Private Docker Registry Support
By default, installing the Chassis service will push all container images to a public Docker Hub account, which requires you to have valid credentials. If instead you have access to a private Docker registry and prefer your Chassis-built containers get pushed to your own registry, this guide walks through the process (and some examples) of setting up the Chassis service with the proper configuration.
- Only HTTP API v2 compliant Docker registries are supported
- This configuration is only available if you deploy and host the service. The publicly-hosted version only pushes public images to your Docker Hub account
Generate Kubernetes Secrets
We first need to generate a Kubernetes secret of type
dockerconfigjson that contains Docker registry credentials with push/pull permissions. This command varies slightly depending on your Docker registry.
We will use the JSON key method to generate a secret with valid GCR credentials. To do so, log into your Google Cloud Console, navigate to your service account and either generate a new JSON key or download an existing JSON key file. Use this file to generate your Kubernetes secret:
~/json-key-file,jsonwith the path to your JSON key file.
After our Kubernetes secret is successfully generated, we will need to add this secret to a
values.yml file that will ultimately be used to modify a few values in the Chassis helm chart. In this yaml file, we will also specify the URL of our private registry. See examples for the above registry types below:
Now, we just need to use our newly generated
values.yml file to install the Chassis service using
Visit this Installation guide for full installation details.