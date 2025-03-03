Private Registry Configuration
Configure authentication for private container registries
The Apollo GraphOS Operator supports authentication with private container registries to fetch GraphQL schemas stored as OCI artifacts.
Configuration Methods
1. Docker Helper
The operator comes bundled with credential helpers for Amazon ECR and Google Artifact Registry.
YAML
1# For Amazon ECR
2container:
3 envFrom:
4 - secretRef:
5 name: aws-credentials
6dockerConfig:
7 credHelpers:
8 '<account-id>.dkr.ecr.<region>.amazonaws.com': ecr-login
Text
1# For Google Artifact Registry
2podTemplate:
3 volumes:
4 - name: gcp-credentials
5 secret:
6 secretName: gcp-credentials
7container:
8 volumeMounts:
9 - name: gcp-credentials
10 mountPath: /.config/gcloud
11 readOnly: true
12dockerConfig:
13 credHelpers:
14 '<region>-docker.pkg.dev': gcr
2. Mount Docker Config Secret
For sensitive credentials or other registries, mount a Kubernetes secret at
/.docker:
YAML
1# Create the secret
2apiVersion: v1
3kind: Secret
4metadata:
5 name: docker-config
6type: kubernetes.io/dockerconfigjson
7data:
8 config.json: <base64-encoded-docker-config>
YAML
1# Mount in Helm values
2podTemplate:
3 volumes:
4 - name: docker-config
5 secret:
6 secretName: docker-config
7 volumeMounts:
8 - name: docker-config
9 mountPath: /.docker
10 readOnly: true