Using a Private Docker Registry
For air-gapped environments or organizations with strict network policies, you can mirror all CrewAI Platform images to your private Docker registry. This guide covers pulling images from CrewAI’s registry and configuring the Helm chart to use your private registry.
Prerequisites
Step 1: Authenticate to CrewAI Registry
Access your registry credentials via the CrewAI enterprise customer portal at https://enterprise.crewai.com/crewai, or create a service account in the Team Settings section for automated access.
These are the same credentials used for Helm registry authentication. Replace customer@company.com with your actual customer email and [YOUR_SECRET_TOKEN] with the token provided in the customer portal.
# Export your authentication token
export AUTH_TOKEN=[YOUR_SECRET_TOKEN]
# Log in to the Docker registry
docker login images.crewai.com \
--username customer@company.com \
--password $AUTH_TOKEN
Step 2: Pull Required Images
Pull all required images from the CrewAI registry. The exact versions should match your Helm chart version.
Current Image List (Chart v0.1.56)
# Replicated SDK (required feature and license sync)
docker pull images.crewai.com/library/replicated-sdk-image:1.12.1
# CrewAI Platform application
docker pull images.crewai.com/proxy/crewai/crewai/crewai-enterprise-platform:0.12.1
# BuildKit for crew builds
docker pull images.crewai.com/proxy/crewai/crewai/crewai/buildkit:v0.25.1-rev6-e35d3a13
# Automation base image
docker pull images.crewai.com/proxy/crewai/crewai/crewai-enterprise-preinstalled-v2:latest
# Busybox (utility image for init containers and testing)
docker pull images.crewai.com/proxy/dockerhub/library/busybox:latest
# Redis (for caching and job queuing)
docker pull images.crewai.com/proxy/dockerhub/library/redis:latest
# Optional components (only pull if deploying these components):
# PostgreSQL database (if postgres.enabled=true)
docker pull images.crewai.com/proxy/crewai/dockerhub/library/postgres:16
# Internal Docker registry (if internalRegistry.enabled=true)
docker pull images.crewai.com/proxy/crewai/dockerhub/library/registry:2
# MinIO object storage (if minio.enabled=true)
docker pull images.crewai.com/proxy/crewai/dockerhub/minio/minio:latest
# CrewAI Built-in Integration
docker pull images.crewai.com/proxy/crewai/crewai/crewai-oauth:0.1-pre
Version Alignment: The image versions shown above correspond to Helm chart v0.1.56.
Step 3: Tag Images for Your Registry
Tag the pulled images with your private registry URL:
# Set your registry URL
export YOUR_PRIVATE_REGISTRY="your-registry.example.com"
# Tag all images
docker tag images.crewai.com/library/replicated-sdk-image:1.12.1 \
$YOUR_PRIVATE_REGISTRY/crewai/replicated-sdk-image:1.12.1
docker tag images.crewai.com/proxy/crewai/crewai/crewai-enterprise-platform:0.12.1 \
$YOUR_PRIVATE_REGISTRY/crewai/crewai-enterprise-platform:0.12.1
docker tag images.crewai.com/proxy/crewai/crewai/crewai/buildkit:v0.25.1-rev6-e35d3a13 \
$YOUR_PRIVATE_REGISTRY/crewai/buildkit:v0.25.1-rev6-e35d3a13
docker tag images.crewai.com/proxy/dockerhub/crewai/crewai-enterprise-preinstalled-v2:latest \
$YOUR_PRIVATE_REGISTRY/crewai/crewai-enterprise-preinstalled-v2:latest
docker tag images.crewai.com/proxy/dockerhub/library/busybox:latest \
$YOUR_PRIVATE_REGISTRY/crewai/busybox:latest
docker tag images.crewai.com/proxy/dockerhub/library/redis:latest \
$YOUR_PRIVATE_REGISTRY/crewai/redis:latest
docker tag images.crewai.com/proxy/crewai/dockerhub/library/postgres:16 \
$YOUR_PRIVATE_REGISTRY/crewai/postgres:16
docker tag images.crewai.com/proxy/crewai/dockerhub/library/registry:2 \
$YOUR_PRIVATE_REGISTRY/crewai/registry:2
docker tag images.crewai.com/proxy/crewai/dockerhub/minio/minio:latest \
$YOUR_PRIVATE_REGISTRY/crewai/minio:latest
Step 4: Push Images to Your Registry
docker push $YOUR_PRIVATE_REGISTRY/crewai/replicated-sdk-image:1.12.1
docker push $YOUR_PRIVATE_REGISTRY/crewai/crewai-enterprise-platform:0.12.1
docker push $YOUR_PRIVATE_REGISTRY/crewai/buildkit:v0.25.1-rev6-e35d3a13
docker push $YOUR_PRIVATE_REGISTRY/crewai/crewai-enterprise-preinstalled-v2:latest
docker push $YOUR_PRIVATE_REGISTRY/crewai/busybox:latest
docker push $YOUR_PRIVATE_REGISTRY/crewai/redis:latest
docker push $YOUR_PRIVATE_REGISTRY/crewai/postgres:16
docker push $YOUR_PRIVATE_REGISTRY/crewai/registry:2
docker push $YOUR_PRIVATE_REGISTRY/crewai/minio:latest
values.yaml to point to your private registry:
Using a Generic Private Registry
global:
imageRegistry: "your-registry.example.com"
imageNamePrefixOverride: "crewai/"
image:
registries:
- host: "your-registry.example.com"
username: "your-username"
password: "your-password"
envVars:
CONTAINER_REGISTRY_HOSTNAME: "your-registry.example.com"
AWS ECR
global:
imageRegistry: "123456789012.dkr.ecr.us-west-2.amazonaws.com"
imageNamePrefixOverride: "crewai/"
image:
registries:
- host: "123456789012.dkr.ecr.us-west-2.amazonaws.com"
credHelper: "ecr-login"
envVars:
CONTAINER_REGISTRY_HOSTNAME: "123456789012.dkr.ecr.us-west-2.amazonaws.com"
Azure Container Registry
global:
imageRegistry: "myregistry.azurecr.io"
imageNamePrefixOverride: "crewai/"
image:
registries:
- host: "myregistry.azurecr.io"
username: "myregistry"
password: "<access-token>"
envVars:
CONTAINER_REGISTRY_HOSTNAME: "myregistry.azurecr.io"
Automation Script
For convenience, use this script to automate the pull/tag/push process:
#!/bin/bash
set -e
# Configuration
CREWAI_REGISTRY="images.crewai.com"
YOUR_REGISTRY="your-registry.example.com"
CREWAI_EMAIL="customer@company.com" # Your CrewAI customer email
CREWAI_TOKEN="${AUTH_TOKEN}" # Set this environment variable from customer portal
# Image list (update versions as needed)
declare -A IMAGES=(
["replicated-sdk"]="library/replicated-sdk-image:1.12.1"
["platform"]="proxy/crewai/crewai/crewai-enterprise-platform:0.12.1"
["buildkit"]="proxy/crewai/crewai/crewai/buildkit:v0.25.1-rev6-e35d3a13"
["base-image"]="proxy/crewai/crewai/crewai-enterprise-preinstalled-v2:latest"
["busybox"]="proxy/dockerhub/library/busybox:latest"
["redis"]="proxy/dockerhub/library/redis:latest"
["postgres"]="proxy/crewai/dockerhub/library/postgres:16"
["registry"]="proxy/crewai/dockerhub/library/registry:2"
["minio"]="proxy/crewai/dockerhub/minio/minio:latest"
)
# Target names in your registry
declare -A TARGET_NAMES=(
["replicated-sdk"]="crewai/replicated-sdk-image:1.12.1"
["platform"]="crewai/crewai-enterprise-platform:0.12.1"
["buildkit"]="crewai/buildkit:v0.25.1-rev6-e35d3a13"
["base-image"]="crewai/crewai-enterprise-preinstalled-v2:latest"
["busybox"]="crewai/busybox:latest"
["redis"]="crewai/redis:latest"
["postgres"]="crewai/postgres:16"
["registry"]="crewai/registry:2"
["minio"]="crewai/minio:latest"
)
echo "Authenticating to CrewAI registry..."
echo "$CREWAI_TOKEN" | docker login "$CREWAI_REGISTRY" -u "$CREWAI_EMAIL" --password-stdin
echo "Pulling, tagging, and pushing images..."
for key in "${!IMAGES[@]}"; do
source_image="${CREWAI_REGISTRY}/${IMAGES[$key]}"
target_image="${YOUR_REGISTRY}/${TARGET_NAMES[$key]}"
echo "Processing: $key"
echo " Pulling: $source_image"
docker pull "$source_image"
echo " Tagging: $target_image"
docker tag "$source_image" "$target_image"
echo " Pushing: $target_image"
docker push "$target_image"
echo " ✓ Completed: $key"
echo ""
done
echo "All images successfully mirrored to $YOUR_REGISTRY"
mirror-images.sh, make it executable, and run:
chmod +x mirror-images.sh
export AUTH_TOKEN="your-auth-token"
./mirror-images.sh
Verification
After configuring your Helm values and deploying, verify the pods are pulling from your private registry:
# Verify image sources
kubectl get pods -l app.kubernetes.io/name=crewai-platform -o jsonpath='{range .items[*]}{.spec.containers[*].image}{"\n"}{end}'
Troubleshooting
Image Pull Errors
If you see ImagePullBackOff errors:
- Verify registry credentials have been correctly set
- Ensure image names and tags match exactly
