Version: v0.12.x

Container Registry Configuration

The Build Plane requires a container registry to store built images. Both build pods (for pushing) and kubelets on the Data Plane (for pulling) need access to the registry.

Configuration Parameters

Parameter	Description	Required
`global.defaultResources.registry.host`	Registry hostname	Yes
`global.defaultResources.registry.repoPath`	Path prefix for images	No
`global.defaultResources.registry.tlsVerify`	Verify TLS certificates	No (default: `false`)

Registry Providers

Amazon ECR

See Amazon ECR documentation for repository setup and IAM configuration.

helm upgrade --install openchoreo-build-plane oci://ghcr.io/openchoreo/helm-charts/openchoreo-build-plane \
  --namespace openchoreo-build-plane \
  --set global.defaultResources.registry.host=123456789.dkr.ecr.us-east-1.amazonaws.com \
  --set global.defaultResources.registry.repoPath=openchoreo-builds \
  --set global.defaultResources.registry.tlsVerify=true

Google Artifact Registry

See Artifact Registry documentation for repository setup and authentication.

helm upgrade --install openchoreo-build-plane oci://ghcr.io/openchoreo/helm-charts/openchoreo-build-plane \
  --namespace openchoreo-build-plane \
  --set global.defaultResources.registry.host=us-central1-docker.pkg.dev/my-project/openchoreo-builds \
  --set global.defaultResources.registry.tlsVerify=true

Azure Container Registry

See ACR documentation for registry setup and AKS integration.

helm upgrade --install openchoreo-build-plane oci://ghcr.io/openchoreo/helm-charts/openchoreo-build-plane \
  --namespace openchoreo-build-plane \
  --set global.defaultResources.registry.host=myregistry.azurecr.io \
  --set global.defaultResources.registry.tlsVerify=true

GitHub Container Registry

See GHCR documentation for authentication setup.

helm upgrade --install openchoreo-build-plane oci://ghcr.io/openchoreo/helm-charts/openchoreo-build-plane \
  --namespace openchoreo-build-plane \
  --set global.defaultResources.registry.host=ghcr.io \
  --set global.defaultResources.registry.repoPath=my-org/openchoreo \
  --set global.defaultResources.registry.tlsVerify=true

Docker Hub

See Docker Hub documentation for repository setup. Note the rate limits for free accounts.

helm upgrade --install openchoreo-build-plane oci://ghcr.io/openchoreo/helm-charts/openchoreo-build-plane \
  --namespace openchoreo-build-plane \
  --set global.defaultResources.registry.host=docker.io \
  --set global.defaultResources.registry.repoPath=your-username \
  --set global.defaultResources.registry.tlsVerify=true

Authentication

Push Secret (Build Plane)

For registries requiring authentication, create a secret in the build plane namespace:

kubectl create secret docker-registry registry-push-secret \
  --namespace openchoreo-build-plane \
  --docker-server=REGISTRY_HOST \
  --docker-username=USERNAME \
  --docker-password=PASSWORD

Pull Secret (Data Plane)

For pulling images from private registries, see Deploy from a Private Registry.

Troubleshooting

Symptom	Check
"unauthorized" error	Verify `registry-push-secret` exists and credentials are valid
`ImagePullBackOff`	Verify image exists and ImagePullSecret is configured
"x509: certificate signed by unknown authority"	Set `tlsVerify=false` or configure CA certificate
"connection refused"	Check network connectivity and firewall rules

Configuration Parameters​

Registry Providers​

Amazon ECR​

Google Artifact Registry​

Azure Container Registry​

GitHub Container Registry​

Docker Hub​

Authentication​

Push Secret (Build Plane)​

Pull Secret (Data Plane)​

Troubleshooting​