Scrydon
DeploymentPrerequisites

Registry

Registry credentials required to pull Scrydon charts and images

Scrydon ships as private container images and a private Helm chart, both hosted in Azure Container Registry (scrydonops.azurecr.io). There is no public registry or Git mirror. Before you can pull either, your account team issues a customer-scoped registry credential. Request one alongside your license at sales@scrydon.com.

The credential arrives as a JSON bundle:

{
  "registry": "scrydonops.azurecr.io",
  "username": "customer-acme-prod",
  "password": "…",
  "scopeMap": "scrydon-customer-pull"
}

username is the ACR token name; password is its value. The token is pull-only and scoped to exactly the repositories your install needs: the Scrydon app images, the chart, and the third-party mirrors. It cannot push or delete, and it cannot read anything else in the registry.

One credential covers both pulls:

  • Chart pull: helm authenticates with it to fetch the chart from oci://scrydonops.azurecr.io/scrydon/charts/scrydon.
  • Image pull: the kubelet authenticates with it via a Kubernetes image-pull Secret referenced from global.imagePullSecrets.

1. Log in to the registry

helm registry login scrydonops.azurecr.io --username <username>
# paste <password> when prompted

This lets helm pull and helm install fetch the chart.

2. Create an image-pull Secret

Create the release namespace and a docker-registry Secret in it so the kubelet can pull the app images:

kubectl create namespace scrydon-platform 2>/dev/null || true

kubectl create secret docker-registry scrydon-registry \
  --namespace scrydon-platform \
  --docker-server=scrydonops.azurecr.io \
  --docker-username=<username> \
  --docker-password=<password>

The chart defaults every service to the scrydon-platform namespace. Splitting services across namespaces is opt-in via namespaces.*. If you do, create the same pull secret in each namespace you target. See the Helm reference.

3. Wire it into Helm values

Point the chart at the registry and reference the pull Secret:

global:
  imageRegistry: scrydonops.azurecr.io   # prefix every image ref with the ACR
  imagePullSecrets:
    - name: scrydon-registry             # the Secret you created in step 2

For an air-gapped cluster, mirror the images into your own internal registry and set global.imageRegistry to it instead. See Air-Gapped Deployment. The full per-location walkthrough lives on On-Premise and Azure (AKS).

Keep the bundle out of source control. password is a live pull credential. Treat it like any other secret: store it in your secret manager and restrict who can read it.

On this page

On this page