Devtron K8s Dashboard
  • Getting Started
    • Overview of Dashboard
    • Prerequisites
    • Install Modern Kubernetes Dashboard
  • User Guide
    • Explore Kubernetes Resources
      • Overview Page
      • Discover and Manage Resources
      • Nodes and Operations
      • Pod Management and Debugging
      • Cluster Terminal
      • Add Monitoring Dashboards/Graphs
      • Run Kubectl Commands Locally
    • Use Resource Watcher
    • Manage Helm Apps
    • Manage Argo CD Apps
    • Manage Flux CD Apps
    • Chart Store
      • Examples
        • Deploying MySQL Helm Chart
        • Deploying MongoDB Helm Chart
  • Operator Guide
    • Projects
    • Clusters
    • OCI Registry
    • Chart Repositories
    • Manage Authorization (RBAC)
      • SSO Login Services
        • Google
        • GitHub
        • GitLab
        • Microsoft
        • LDAP
        • OIDC
          • Keycloak
          • Okta
        • OpenShift
      • User Permissions
      • Permission Groups
      • API Tokens
    • External Links
    • Catalog Framework
    • Charts and Chart Store
    • Show/Hide Argo CD App Listing
    • Show/Hide Flux CD App Listing
    • Configure GUI Schema for Manifests
    • Configure Lock Schema for Manifests
  • Resources
    • Glossary
    • FAQ
Powered by GitBook
On this page
  • Add Registry
  • Use as Chart Repository
  • Supported Registry Providers
  • ECR
  • Docker
  • Azure
  • Artifact Registry (GCP)
  • Quay
  • Other
Export as PDF
  1. Operator Guide

OCI Registry

PreviousClustersNextChart Repositories

Last updated 6 months ago

If you have stored in your , you can add the OCI registry to Devtron's Modern Kubernetes Dashboard and pull those to Devtron's [Chart Store].

You can configure an OCI registry using any registry provider of your choice, including:

  • ECR

  • Docker

  • Azure

  • Artifact Registry (GCP)

  • Quay

Add Registry

  1. From the left sidebar, go to Global Configurations → OCI Registry.

    Figure 1: OCI Registry

  2. Click Add Registry.

    Figure 2: Add a Registry

  3. Choose a provider from the Registry provider dropdown. View the .

    Figure 3: Choose a Provider

  4. Under Registry type, you get the following options:

    • Private Registry: Choose this if your artifacts are hosted or should be hosted on a private registry restricted to authenticated users of that registry. Selecting this option requires you to enter your registry credentials (username and password/token).

    • Public Registry: Unlike private registry, this doesn't require your registry credentials. Only the registry URL and repository name(s) would suffice.

  5. Assuming your registry type is private, here are few of the common fields you can expect:

    Fields
    Description

    Name

    Provide a name to your registry

    Registry URL

    Provide the URL of your registry in case it doesn't come prefilled. Do not include oci://, http://, or /https:// in the URL.

    Authentication Type

    Use as chart repository

  6. Click Save.

Use as Chart Repository

Prerequisite

OCI registry with Use as chart repository option enabled.

Unlike Helm repos, OCI registries do not have an index file to discover all the charts. If you have helm charts pushed to your OCI registry, you can use that registry as a chart repository.

Tutorial

Steps

Search your OCI registry in the list and click it.

Supported Registry Providers

ECR

Amazon ECR is an AWS-managed container image registry service. The ECR provides resource-based permissions to the private repositories using AWS Identity and Access Management (IAM). ECR allows both Key-based and Role-based authentications.

Provide the following additional information apart from the common fields:

Fields
Description

Registry URL

Example of URL format: xxxxxxxxxxxx.dkr.ecr.<region>.amazonaws.com where xxxxxxxxxxxx is your 12-digit AWS account ID

Authentication Type

Select one of the authentication types:

  • EC2 IAM Role: Authenticate with workernode IAM role and attach the ECR policy (AmazonEC2ContainerRegistryFullAccess) to the cluster worker nodes IAM role of your Kubernetes cluster.

    • Access key ID: Your AWS access key

    • Secret access key: Your AWS secret access key ID

Docker

Provide the following additional information apart from the common fields:

Fields
Description

Username

Provide the username of the Docker Hub account you used for creating your registry.

Password/Token

Azure

Provide the following additional information apart from the common fields:

Fields
Description

Registry URL/Login Server

Example of URL format: xxx.azurecr.io

Username/Registry Name

Provide the username of your Azure container registry

Password

Provide the password of your Azure container registry

Artifact Registry (GCP)

Remove all the white spaces from JSON key and wrap it in a single quote before pasting it in Service Account JSON File field

Provide the following additional information apart from the common fields:

Fields
Description

Registry URL

Example of URL format: region-docker.pkg.dev

Service Account JSON File

Paste the content of the service account JSON file

Quay

Provide the following additional information apart from the common fields:

Fields
Description

Username

Provide the username of your Quay account

Token

Provide the password of your Quay account

Other

Provide below information if you select the registry type as Other.

Fields
Description

Registry URL

Enter the URL of your private registry

Username

Provide the username of your account where you have created your registry

Password/Token

Provide the password or token corresponding to the username of your registry

Advanced Registry URL Connection Options

  • Allow Only Secure Connection: Tick this option for the registry to allow only secure connections

  • Allow Secure Connection With CA Certificate: Tick this option for the registry to allow secure connection by providing a private CA certificate (ca.crt)

  • Allow Insecure Connection: Tick this option to make an insecure communication with the registry (for e.g., when SSL certificate is expired)

You can use any registry which can be authenticated using docker login -u <username> -p <password> <registry-url>. However these registries might provide a more secured way for authentication, which we will support later.

The credential input fields may differ depending on the registry provider, check

Tick this checkbox if you want Devtron to . Also, you will have to provide a list of repositories (present within your registry) for Devtron to successfully pull the helm charts.

Upon enabling this option, Devtron can use your OCI registry as the chart source and pull the helm charts to display them on your for easy deployment.

In the List of repositories field, add your chart repo(s). The format should be username/chartname. You can from your registry provider account.

Figure 3: Adding Chart Repos

Before you begin, create an and attach the ECR policy according to the authentication type.

User Auth: It is a key-based authentication, attach the ECR policy (AmazonEC2ContainerRegistryFullAccess) to the .

Provide the password/ corresponding to your docker hub account. It is recommended to use Token for security purpose.

For Azure, the service principal authentication method can be used to authenticate with username and password. Visit this to get the username and password for this registry.

JSON key file authentication method can be used to authenticate with username and service account JSON file. Visit this to get the username and service account JSON file for this registry.

Chart Store
find the username
IAM user
link
link
IAM user
Token
Registry Providers
pull helm charts from your registry and display them on chart store
Supported Registry Providers
helm charts
OCI registry
helm charts