Pull Images from Private Registry
You can configure Sysdig Helm charts to pull container images from a private registry that requires authentication.
Prerequisites
Collect the following information associated with your private registry:
- Registry URL
- Username
- Access token or password
- Email address
Create a Secret for Registry Credentials
Create a Kubernetes secret that stores your private registry credentials.
kubectl create secret docker-registry <SECRET_NAME> \
--docker-server=<SERVER> \
--docker-username=<USERNAME> \
--docker-password=<TOKEN> \
--docker-email=<YOUR-EMAIL>
Replace the placeholders with your registry information.
Configure Helm Charts
Update the helm installation command or values.yaml
with the following parameters. You can use either your current one or from the Kubernetes installation instructions.
Replace the placeholders with your registry information:
helm install ... \
--set global.imageRegistry=<IMAGE_REGISTRY> \
# Use global pullSecrets and pullPolicy params if they’re shared
--set 'global.image.pullSecrets[0].name'=<SECRET_NAME> \
--set global.image.pullPolicy=<PULL_POLICY> \
--set agent.repository=<IMAGE_REPOSITORY> \
--set nodeAnalyzer.nodeAnalyzer.runtimeScanner.image.repository=<IMAGE_REPOSITORY> \
--set nodeAnalyzer.nodeAnalyzer.benchmarkRunner.image.repository=<IMAGE_REPOSITORY> \
--set nodeAnalyzer.nodeAnalyzer.hostScanner.image.repository=<IMAGE_REPOSITORY> \
--set nodeAnalyzer.nodeAnalyzer.kspmAnalyzer.image.repository=<IMAGE_REPOSITORY> \
--set nodeAnalyzer.nodeAnalyzer.imageAnalyzer.image.repository=<IMAGE_REPOSITORY> \
--set kspmCollector.repository=<IMAGE_REPOSITORY>
# You can use the specific params to override the pullSecrets and pullPolicy if needed for agent
# --set 'agent.image.pullSecrets[0].name'=<SECRET_NAME> \
# --set agent.image.pullPolicy=<PULL_POLICY> \
# for nodeAnalyzer
# --set 'nodeAnalyzer.nodeAnalyzer.pullSecrets[0]'=<SECRET_NAME> \
# --set nodeAnalyzer.nodeAnalyzer.runtimeScanner.image.pullPolicy=<PULL_POLICY> \
# --set nodeAnalyzer.nodeAnalyzer.benchmarkRunner.image.pullPolicy=<PULL_POLICY> \
# --set nodeAnalyzer.nodeAnalyzer.hostScanner.image.pullPolicy=<PULL_POLICY> \
# --set nodeAnalyzer.nodeAnalyzer.kspmAnalyzer.image.pullPolicy=<PULL_POLICY> \
# --set nodeAnalyzer.nodeAnalyzer.imageAnalyzer.image.pullPolicy=<PULL_POLICY> \
# for kspmCollector
# --set 'kspmCollector.imagePullSecrets[0].name'=<SECRET_NAME>
# --set kspmCollector.image.pullPolicy=<PULL_POLICY>
global:
imageRegistry: <IMAGE_REGISTRY>
# Optional shared image pullSecrets and pullPolicy
image:
pullSecrets:
- name: <SECRET_NAME>
pullPolicy: <PULL_POLICY>
# This pulls the agent image from the private repository
agent:
image:
# Specific pullSecrets and pullPolicy override for agent
# pullSecrets
# - name: <SECRET_NAME>
# pullPolicy: <PULL_POLICY>
repository: <IMAGE_REPOSITORY>
# This pulls the nodeAnalyzer images from the private repository
nodeAnalyzer:
# Specific pullSecrets override for nodeAnalyzer
# nodeAnalyzer
# pullSecrets
# - name: <SECRET_NAME>
hostScanner:
image:
repository: <IMAGE_REPOSITORY>
# Specific pullPolicy override for hostScanner
# pullPolicy: <PULL_POLICY>
runtimeScanner:
image:
repository: <IMAGE_REPOSITORY>
# Specific pullPolicy override for runtimeScanner
# pullPolicy: <PULL_POLICY>
kspmAnalyzer:
image:
repository: <IMAGE_REPOSITORY>
# Specific pullPolicy override for kspmAnalyzer
# pullPolicy: <PULL_POLICY>
# This pulls the KSPM collector image from a private repository
kspmCollector:
repository: <IMAGE_REPOSITORY>
# Specific pullSecrets and pullPolicy override
# imagePullSecrets
# - name: <SECRET_NAME>
# image
# pullPolicy: <PULL_POLICY>
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.