OCI Configuration

Configure container registry settings

The oci section configures settings for Open Container Initiative (OCI) registries. The Apollo GraphOS Operator uses OCI registries to fetch GraphQL schemas that are stored as OCI artifacts, such as when a subgraph or supergraph references an ociImage or oci source.

Configuration

Field	Type	Default	Description
`httpOnlyRegistries`	`array`	`[]`	Registries exempt from HTTPS requirement

Example

YAML

1oci:
2  httpOnlyRegistries:
3    - "localhost:5000"
4    - "registry.local:5000"

Use Cases

Local Development

YAML

1oci:
2  httpOnlyRegistries:
3    - "localhost:5000"

Internal Registries

YAML

1oci:
2  httpOnlyRegistries:
3    - "registry.internal.company.com"
4    - "dev-registry.company.com"

Security Considerations

⚠️ Warning: Using HTTP-only registries can expose your container images to security vulnerabilities. Only use in:

Local development environments
Isolated internal networks
Testing environments with controlled access

For production, always use HTTPS-enabled registries.

Subgraph Reference

Development and Tooling

From Federation 1 to 2

Server-Driven UI

Publishing

Contracts

SAML

OIDC

Authentication

Router Telemetry

Log Exporters

Metrics Exporters

Trace Exporters

Instrumentation

Subgraph Observability

Client Observability

OpenTelemetry

GraphQL Subscriptions

Coprocessors

Rhai Scripts

Custom Builds

Dedicated

AWS Lattice

OCI Configuration

Configuration

Example

Use Cases

Local Development

Internal Registries

Security Considerations