Skip to main content
How to manage the credentials for working with OCI-compatible registries in Orka 3.0. If you want to work with private OCI images, you need to manage the credentials for the respective registries locally in your cluster. Note that:
  • You can store only one set of credentials per registry per namespace.
  • You need to store every set of credentials in every namespace where you might need them.
  • Only cluster administrators can manage the registry credentials.
Orka stores the registry credentials as a Kubernetes secret.

List the available registry credentials

Orka CLI

orka3 regcred list  
  
OR  
  
orka3 regcred list --namespace <NAMESPACE>

Orka API

curl -X 'GET' \  
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>'

Add registry credentials

Note that the <SERVER_ADDRESS> for the registry must include the scheme, hostname, and (optionally) port. For example, https://ghcr.io or https://10.221.188.5:30080.

Orka CLI

orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password <PASSWORD>  
  
OR  
  
orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password <PASSWORD> --namespace <NAMESPACE>

Orka API

curl -X 'POST' \  
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials/add' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>' \  
-H 'Content-Type: application/json' \  
-d '{  
"password": "<PASSWORD>",  
"server": "<SERVER_ADDRESS>",  
"username": "<USERNAME>"  
}'
If you are adding a server address with the HTTP scheme, you need to allow working with insecure registries.

Orka CLI

orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password <PASSWORD> --allow-insecure

Orka API

curl -X 'POST' \  
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials/add' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>' \  
-H 'Content-Type: application/json' \  
-d '{  
"allowInsecure": true,  
"password": "<PASSWORD>",  
"server": "<SERVER_ADDRESS>",  
"username": "<USERNAME>"  
}'
In the Orka3 CLI you can also read the password via stdin.

Orka CLI

echo -n '<PASSWORD>' | orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password-stdin  
  
OR  
  
orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password-stdin < <FILE_NAME>

Override registry credentials

If you need to change the credentials already added for an OCI-compatible registry, you can replace them.

Orka CLI

orka3 regcred add <SERVER_ADDRESS> --username <USERNAME> --password <PASSWORD> --replace

Orka API

curl -X 'POST' \  
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials/add' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>' \  
-H 'Content-Type: application/json' \  
-d '{  
"password": "<PASSWORD>",  
"replace": true  
"server": "<SERVER_ADDRESS>",  
"username": "<USERNAME>"  
}'

Remove registry credentials

Orka CLI

orka3 regcred remove <SERVER_ADDRESS>  
  
OR  
  
orka3 regcred remove <SERVER_ADDRESS> --namespace <NAMESPACE>

Orka API

curl -X 'DELETE' \  
'<ORKA_API_URL>/api/v1/namespaces/<NAMESPACE>/secrets/registrycredentials/remove' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>' \  
-H 'Content-Type: application/json' \  
-d '{  
"server": "<SERVER_ADDRESS>"  
}'

(CLI-Only) Get help

orka3 regcred --help  
orka3 regcred list --help  
orka3 regcred add --help  
orka3 regcred remove --help