OCI Images: Manage Registry Credentials
How to manage the credentials for working with OCI-compatible registries in Orka 3.0.
Quick navigation
Jump to: List the available registry credentials | Add registry credentials | Override registry credentials | Remove registry credentials | (CLI-Only) Get help
If you want to work with private OCI images, you need to manage the credentials for the respective registries locally in your cluster. Note that:
- You can store only one set of credentials per registry per namespace.
- You need to store every set of credentials in every namespace where you might need them.
- Only cluster administrators can manage the registry credentials.
Orka stores the registry credentials as a Kubernets secret.
List the available registry credentials
orka3 regcred list
OR
orka3 regcred list --namespace <NAMESPACE>
curl -X 'GET' \
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
Add registry credentials
Note that the <SERVER_ADDRESS> for the registry must include the scheme, hostname, and (optionally) port. For example, https://ghcr.io or https://10.221.188.5:30080.
orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password <PASSWORD>
OR
orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password <PASSWORD> --namespace <NAMESPACE>
curl -X 'POST' \
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials/add' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"password": "<PASSWORD>",
"server": "<SERVER_ADDRESS>",
"username": "<USERNAME>"
}'
If you are adding a server address with the HTTP scheme, you need to allow working with insecure registries.
orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password <PASSWORD> --allow-insecure
curl -X 'POST' \
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials/add' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"allowInsecure": true,
"password": "<PASSWORD>",
"server": "<SERVER_ADDRESS>",
"username": "<USERNAME>"
}'
In the Orka3 CLI you can also read the password via stdin.
echo -n '<PASSWORD>' | orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password-stdin
OR
orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password-stdin < <FILE_NAME>
Override registry credentials
If you need to change the credentials already added for an OCI-compatible registry, you can replace them.
orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password <PASSWORD> --replace
curl -X 'POST' \
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials/add' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"password": "<PASSWORD>",
"replace": true
"server": "<SERVER_ADDRESS>",
"username": "<USERNAME>"
}'
Remove registry credentials
orka3 regcred remove <SERVER_ADDRESS>
OR
orka3 regcred remove <SERVER_ADDRESS> --namespace <NAMESPACE>
curl -X 'DELETE' \
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials/remove' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"server": "<SERVER_ADDRESS>"
}'
(CLI-Only) Get help
orka3 regcred --help
orka3 regcred list --help
orka3 regcred add --help
orka3 regcred remove --help
See also
Updated almost 2 years ago