kpack 0.17.0: Registry Migration to GitHub Container Registry
Table of Contents
Introduction
Container registry infrastructure is where “where images live” becomes “how teams deploy.” Once you’re distributing container images at scale, registry reliability, integration with development workflows, and long-term sustainability matter as much as the images themselves.
kpack 0.17.0, released on April 17, 2025, migrated kpack’s distribution registry to GitHub Container Registry (ghcr.io), providing improved reliability, better integration with GitHub workflows, and continued build enhancements. This migration addressed the shutdown of the previous registry while improving the overall distribution experience.
Why this matters in practice
- Registry reliability: GitHub Container Registry provides stable, long-term image hosting.
- GitHub integration: Better integration with GitHub workflows and CI/CD pipelines.
- Simplified access: Unified authentication with GitHub for easier access management.
- Future-proofing: Migration to a maintained, actively developed registry platform.
GitHub Container Registry Migration
kpack 0.17.0 migrated all kpack images to GitHub Container Registry (ghcr.io), replacing the previous distribution registry.
Why ghcr.io:
- Long-term stability: GitHub Container Registry is actively maintained and supported
- GitHub integration: Seamless integration with GitHub workflows and releases
- Unified authentication: Single authentication mechanism with GitHub
- Better reliability: Improved uptime and performance compared to previous registry
Migration details:
- Image location: All kpack images now available at
ghcr.io/buildpacks-community/kpack - Tag structure: Maintained tag structure for compatibility
- Backward compatibility: Previous registry URLs deprecated but may work temporarily
- Documentation: Updated documentation and examples with new registry URLs
New image locations:
# kpack controller
ghcr.io/buildpacks-community/kpack/controller:0.17.0
# kpack webhook
ghcr.io/buildpacks-community/kpack/webhook:0.17.0
# kpack build init
ghcr.io/buildpacks-community/kpack/build-init:0.17.0
Installation Updates
kpack 0.17.0 requires updating installation manifests to use the new registry.
Updated installation:
# Install kpack 0.17.0 from GitHub Container Registry
kubectl apply -f https://github.com/buildpacks-community/kpack/releases/download/v0.17.0/release-0.17.0.yaml
# Verify installation
kubectl get pods -n kpack
# Check image sources
kubectl get deployment -n kpack kpack-controller -o jsonpath='{.spec.template.spec.containers[0].image}'
Registry authentication:
If your cluster requires authentication to pull images from ghcr.io:
apiVersion: v1
kind: Secret
metadata:
name: ghcr-credentials
namespace: kpack
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: <base64-encoded-docker-config>
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kpack-controller
namespace: kpack
imagePullSecrets:
- name: ghcr-credentials
GitHub token for ghcr.io:
# Create GitHub personal access token with read:packages permission
# Then create docker config
echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin
# Export as Kubernetes secret
kubectl create secret docker-registry ghcr-credentials \
--docker-server=ghcr.io \
--docker-username=USERNAME \
--docker-password=$GITHUB_TOKEN \
--docker-email=[email protected] \
-n kpack
GitHub Workflow Integration
kpack 0.17.0’s migration to ghcr.io enables better integration with GitHub workflows.
GitHub Actions integration:
# .github/workflows/build.yml
name: Build with kpack
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up kpack
run: |
kubectl apply -f https://github.com/buildpacks-community/kpack/releases/download/v0.17.0/release-0.17.0.yaml
- name: Create kpack Image
run: |
kubectl apply -f kpack-image.yaml
- name: Wait for build
run: |
kubectl wait --for=condition=Ready image/my-app --timeout=10m
Pushing to ghcr.io:
# .github/workflows/push.yml
name: Push to ghcr.io
on:
workflow_run:
workflows: ["Build with kpack"]
types: [completed]
jobs:
push:
runs-on: ubuntu-latest
steps:
- name: Login to ghcr.io
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Tag and push
run: |
docker tag my-app:latest ghcr.io/${{ github.repository }}/my-app:latest
docker push ghcr.io/${{ github.repository }}/my-app:latest
Build Enhancements
kpack 0.17.0 included continued build enhancements alongside the registry migration.
Build improvements:
- Performance: Further performance optimizations for build execution
- Reliability: Enhanced reliability for complex build scenarios
- Error handling: Improved error handling and reporting
- Resource management: Better resource management during builds
Enhanced build configuration:
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: my-app
spec:
tag: ghcr.io/my-org/my-app
serviceAccount: builder
builder:
name: my-builder
kind: Builder
source:
git:
url: https://github.com/my-org/my-app
revision: main
build:
env:
- name: BP_JAVA_VERSION
value: "21"
- name: BP_MAVEN_BUILD_ARGUMENTS
value: "-DskipTests"
cache:
registry:
tag: ghcr.io/my-org/my-app-cache
Build monitoring:
# Monitor builds with new registry
kubectl get builds -l kpack.io/image=my-app -w
# Check build logs
kubectl logs -f <build-pod-name>
# Verify image in ghcr.io
docker pull ghcr.io/my-org/my-app:latest
Migration Guide
Pre-migration Checklist
- Review changes: Review kpack 0.17.0 release notes and migration guide
- Registry access: Ensure cluster can access ghcr.io
- Authentication: Set up GitHub authentication if needed
- Backup: Backup existing kpack configurations
Migration Steps
- Update manifests: Update kpack installation manifests to use ghcr.io
- Configure authentication: Set up ghcr.io authentication if required
- Install kpack 0.17.0: Install new version from GitHub Container Registry
- Verify installation: Verify kpack components are running correctly
- Test builds: Run test builds to verify functionality
Post-migration
- Update documentation: Update internal documentation with new registry URLs
- Update CI/CD: Update CI/CD pipelines to use ghcr.io
- Monitor: Monitor builds for any registry-related issues
- Cleanup: Remove old registry configurations if applicable
Registry Best Practices
Public vs Private Images
Public images:
# Public images don't require authentication
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: my-app
spec:
tag: ghcr.io/my-org/my-app:latest
# No authentication needed for public images
Private images:
# Private images require authentication
apiVersion: v1
kind: Secret
metadata:
name: ghcr-secret
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: <base64-encoded-config>
---
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: my-app
spec:
tag: ghcr.io/my-org/my-app:latest
serviceAccount: builder
# Service account with imagePullSecrets for private images
Image Tagging Strategy
# Use semantic versioning
tag: ghcr.io/my-org/my-app:v1.2.3
# Use commit SHA for reproducibility
tag: ghcr.io/my-org/my-app:sha-abc123
# Use latest for development
tag: ghcr.io/my-org/my-app:latest
Getting Started
Install kpack 0.17.0
# Install from GitHub Container Registry
kubectl apply -f https://github.com/buildpacks-community/kpack/releases/download/v0.17.0/release-0.17.0.yaml
# Verify installation
kubectl get pods -n kpack
# Check image registry
kubectl get deployment -n kpack kpack-controller \
-o jsonpath='{.spec.template.spec.containers[0].image}'
Configure ghcr.io Access
# For public images, no configuration needed
# For private images, create authentication secret
kubectl create secret docker-registry ghcr-credentials \
--docker-server=ghcr.io \
--docker-username=YOUR_GITHUB_USERNAME \
--docker-password=YOUR_GITHUB_TOKEN \
--docker-email=[email protected] \
-n kpack
Create Your First Image
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: my-app
spec:
tag: ghcr.io/my-org/my-app:latest
serviceAccount: builder
builder:
name: my-builder
kind: Builder
source:
git:
url: https://github.com/my-org/my-app
revision: main
Troubleshooting
Registry Access Issues
# Test registry access
docker pull ghcr.io/buildpacks-community/kpack/controller:0.17.0
# Check authentication
kubectl get secret ghcr-credentials -n kpack -o yaml
# Verify service account
kubectl get serviceaccount builder -o yaml
Build Failures
# Check build pod status
kubectl get pods -l kpack.io/image=my-app
# View build logs
kubectl logs -f <build-pod-name>
# Check image pull errors
kubectl describe pod <build-pod-name> | grep -i "pull\|image\|registry"
Summary
| Aspect | Details |
|---|---|
| Release Date | April 17, 2025 |
| Headline Features | GitHub Container Registry migration, GitHub workflow integration, build enhancements |
| Why it Matters | Provides stable, long-term image distribution with better GitHub integration and improved reliability |
kpack 0.17.0’s migration to GitHub Container Registry represented a strategic infrastructure decision that improved long-term reliability and GitHub ecosystem integration. The migration to ghcr.io addressed the shutdown of the previous registry while providing a more sustainable distribution platform.
The GitHub workflow integration and continued build enhancements in kpack 0.17.0 demonstrated the project’s commitment to modern development workflows and long-term sustainability. For teams using GitHub for development, this release provided seamless integration between kpack builds and GitHub workflows.
For organizations building containers in Kubernetes, kpack 0.17.0 provided reliable image distribution through GitHub Container Registry with better integration into GitHub-based development workflows. The migration ensured that kpack images would continue to be available through a maintained, actively developed registry platform.
The combination of registry migration, GitHub integration, and build enhancements made kpack 0.17.0 a forward-looking release that positioned kpack for continued growth and adoption in the cloud-native ecosystem.