This Kubernetes Helm chart is designed to simplify and streamline the process of authenticating with private image repositories for application deployment. This chart is mainly essential when working with Kubernetes, which requires specific authentication procedures to pull private images.
⭐ Don't forget to star the project if it helped you!
Primarily, this project focuses on tackling the authentication process associated with AWS ECR registries and other Docker-related registries. The supported registries that also have tested are:
- Amazon ECR
- JFrog Artifactory
- Nexus
- Docker Hub
- Harbor (Not tested)
- IBM Cloud Container Registry (Not tested)
- Google Artifact Registry (Future support planned)
- Azure Container Registry (Future support planned)
AWS ECR registries specifically require re-authentication every
12 hours. Hence, we also include a cronjob in our solution that refreshes this login, ensuring you're always authenticated to your registry.
Ensure Helm version 3 or higher is installed on your system.
Our Helm chart is an OCI-compatible repository located at oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth. When using this chart, the only mandatory configuration is the registry field, denoting your targeted registry for authentication.
There are two ways to set the credentials for the registry:
- Use an existing secret
- Provide the username and password statically in the values.yaml file
- AWS ECR Example (Existing Secret)
- AWS ECR Example (Static Credentials)
- Docker Example (Existing Secret)
- Docker Example (Static Credentials)
- Use local values.yaml
For using this Helm chart with AWS ECR, use the following command:
Existing secret
helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth --set registry=123456789123.dkr.ecr.region.amazonaws.com --set awsEcr.enabled=true --set secretConfigName=secret-name
Static credentials
helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth --set registry=123456789123.dkr.ecr.region.amazonaws.com --set awsEcr.enabled=true --set registryUsername=username --set registryPassword=password
Please replace 123456789123.dkr.ecr.region.amazonaws.com with your own AWS ECR registry URL.
You can also use spesific version of this oci repository by adding: --version 1.0.1
For using this Helm chart with generic Docker registries, use the following command:
Existing secret
helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth --set registry=yourdomain.com --set docker.enabled=true --set secretConfigName=secret-name
Static credentials
helm upgrade --install k8s-registry-auth oci://registry-1.docker.io/vaggeliskls/k8s-registry-auth --set registry=yourdomain.com --set docker.enabled=true --set registryUsername=username --set registryPassword=password
To debug your Helm template:
- Generate template:
helm template k8s-registry-auth ./ --debug - Debug helm install:
helm upgrade --install k8s-registry-auth ./ --dry-run --namespace test