Countly Enterprise's Docker images with Authentication Plugin packages are hosted on Google Artifact Registry. Users will require a Google-managed Service Account key in order to authenticate with Artifact Registry's private repository and get access to Docker images.
In order to generate a Service Account key, please create a support ticket requesting Docker access and our Support Team will assist with its creation.
Please refer to the Images with Auth Plugin Packages guide to get more details regarding the Docker images provided by Countly.
Here is the list of image names:
- ad-api - Active directory API container
- ad-frontend - Active directory Frontend container
- cognito-api - Cognito API container
- cognito-frontend - Cognito Frontend container
- ldap-api - LDAP API container
- ldap-frontend - LDAP Frontend container
- okta-api - OKTA API container
- okta-frontend - OKTA Frontend container
You need to select image based on what authentication you would use
Authenticating and Pulling Images from Artifact Registry
For Kubernetes
Kubernetes uses Secrets to authenticate or store the credentials to access a Docker registry for images.
Use the steps below to create a Kubernetes Secret.
1. Fetch service account email from service account key:
cat serviceaccount.json | grep client_email # Value used in docker-email key
2. Create a Kubernetes Secret:
kubectl create secret docker-registry artifact-registry \
--docker-server=https://us-docker.pkg.dev \
--docker-email=<service account email address> \
--docker-username=_json_key \
--docker-password="$(cat serviceaccount.json)"
3. Verify the creation of Kubernetes Secret:
kubectl get secrets | grep artifact-registry
After generating the Docker config Secret, you can use the Secret in the Kubernetes Pod deployment file under the spec section to pull the required image, as in the example configuration below:
spec:
imagePullSecrets:
- name: artifact-registry
containers:
- name: countly-frontend
image: us-docker.pkg.dev/countly-01/auth-plugins/ad-frontend:latest
imagePullPolicy: Always
The above configuration needs to be applied to both of the deployment files, i.e., API and Frontend.