Private Registries
Tools with Image from a Private Registries
Configuring Private Registry Access
To utilize images from a private registry within the Kubiya platform, it's crucial to provide valid authentication credentials. This ensures secure access to private images, whether they reside in Docker Hub, Amazon ECR, or Jfrog Artifactory. Follow the specific configuration guidelines for each registry type to establish proper connectivity and authorization.
image_provider Field
The image_provider
is a configuration field used to specify the source of Docker images. It indicates whether the image comes from a public or private registry. When using private registries, image_provider
includes authentication details necessary for accessing the registry securely. Different registries have distinct kind
values, such as aws
for Amazon ECR or dockerhub
for Docker Hub. This ensures that the Kubiya platform can access and deploy images appropriately from the specified registry.
Configurations
kind
: Defines the registry type (e.g.,aws
for ECR,dockerhub
for Docker Hub ,jfrog
for Jfrog).auth
: For private registries, authentication details are provided in the section.
1. Docker Hub Image Configuration
For using a private image from Docker Hub, the auth
field is used to provide the necessary credentials for accessing the private registry.
Example Configuration for Docker Hub:
Explanation:
image_provider.kind: dockerhub
: Specifies that the image is hosted on Docker Hub.auth
: Provides authentication details.username
: The Docker Hub username (in this case,coolname
).password
: The password is securely pulled from a secret (DOCKERHUB_PASSWORD
) using thevalueFrom
field.
Ensure the secret is securely attached to the Teammate entity on the Kubiya platform
This ensures that sensitive information like the password is stored securely in a secret and never exposed directly in the configuration.
2. AWS Image Configuration
For using a private image from AWS Elastic Container Registry (ECR), credentials can be pulled from the hosting container, typically using IAM roles or other authentication methods provided by AWS.
Example Configuration for AWS:
Explanation:
image_provider.kind: aws
: Specifies that the image is hosted on Amazon Elastic Container Registry (ECR).Credentials: For AWS, the credentials (like access keys) are automatically managed by the hosting container using IAM roles or other AWS mechanisms. The
image_provider
does not need to explicitly defineauth
here, as the hosting container handles the authentication automatically.
This configuration allows seamless access to AWS-hosted private images without manually specifying credentials.
3. JFrog Image Configuration
For using a private image from JFrog Artifactory, credentials are provided under the auth
field, which can pull values from environment variables.
Example Configuration for JFrog:
Explanation:
image_provider.kind: jfrog
: Specifies that the image is hosted on JFrog Artifactory.auth
: Authentication details are provided via environment variables:username: The JFrog username is retrieved from the environment variable
JF_USERNAME
.password: The JFrog password is retrieved from the environment variable
JF_PASSWORD
usingvalueFrom
.
This approach allows the image credentials to be securely managed via environment variables, ensuring sensitive data is not exposed directly in the configuration.
Last updated
Was this helpful?