Using Private Container Registries
If your organization has a requirement to use a private container registry or to perform vulnerability scanning on all images running in your cluster, Conductor allows you to use your own container images. Please note that changing the image source is not supported today.
This article details step-by-step instructions to update the container images for Conductor to point to ones stored in your own private container registry.
Create cluster connection and download manifest
Create a Conductor cluster connection with your desired configuration options and download the agent manifests. See: Installation Guide
Find image references in manifest
Open the YAML manifest file that was downloaded to your machine and search for the image keys. The Conductor installation depends on container images that should be populated with a container image and version tag. Copy these values before moving on to the next step.
Make sure to use the latest version from the console in order to update your agent correctly. For example, you might find image references like the following in your manifest:
image: public.ecr.aws/diagrid/conductor-agent:<version>
image: public.ecr.aws/diagrid/conductor-otel-collector:<version>
Note: The exact image paths and version tags will be in your downloaded manifest. Always use the version from your Conductor Console or downloaded manifest.
Download images to your local machine
Using the copied container images and tags from your manifest, download the images to your local machine:
docker pull public.ecr.aws/diagrid/conductor-agent:<version>
docker pull public.ecr.aws/diagrid/conductor-otel-collector:<version>
Note: Replace <version> with the actual version tag from your manifest.
Tag images with your private registry
Tag the container images with the private registry that you wish to use for your Conductor deployment:
export CONTAINER_REGISTRY="<YOUR-CONTAINER-REGISTRY>"
docker tag public.ecr.aws/diagrid/conductor-agent:<version> $CONTAINER_REGISTRY/conductor-agent:<version>
docker tag public.ecr.aws/diagrid/conductor-otel-collector:<version> $CONTAINER_REGISTRY/conductor-otel-collector:<version>
Note: Replace <version> with the actual version tag from your manifest, and <YOUR-CONTAINER-REGISTRY> with your private registry URL.
Push images to your private registry
Push the container images to your private registry for scanning and analysis:
docker push $CONTAINER_REGISTRY/conductor-agent:<version>
docker push $CONTAINER_REGISTRY/conductor-otel-collector:<version>
Edit manifest and deploy
Edit the Conductor YAML manifests to point to your private container images and deploy the updated manifests to your cluster. Ensure you have updated all image references in the manifest, including:
diagrid-agentDeploymentdiagrid-agent-logs-collectorDaemonSet (if present)diagrid-agent-otelStatefulSet (if present)
kubectl apply -f <manifests-file>.yaml
Release Management
By opting in to using private container images it becomes your responsibility to manage and update both Dapr and Conductor releases on your clusters.
Dapr Releases
Dapr releases new minor versions quarterly and patch versions for critical issues whenever necessary, giving users approximately a 12-week rolling window for staying within a supported minor version. More details here.
Conductor Releases
Conductor releases are typically done on a weekly basis and are available on-demand. Check the release notes for more details.
Related Documentation
- Configuration Guide - Custom image registry configuration
- Prerequisites - Network and registry requirements
- Installation Guide - Installation methods