Try Devtron Enterprise!
Start Free Trial
LogoLogo
WebsiteDevtron demoGithub RepoJoin Discord
v0.5
v0.5
  • Overview
  • Getting Started
    • Install Devtron
      • Install Devtron with CI/CD integration
      • Install Devtron
      • Install Devtron on Minikube, Microk8s, K3s, Kind
      • Installation Configurations
      • Override Configurations
      • Ingress setup for Devtron Installation
    • Global Configurations
      • GitOps
      • Projects
      • Cluster And Environments
        • Namespaces And Environments
      • Git Accounts
      • Container Registries
      • Chart Repositories
      • Custom charts
      • SSO Login Service
      • Authorization
        • User Permissions
        • Permission Groups
        • API Tokens
      • Manage Notification
      • External links
    • Devtron Upgrade
      • Update Devtron from Devtron UI
      • 0.4.x-0.5.x
      • 0.4.x-0.4.x
      • 0.3.x-0.4.x
      • 0.3.x-0.3.x
      • 0.2.x-0.3.x
  • Usage
    • Applications
      • Create a new application
      • Clone an existing application
      • Deploy a sample application
      • App Configuration
        • Git Repository
        • Docker Build Configuration
        • Deployment Template
          • Deployment
          • Rollout Deployment
          • Job and Cronjob
        • Workflow Overview
        • CI Pipeline
          • Pre-Build/Post-Build Tasks
        • CI Pipeline (Legacy)
        • CD Pipeline
        • Config Maps
        • Secrets
        • Environment Overrides
        • Deleting Application
      • Build and Deploy
        • Triggering CI
        • Triggering CD
      • App Details
        • Debugging Deployment And Monitoring
        • Application Metrics
    • Charts
      • Charts Overview
      • Deploy & Observe
      • Examples
        • Deploying Mysql Helm Chart
        • Deploying MongoDB Helm Chart
      • Chart Group
    • Security
    • Bulk Edit
    • Integrations
  • Resources
    • Troubleshooting
    • Use Cases
      • Devtron Generic Helm Chart To Run CronJob Or One Time Job
      • Connect SpringBoot with Mysql Database
      • Connect Expressjs With Mongodb Database
      • Connect Django With Mysql Database
    • Telemetry Overview
  • Deprecated
    • Hyperion
Powered by GitBook
On this page
  • Add Container Registry configuration:
  • Name
  • Registry type
  • Registry URL
  • Registry Type: ECR
  • Registry Type- Docker Hub
  • Registry Type Others:
  • Set as default:
  • Advance Registry Url connection options:
  • Note:
  • Integrating With External Container Registry

Was this helpful?

Export as PDF
  1. Getting Started
  2. Global Configurations

Container Registries

PreviousGit AccountsNextChart Repositories

Last updated 2 years ago

Was this helpful?

Container registries are used to store images built by the CI Pipeline. Here you can configure the container registry you want to use for storing images.

When configuring an application, you can choose which registry and repository it should use in the App Configuration > section.

Add Container Registry configuration:

Go to the Container Registry section of Global Configuration. Click on Add container registry.

You will see below the input fields to configure the container registry.

  • Name

  • Registry type

    • ecr

      • AWS region

      • Access key ID

      • Secret access key

    • docker hub

      • Username

      • Password

    • Others

      • Username

      • password

  • Registry URL

  • Set as default

Name

Provide a name to your registry, this name will be shown to you in Docker Build Config as a drop-down.

Registry type

Here you can select the type of the Registry. We are supporting three types- docker hub, ecr and others. You can select any one of them from the drop-down. By default, this value is ecr. If you select ecr then you have to provide some information like- AWS region, Access Key, and Secret Key. If you select docker hub then you have to provide Username and Password. And if you select others then you have to provide the Username and Password.

Registry URL

Select any type of Registry from the drop-down, you have to provide the URL of your registry. Create your registry and provide the URL of that registry in the URL box.

Registry Type: ECR

To add an Amazon Elastic Container Registry (ECR), select the ECR Registry type. Amazon ECR is an AWS-managed container image registry service. The ECR provides resource-based permissions to the private repositories using AWS Identity and Access Management (IAM). ECR allows both Key-based and Role-based authentications.

Fields
Description

Name

User-defined name for the registry in Devtron

Registry Type

Select ECR

Registry URL

This is the URL of your private registry in AWS. For example, the URL format is: https://xxxxxxxxxxxx.dkr.ecr.<region>.amazonaws.com. xxxxxxxxxxxx is your 12-digit AWS account Id.

Authentication Type

* EC2 IAM role: Authenticate with workernode IAM role. * User Auth: Authenticate with an authorization token - Access key ID: Your AWS access key - Secret access key: Your AWS secret access key ID

To set this ECR as the default registry hub for your images, select [x] Set as default registry.

Select Save.

Registry Type- Docker Hub

You have to provide the below information if you select the registry type as Docker Hub.

  • Username

Give the username of the docker hub account you used for creating your registry in.

  • Password

Registry Type Others:

You have to provide the below information if you select the registry type as others.

  • Username

Give the username of your account, where you have created your registry in.

  • Password

Give the password corresponding to the username of your registry.

Set as default:

If you enable the Set as default option, then this registry name will be set as default in the Container Registry section inside the Docker build config page. This is optional. You can keep it disabled.

Advance Registry Url connection options:

  • If you enable the Allow Only Secure Connection option, then this registry allows only secure connections.

  • If you enable the Allow Secure Connection With CA Certificate option, then you have to upload/provide private CA certificate (ca.crt).

  • If the container registry is insecure (for eg : SSL certificate is expired), then you enable the Allow Insecure Connection option.

Now click on Save to save the configuration of the Container registry.

Note:

You can use any registry which can be authenticated using docker login -u <username> -p <password> <registry-url>. However these registries might provide a more secured way for authentication, which we will support later. Some popular registries which can be used using username and password mechanism:

Integrating With External Container Registry

If you want to use a private registry for container registry other than ecr, this will be used to push image and then create a secret in same environment to pull the image to deploy. To create secret, go to charts section and search for chart ‘dt-secrets’ and configure the chart. Provide an App Name and select the Project and Environment in which you want to deploy this chart and then configure the values.yaml as shown in example. The given example is for DockerHub but you can configure similarly for any container registry that you want to use.

name: regcred
type: kubernetes.io/dockerconfigjson
labels:
 test: chart
secrets:
 data:
   - key: .dockerconfigjson
     value: '{"auths":{"https://index.docker.io/v1/":{"username":"<username>","password":"<password>}}}'

Before you begin, create an , and attach only ECR policy ( AmazonEC2ContainerRegistryFullAccess ) if using Key-based auth. Or attach the ECR policy ( AmazonEC2ContainerRegistryFullAccess) to the cluster worker nodes IAM role of your Kubernetes cluster if using Role-based access.

ECR Role-based authentication
ECR Key-based authentication

To use the ECR container image, go to the Applications page and select your application, and then select App Configuration > .

Give the password/ corresponding to your docker hub account.

Google Container Registry (GCR) : JSON key file authentication method can be used to authenticate with username and password. Please follow for getting username and password for this registry. Please remove all the white spaces from json key and wrap it in single quote while putting in password field.

Google Artifact Registry (GAR) : JSON key file authentication method can be used to authenticate with username and password. Please follow for getting username and password for this registry. Please remove all the white spaces from json key and wrap it in single quote while putting in password field.

Azure Container Registry (ACR) : Service principal authentication method can be used to authenticate with username and password. Please follow for getting username and password for this registry.

The name that you provide in values.yaml ie. regcred is name of the secret that will be used as imagePullSecrets to pull the image from docker hub to deploy. To know how imagePullSecrets will be used in the deployment-template, please follow the .

Docker Build Config
IAM user
Docker Build Config
token
link
link
link
documentation