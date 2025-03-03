The Apollo GraphOS Operator supports authentication with private container registries to fetch GraphQL schemas stored as OCI artifacts.

Configuration Methods

1. Docker Helper

The operator comes bundled with credential helpers for Amazon ECR and Google Artifact Registry.

YAML copy 1 # For Amazon ECR 2 container : 3 envFrom : 4 - secretRef : 5 name : aws-credentials 6 dockerConfig : 7 credHelpers : 8 '<account-id>.dkr.ecr.<region>.amazonaws.com' : ecr-login

Text copy 1 # For Google Artifact Registry 2 podTemplate: 3 volumes: 4 - name: gcp-credentials 5 secret: 6 secretName: gcp-credentials 7 container: 8 volumeMounts: 9 - name: gcp-credentials 10 mountPath: /.config/gcloud 11 readOnly: true 12 dockerConfig: 13 credHelpers: 14 '<region>-docker.pkg.dev': gcr

2. Mount Docker Config Secret

For sensitive credentials or other registries, mount a Kubernetes secret at /.docker :

YAML copy 1 # Create the secret 2 apiVersion : v1 3 kind : Secret 4 metadata : 5 name : docker-config 6 type : kubernetes.io/dockerconfigjson 7 data : 8 config.json : <base64-encoded-docker-config>