Container/OCI Registry

While container registries are typically used for storing images built by the CI Pipeline, an OCI registry can store container images as well as other artifacts such as helm charts. In other words, all container registries are OCI registries, but not all OCI registries are container registries.

You can configure a container registry using any registry provider of your choice. It allows you to build, deploy, and manage your container images or charts with easy-to-use UI.

Add Container Registry

Assuming your registry type is private, here are a few of the common fields you can expect:

Fields Description

Fields	Description
Name	Provide a name to your registry, this name will appear in the Container Registry drop-down list available within the Build Configuration section of your application
Registry URL	Provide the URL of your registry in case it doesn't come prefilled (do not include `oci://`, `http://`, or `/https://` in the URL)
Authentication Type	The credential input fields may differ depending on the registry provider, check Registry Providers
Push container images	Tick this checkbox if you wish to use the repository to push container images. This comes selected by default and you may untick it if you don't intend to push container images after a CI build. If you wish to to use the same repository to pull container images too, read Registry Credential Access.
Push helm packages	Tick this checkbox if you wish to push helm charts to your registry
Use as chart repository	Tick this checkbox if you want Devtron to pull helm charts from your registry and display them on its chart store. Also, you will have to provide a list of repositories (present within your registry) for Devtron to successfully pull the helm charts.
Set as default registry	Tick this checkbox to set your registry as the default registry hub for your images or artifacts

Name

Provide a name to your registry, this name will appear in the Container Registry drop-down list available within the Build Configuration section of your application

Registry URL

Provide the URL of your registry in case it doesn't come prefilled (do not include oci://, http://, or /https:// in the URL)

Authentication Type

The credential input fields may differ depending on the registry provider, check Registry Providers

Push container images

Tick this checkbox if you wish to use the repository to push container images. This comes selected by default and you may untick it if you don't intend to push container images after a CI build. If you wish to to use the same repository to pull container images too, read Registry Credential Access.

Push helm packages

Tick this checkbox if you wish to push helm charts to your registry

Use as chart repository

Tick this checkbox if you want Devtron to pull helm charts from your registry and display them on its chart store. Also, you will have to provide a list of repositories (present within your registry) for Devtron to successfully pull the helm charts.

Set as default registry

Tick this checkbox to set your registry as the default registry hub for your images or artifacts

Supported Registry Providers

ECR

Amazon ECR is an AWS-managed container image registry service. The ECR provides resource-based permissions to the private repositories using AWS Identity and Access Management (IAM). ECR allows both Key-based and Role-based authentications.

Before you begin, create an IAM user and attach the ECR policy according to the authentication type.

Provide the following additional information apart from the common fields:

Fields Description

Fields	Description
Registry URL	Example of URL format: `xxxxxxxxxxxx.dkr.ecr.<region>.amazonaws.com` where `xxxxxxxxxxxx` is your 12-digit AWS account ID
Authentication Type	Select one of the authentication types: EC2 IAM Role: Authenticate with workernode IAM role and attach the ECR policy (AmazonEC2ContainerRegistryFullAccess) to the cluster worker nodes IAM role of your Kubernetes cluster. User Auth: It is a key-based authentication, attach the ECR policy (AmazonEC2ContainerRegistryFullAccess) to the IAM user. `Access key ID`: Your AWS access key `Secret access key`: Your AWS secret access key ID

Registry URL

Example of URL format: xxxxxxxxxxxx.dkr.ecr.<region>.amazonaws.com where xxxxxxxxxxxx is your 12-digit AWS account ID

Authentication Type

Select one of the authentication types:

EC2 IAM Role: Authenticate with workernode IAM role and attach the ECR policy (AmazonEC2ContainerRegistryFullAccess) to the cluster worker nodes IAM role of your Kubernetes cluster.

User Auth: It is a key-based authentication, attach the ECR policy (AmazonEC2ContainerRegistryFullAccess) to the IAM user.
- Access key ID: Your AWS access key
- Secret access key: Your AWS secret access key ID

PreviousGitOps NextDeep Dive into Monitoring: Kubecost + Grafana Integrations

Last updated 1 month ago