretConfigName=secret-name
Enter fullscreen mode Exit fullscreen mode

For static credentials:

helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth  --set registry=yourdomain.com --set docker.enabled=true --set registryUsername=username --set registryPassword=password
Enter fullscreen mode Exit fullscreen mode

Replace yourdomain.com with your registry's domain name.

Conclusion

Authenticating image registries doesn't have to be a painful process when deploying applications on Kubernetes. With this Helm chart, you can easily manage and automate this process

Top comments (0)