PeSIT Wizard Admin

Appearance

Docker Registries

Docker registries allow you to configure image sources for PeSIT Wizard servers deployed on Kubernetes.

Registries

Add a Registry

Via the Interface

  1. Go to Registries
  2. Click Add Registry
  3. Fill in the connection information
  4. Click Create

Registry Form

Supported Registries

RegistryURLNotes
Docker Hubdocker.ioDefault public registry
GitHub Container Registryghcr.ioUse a PAT as password
Google Container Registrygcr.ioAuthentication via service account
Amazon ECR*.dkr.ecr.*.amazonaws.comTemporary tokens
Azure Container Registry*.azurecr.ioService principal
HarborCustom URLOpen-source private registry

Authentication

Docker Hub

yaml
name: Docker Hub
url: docker.io
username: myuser
password: dckr_pat_xxxxx

GitHub Container Registry (ghcr.io)

  1. Create a Personal Access Token (PAT) with read:packages permissions
  2. Use your GitHub username and the PAT as password
yaml
name: GitHub Registry
url: ghcr.io
username: my-github-user
password: ghp_xxxxxxxxxxxx

Private Registry

yaml
name: Private Registry
url: registry.mycompany.com
username: admin
password: secretpassword

Image Pull Secrets

When you create a registry with authentication, an imagePullSecret is automatically created in Kubernetes:

yaml
apiVersion: v1
kind: Secret
metadata:
  name: registry-secret-{id}
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: <base64-encoded-config>

This secret is automatically referenced in PeSIT Wizard deployments.

Usage in a Cluster

When creating a PeSIT Wizard cluster:

  1. Select the registry in Container Registry
  2. Specify the image: ghcr.io/pesitwizard/pesitwizard-enterprise/pesitwizard-server:latest
  3. The authentication secret is automatically associated

Best Practices

  1. Use dedicated tokens: Create one token per environment
  2. Minimal permissions: read:packages is sufficient for pulling
  3. Regular rotation: Renew tokens every 90 days
  4. Private registry for production: Avoid public registries in production
  5. Vulnerability scanning: Enable image scanning on your registry

Troubleshooting

"ImagePullBackOff" Error

  1. Verify that the registry is accessible from the cluster
  2. Verify the credentials
  3. Verify that the image exists
bash
# Manual test
kubectl get secret registry-secret-xxx -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d

Expired Token

Update the password in the console and redeploy the cluster.

PeSIT Wizard Enterprise - Console d'administration

Copyright © 2025