Skip to content

ArkadiumInc/registryconfigjson

BranchesTags

Repository files navigation

Registry Config Secrets Helm Chart

A Helm chart for creating multiple Docker registry secrets with dockerconfigjson format in Kubernetes.

Overview

This chart allows you to create multiple Docker registry authentication secrets from a single configuration. It's useful for managing access to various container registries like:

  • Docker Hub
  • Azure Container Registry (ACR) - Specialized support for multiple ACR instances
  • AWS Elastic Container Registry (ECR)
  • Google Container Registry (GCR)
  • Custom private registries

For Azure Container Registry users: See AZURE-ACR-GUIDE.md for specialized documentation and examples for working with multiple ACR instances, including Azure Workload Identity support.

Features

  • Create multiple registry secrets from a single chart
  • Support for different registry types
  • Configurable namespaces per secret
  • Custom labels and annotations
  • Optional RBAC support
  • Helm templating for dynamic configuration

Installation

Basic Installation

# Install with default values
helm install registry-secrets ./registryconfigjson

# Install in a specific namespace
helm install registry-secrets ./registryconfigjson --namespace my-namespace

Custom Configuration

Create a custom values file (my-values.yaml):

registries:
  docker-hub:
    enabled: true
    namespace: default
    secretName: docker-hub-secret
    username: "my-dockerhub-username"
    password: "my-dockerhub-password"
    email: "[email protected]"
    registry: "https://index.docker.io/v1/"
    
  azure-acr:
    enabled: true
    namespace: production
    secretName: azure-acr-secret
    username: "my-acr-username"
    password: "my-acr-password"
    email: "[email protected]"
    registry: "myregistry.azurecr.io"

Install with custom values:

helm install registry-secrets ./registryconfigjson -f my-values.yaml

Configuration

Global Settings

Parameter Description Default
global.namespace Default namespace for secrets default
global.secretType Kubernetes secret type kubernetes.io/dockerconfigjson

Registry Configuration

Each registry entry supports the following parameters:

Parameter Description Required
enabled Whether to create this secret true
namespace Kubernetes namespace for the secret default
secretName Name of the Kubernetes secret Auto-generated
username Registry username Yes
password Registry password/token Yes
email Registry email Yes
registry Registry URL Yes

Labels and Annotations

labels:
  app: registry-config-secrets
  environment: production

annotations:
  description: "Docker registry authentication secret"
  managed-by: helm

RBAC Configuration

rbac:
  enabled: true
  serviceAccount:
    create: true
    name: "registry-config-secrets"
    annotations:
      eks.amazonaws.com/role-arn: "arn:aws:iam::123456789012:role/my-role"

Examples

Docker Hub

registries:
  docker-hub:
    enabled: true
    namespace: default
    secretName: docker-hub-secret
    username: "your-dockerhub-username"
    password: "your-dockerhub-password"
    email: "[email protected]"
    registry: "https://index.docker.io/v1/"

Azure Container Registry

registries:
  azure-acr:
    enabled: true
    namespace: production
    secretName: azure-acr-secret
    username: "your-acr-username"
    password: "your-acr-password"
    email: "[email protected]"
    registry: "your-registry.azurecr.io"

For multiple ACR instances and Azure Workload Identity support, see AZURE-ACR-GUIDE.md

AWS ECR

registries:
  aws-ecr:
    enabled: true
    namespace: default
    secretName: aws-ecr-secret
    username: "AWS"
    password: "your-ecr-token"
    email: "[email protected]"
    registry: "your-account.dkr.ecr.region.amazonaws.com"

Google Container Registry

registries:
  gcr:
    enabled: true
    namespace: default
    secretName: gcr-secret
    username: "_json_key"
    password: "your-gcr-json-key"
    email: "[email protected]"
    registry: "gcr.io"

Usage in Deployments

Once the secrets are created, you can reference them in your deployments:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  template:
    spec:
      imagePullSecrets:
        - name: docker-hub-secret
        - name: azure-acr-secret
      containers:
        - name: my-app
          image: myregistry.azurecr.io/my-app:latest

Security Considerations

  1. Never commit sensitive credentials to version control
  2. Use Kubernetes secrets or external secret management tools
  3. Consider using service accounts with IAM roles (AWS ECR)
  4. Rotate credentials regularly
  5. Use least privilege principle for registry access

Troubleshooting

Check Secret Creation

# List all secrets created by the chart
kubectl get secrets -l app=registry-config-secrets

# Check a specific secret
kubectl describe secret docker-hub-secret

Validate Docker Config

# Decode and validate the dockerconfigjson
kubectl get secret docker-hub-secret -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq .

Common Issues

  1. Invalid registry URL: Ensure the registry URL is correct and accessible
  2. Authentication failed: Verify username/password credentials
  3. Namespace issues: Ensure the target namespace exists
  4. Secret name conflicts: Use unique secret names across namespaces

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests if applicable
  5. Submit a pull request

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 - Initial Release Latest
Aug 29, 2025

Packages

 
 
 

Contributors

Languages