Custom image registry
You can configure Airbyte to pull Docker images from a custom image registry. In this case, Airbyte pulls both platform images (e.g. server
, webapp
, workload-launcher
, etc.) and connector images (e.g. Postgres Source, S3 Destination, etc.) from the configured registry.
Implementing Airbyte this way has several advantages.
- Security: Private custom image registries keep images in your network, reducing the risk of external threats.
- Access control: You have more control over who can access and modify images.
- Compliance: By keeping images in a controlled environment, it's easier to prove compliance with regulatory requirements for data storage and handling.
Before you start
Set up your custom image registry. The examples in this article use GitHub, but you have many options. Here are some popular ones:
Cloud provider | Service name | Documentation |
---|---|---|
Google Cloud | Artifact Registry | Quickstart |
AWS | Amazon ECR | Getting started with Amazon ECR |
Azure | Container Registry | Quickstart |
DockerHub | Repositories | DockerHub Quickstart |
GitHub | Container Registry | Working with the Container registry |
Self hosted | Open-source Docker Registry | Deploy a registry server |
Get a list of all Airbyte images
To get a list of Airbyte images for the latest version, use abctl.
abctl images manifest
You should see something like this:
airbyte/bootloader:1.3.1
airbyte/connector-builder-server:1.3.1
airbyte/connector-sidecar:1.3.1
airbyte/container-orchestrator:1.3.1
airbyte/cron:1.3.1
airbyte/db:1.3.1
airbyte/mc:latest
airbyte/server:1.3.1
airbyte/webapp:1.3.1
airbyte/worker:1.3.1
airbyte/workload-api-server:1.3.1
airbyte/workload-init-container:1.3.1
airbyte/workload-launcher:1.3.1
bitnami/kubectl:1.28.9
busybox:1.35
busybox:latest
curlimages/curl:8.1.1
minio/minio:RELEASE.2023-11-20T22-40-07Z
temporalio/auto-setup:1.23.0
Step 1: Customize Airbyte to use your image registry
To pull all platform and connector images from a custom image registry, add the following customization to Airbyte's values.yaml
file, replacing the registry
value with your own registry location.
global:
image:
registry: ghcr.io/NAMESPACE
If you're using private images, you can authenticate with Kubernetes secrets.
-
Create a Kubernetes secret. In this example, you create a secret called
regcred
from a config file. That file contains authentication information for a private custom image registry. Learn more about Kubernetes secrets.kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson -
Add the secret you created to your
values.yaml
file. In this example, you use yourregcred
secret to authenticate.values.yamlglobal:
image:
registry: ghcr.io/NAMESPACE
imagePullSecrets:
- name: regcred
Step 2: Tag and push Airbyte images
-
Authenticate with your custom image registry so you can push Airbyte images. In this example, you use a personal access token for GitHub, but the exact process depends on the image registry you're using.
$ export CR_PAT=YOUR_TOKEN
$ echo $CR_PAT | docker login ghcr.io -u USERNAME --password-stdin
Login Succeeded -
Tag and push Airbyte's images to your custom image registry. In this example, you tag all Airbyte images and push them all to GitHub.
abctl images manifest | xargs -L1 -I{} docker tag {} ghcr.io/NAMESPACE/{} && docker push ghcr.io/NAMESPACE/{}
Now, when you install Airbyte, images will come from the custom image registry you configured.