Pull Images from Private Registry

You can configure Sysdig Helm charts to pull container images from a private registry that requires authentication.

Prerequisites

Collect the following information associated with your private registry:

Registry URL
Username
Access token or password
Email address

Create a Secret for Registry Credentials

Create a Kubernetes secret that stores your private registry credentials.

  kubectl create secret docker-registry <SECRET_NAME> \
  --docker-server=<SERVER> \
  --docker-username=<USERNAME> \
  --docker-password=<TOKEN> \
  --docker-email=<YOUR-EMAIL>

Replace the placeholders with your registry information.

Configure Helm Charts

Update the helm installation command or values.yaml with the following parameters. You can use either your current one or from the Kubernetes installation instructions.

Replace the placeholders with your registry information:

helm install ... \

 --set global.imageRegistry=<IMAGE_REGISTRY> \

# Use global pullSecrets and pullPolicy params if they’re shared

 --set 'global.image.pullSecrets[0].name'=<SECRET_NAME> \
 --set global.image.pullPolicy=<PULL_POLICY> \
 --set agent.repository=<IMAGE_REPOSITORY> \
 --set nodeAnalyzer.nodeAnalyzer.runtimeScanner.image.repository=<IMAGE_REPOSITORY> \
 --set nodeAnalyzer.nodeAnalyzer.benchmarkRunner.image.repository=<IMAGE_REPOSITORY> \
 --set nodeAnalyzer.nodeAnalyzer.hostScanner.image.repository=<IMAGE_REPOSITORY> \
 --set nodeAnalyzer.nodeAnalyzer.kspmAnalyzer.image.repository=<IMAGE_REPOSITORY> \
 --set nodeAnalyzer.nodeAnalyzer.imageAnalyzer.image.repository=<IMAGE_REPOSITORY> \
 --set kspmCollector.repository=<IMAGE_REPOSITORY>

# You can use the specific params to override the pullSecrets and pullPolicy if needed for agent

# --set 'agent.image.pullSecrets[0].name'=<SECRET_NAME> \

# --set agent.image.pullPolicy=<PULL_POLICY> \

# for nodeAnalyzer

# --set 'nodeAnalyzer.nodeAnalyzer.pullSecrets[0]'=<SECRET_NAME> \

# --set nodeAnalyzer.nodeAnalyzer.runtimeScanner.image.pullPolicy=<PULL_POLICY> \

# --set nodeAnalyzer.nodeAnalyzer.benchmarkRunner.image.pullPolicy=<PULL_POLICY> \

# --set nodeAnalyzer.nodeAnalyzer.hostScanner.image.pullPolicy=<PULL_POLICY> \

# --set nodeAnalyzer.nodeAnalyzer.kspmAnalyzer.image.pullPolicy=<PULL_POLICY> \

# --set nodeAnalyzer.nodeAnalyzer.imageAnalyzer.image.pullPolicy=<PULL_POLICY> \

# for kspmCollector

# --set 'kspmCollector.imagePullSecrets[0].name'=<SECRET_NAME>

# --set kspmCollector.image.pullPolicy=<PULL_POLICY>

global:
  imageRegistry: <IMAGE_REGISTRY>
  # Optional shared image pullSecrets and pullPolicy
  image:
    pullSecrets:
      - name: <SECRET_NAME>
    pullPolicy: <PULL_POLICY>

# This pulls the agent image from the private repository
agent:
  image:
    # Specific pullSecrets and pullPolicy override for agent
    # pullSecrets
    # - name: <SECRET_NAME>
    # pullPolicy: <PULL_POLICY>
    repository: <IMAGE_REPOSITORY>

# This pulls the nodeAnalyzer images from the private repository
nodeAnalyzer:
  # Specific pullSecrets override for nodeAnalyzer
  # nodeAnalyzer
  # pullSecrets
  # - name: <SECRET_NAME>
  hostScanner:
    image:
      repository: <IMAGE_REPOSITORY>
      # Specific pullPolicy override for hostScanner
      # pullPolicy: <PULL_POLICY>
  runtimeScanner:
    image:
      repository: <IMAGE_REPOSITORY>
      # Specific pullPolicy override for runtimeScanner
      # pullPolicy: <PULL_POLICY>
  kspmAnalyzer:
    image:
      repository: <IMAGE_REPOSITORY>
      # Specific pullPolicy override for kspmAnalyzer
      # pullPolicy: <PULL_POLICY>

# This pulls the KSPM collector image from a private repository
kspmCollector:
  repository: <IMAGE_REPOSITORY>
  # Specific pullSecrets and pullPolicy override
  # imagePullSecrets
  # - name: <SECRET_NAME>
  # image
  # pullPolicy: <PULL_POLICY>

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.