Skip to main content

Container Registry

AWS ECR

AWS ECR is used by default as the container registry. It works out of the box and is configured to scan each image on push for vulnerabilities. The details of the security scan can be viewed from the aws console directly. This is the most seamless and recommended container registry for use.

Other container registries can be integrated into the system as follows.

DockerHub container registry

Generate an access token that has read and write permissions to the package registry. Detailed instructions are on the DockerHub website here.

Within Argonaut, the following settings apply:

Argonaut CR Name: <dockerhub> # This is a label that is used to refer to these credentials within `art.yaml`
username: <project-name>
password: <api-token>
URL: docker.io

The CR name is used within the art.yaml service descriptor configuration to use these credentials for pulling and pushing images.

Gitlab Container Registry

Generate a personal access token that has read and write permissions to the package registry. Detailed instructions are on the gitlab website here.

Within Argonaut, the following settings apply:

Argonaut CR Name: <gitlabcr> # This is a label that is used to refer to these credentials within `art.yaml`
username: <project-name>
password: <api-token>
URL: registry.gitlab.com

The CR name is used within the art.yaml service descriptor configuration to use these credentials for pulling and pushing images.

Digital Ocean Container Registry

Generate an API token to login to the container registry as described in DigitalOcean docs. Within Argonaut, the following settings apply:

Argonaut CR Name: <my-do-cr> # This is a label that is used to refer to these credentials within `art.yaml`
username: <api-token>
password: <api-token>
URL: registry.digitalocean.com

The CR name is used within the art.yaml service descriptor configuration to use these credentials for pulling and pushing images.