ashwin/nxtgauge-gitops
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nxtgauge-gitops/ops/woodpecker-registry-pull
History
Exact
Ashwin Kumar Sivakumar 75acea11eb fix: registry ingress + woodpecker pulls + registry dns overrides
2026-04-17 05:25:04 +05:30
..
kustomization.yaml fix: registry ingress + woodpecker pulls + registry dns overrides 2026-04-17 05:25:04 +05:30
README.md fix: registry ingress + woodpecker pulls + registry dns overrides 2026-04-17 05:25:04 +05:30
serviceaccount-default.yaml fix: registry ingress + woodpecker pulls + registry dns overrides 2026-04-17 05:25:04 +05:30

README.md

Woodpecker: allow pulling from private registry

Woodpecker pipelines run as Kubernetes pods in the woodpecker namespace. If pipeline step images use registry.nxtgauge.com/... (private, Basic auth), kubelet needs an imagePullSecret.

This is required for base images (example registry.nxtgauge.com/rust:alpine) and also for any mirrored plugin images (example registry.nxtgauge.com/kaniko:2.1.1).

Required secret

Create this once:

kubectl -n woodpecker create secret docker-registry registry-nxtgauge-pull \
  --docker-server=registry.nxtgauge.com \
  --docker-username="<REGISTRY_USERNAME>" \
  --docker-password="<REGISTRY_PASSWORD>" \
  --docker-email="ci@nxtgauge.com"

Mirroring common plugin images (optional)

If your pipelines reference plugin images from the internal registry (example registry.nxtgauge.com/kaniko:2.1.1) make sure those images exist in the registry.

Example mirror from Docker Hub to internal:

docker pull woodpeckerci/plugin-kaniko:2.1.1
docker tag woodpeckerci/plugin-kaniko:2.1.1 registry.nxtgauge.com/kaniko:2.1.1
docker push registry.nxtgauge.com/kaniko:2.1.1

What this kustomize applies

It patches/ensures the default ServiceAccount in woodpecker includes:

  • imagePullSecrets: [registry-nxtgauge-pull]