Registry
Registry credentials required to pull Scrydon charts and images
Scrydon ships as private container images and a private Helm chart, both hosted in Azure Container Registry (scrydonops.azurecr.io). There is no public registry or Git mirror. Before you can pull either, your account team issues a customer-scoped registry credential. Request one alongside your license at sales@scrydon.com.
The credential arrives as a JSON bundle:
{
"registry": "scrydonops.azurecr.io",
"username": "customer-acme-prod",
"password": "…",
"scopeMap": "scrydon-customer-pull"
}username is the ACR token name; password is its value. The token is pull-only and scoped to exactly the repositories your install needs: the Scrydon app images, the chart, and the third-party mirrors. It cannot push or delete, and it cannot read anything else in the registry.
One credential covers both pulls:
- Chart pull:
helmauthenticates with it to fetch the chart fromoci://scrydonops.azurecr.io/scrydon/charts/scrydon. - Image pull: the kubelet authenticates with it via a Kubernetes image-pull Secret referenced from
global.imagePullSecrets.
1. Log in to the registry
helm registry login scrydonops.azurecr.io --username <username>
# paste <password> when promptedThis lets helm pull and helm install fetch the chart.
2. Create an image-pull Secret
Create the release namespace and a docker-registry Secret in it so the kubelet can pull the app images:
kubectl create namespace scrydon-platform 2>/dev/null || true
kubectl create secret docker-registry scrydon-registry \
--namespace scrydon-platform \
--docker-server=scrydonops.azurecr.io \
--docker-username=<username> \
--docker-password=<password>The chart defaults every service to the
scrydon-platformnamespace. Splitting services across namespaces is opt-in vianamespaces.*. If you do, create the same pull secret in each namespace you target. See the Helm reference.
3. Wire it into Helm values
Point the chart at the registry and reference the pull Secret:
global:
imageRegistry: scrydonops.azurecr.io # prefix every image ref with the ACR
imagePullSecrets:
- name: scrydon-registry # the Secret you created in step 2For an air-gapped cluster, mirror the images into your own internal registry and set global.imageRegistry to it instead. See Air-Gapped Deployment. The full per-location walkthrough lives on On-Premise and Azure (AKS).
Keep the bundle out of source control.
passwordis a live pull credential. Treat it like any other secret: store it in your secret manager and restrict who can read it.