Manage container images
You can use Skopeo to copy container images from public registries to your private registry within the Mission Control environment. Skopeo is a command-line utility that lets you interact with container images and registries. You can copy images between different registries, inspect remote images, and more.
You can also use the KOTS CLI with the kubectl plugin to push container images to a private registry from an airgap file.
Storing container images in private registries enhances security by ensuring that your images are scanned and vetted within your controlled environment. Storing images locally also reduces latency and network dependency, improving system performance and reliability.
Prerequisites
To copy container images, you need the following:
-
Skopeo installed.
-
Credentials for the private registry.
-
Access to Mission Control and permissions to manage container images.
Container image tags
Container image tags are available in the following repositories:
-
Hyper-Converged Database (HCD): Private repository
When you deploy a Mission Control cluster, a |
To view the container images and specific versions included with each Mission Control release, see the Release notes.
Override registry credentials for airgap installations
You can configure custom image registries and repositories when deploying Mission Control with Helm.
To do this, you need to set the image.registry
and image.repository
values in your values.yaml
file.
You can also set the image.tag
value to specify the version of the image you want to use.
For more information, see Manage container images.
Global configuration patterns
You can specify image coordinates across the various charts and sub-charts in several ways.
-
Direct image fields: Using
image.registry
,image.repository
, andimage.tag
-
Image configs: Using
imageConfigs.registryOverride
and specific repository overrides -
Registry prefixing: Some components use a combined
registry/repository
pattern -
Sub-chart-specific patterns: Each sub-chart may implement its own configuration pattern
Configure the main chart image
Specify the main chart image configuration using the image
key in your values.yaml
file.
# Main operator image configuration
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
repository: datastax/mission-control
pullPolicy: IfNotPresent
tag: v1.4.0
# Global override for all images
imageConfigs:
registryOverride: REGISTRY_ADDRESS:REGISTRY_PORT
reaper:
repository: thelastpickle/cassandra-reaper
medusa:
repository: k8ssandra/medusa
Replace the following:
-
REGISTRY_ADDRESS
: The address of your registry -
REGISTRY_PORT
: The registry port
Configure client and job images
Specify the client and CRD patch job images using the client
and crdPatchJob
keys in your values.yaml
file.
# Client image configuration
client:
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
repository: k8ssandra/k8ssandra-client
tag: latest
# CRD patch job image configuration
crdPatchJob:
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
repository: bitnami/kubectl
tag: 1.30.1
Replace the following:
-
REGISTRY_ADDRESS
: The address of your registry -
REGISTRY_PORT
: The registry port
Configure the UI component image
Specify the UI component image using the ui
key in your values.yaml
file.
# UI component image configuration
ui:
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
repository: datastax/mission-control-ui
tag: v1.4.0
Replace the following:
-
REGISTRY_ADDRESS
: The address of your registry -
REGISTRY_PORT
: The registry port
Configure the Grafana sub-chart image
Specify the Grafana sub-chart image using the grafana
key in your values.yaml
file.
grafana:
# Global registry for Grafana's internal images
imageRegistry: REGISTRY_ADDRESS:REGISTRY_PORT
# Main Grafana image configuration
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/grafana
# Sidecar container image configuration
sidecar:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/k8s-sidecar
# Download dashboards image configuration
downloadDashboardsImage:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/curl
# Init container image configuration
initChownData:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE
Replace the following:
-
REGISTRY_ADDRESS
: The address of your registry -
REGISTRY_PORT
: The registry port -
REGISTRY_NAMESPACE
: The namespace within your registry
Configure the K8ssandra operator sub-chart image
Specify the K8ssandra operator sub-chart image using the k8ssandra-operator
key in your values.yaml
file.
k8ssandra-operator:
# Main operator registry configuration
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
cass-operator:
# Cassandra operator image configuration
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
# System images used by the operator
imageConfig:
systemLogger: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/system-logger:v1.22.1
configBuilder: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/cass-config-builder:1.0-ubi8
k8ssandraClient: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/k8ssandra-client:v0.5.0
Replace the following:
-
REGISTRY_ADDRESS
: The address of your registry -
REGISTRY_PORT
: The registry port -
REGISTRY_NAMESPACE
: The namespace within your registry
Configure the Loki sub-chart image
Specify the Loki sub-chart image using the loki
key in your values.yaml
file.
loki:
# Kubectl image used in Loki
kubectlImage:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
# Sidecar container image configuration
sidecar:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/k8s-sidecar
# Global registry for Loki's internal images
global:
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
# MinIO images if using local storage
minio:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/minio
mcImage:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/mc
Replace the following:
-
REGISTRY_ADDRESS
: The address of your registry -
REGISTRY_PORT
: The registry port -
REGISTRY_NAMESPACE
: The namespace within your registry
Configure the Mimir sub-chart image
You specify the Mimir sub-chart image using the mimir
key in your values.yaml
file.
mimir:
# Main Mimir image configuration
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/mimir
# Memcached image configuration
memcached:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE
# Memcached exporter image configuration
memcachedExporter:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/memcached-exporter
# NGINX image configuration
nginx:
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
# Gateway NGINX image configuration
gateway:
nginx:
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
# Enterprise metrics image configuration
enterprise:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/enterprise-metrics
mcImage:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/mc
Replace the following:
-
REGISTRY_ADDRESS
: The address of your registry -
REGISTRY_PORT
: The registry port -
REGISTRY_NAMESPACE
: The namespace within your registry
Configure Vector component images
You specify the Vector component images using the agent
and aggregator
keys in your values.yaml
file.
# Agent Vector image configuration
agent:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/vector
# Aggregator Vector image configuration
aggregator:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/vector
Replace the following:
-
REGISTRY_ADDRESS
: The address of your registry -
REGISTRY_PORT
: The registry port -
REGISTRY_NAMESPACE
: The namespace within your registry
Configure additional components
Specify the additional components images using the replicated
, kube-state-metrics
, and dex
keys in your values.yaml
file.
# Replicated image configuration
replicated:
enabled: false
images:
replicated-sdk: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/replicated-sdk:v1.0.0-beta.14
# Kube-state-metrics image configuration
kube-state-metrics:
image:
registry: REGISTRY_ADDRESS:REGISTRY_PORT
# Dex identity provider image configuration
dex:
image:
repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/mission-control-dex
Troubleshoot image registry overrides
If you encounter issues with image registry overrides, consider the following troubleshooting options:
-
After installation, list all container images used in your deployment:
kubectl get deployments -n NAMESPACE -o jsonpath='{.items[].spec.template.spec.containers[].image}'
Replace
NAMESPACE
with the namespace where Mission Control is installed. -
Review the Helm chart templates to find all image references.
-
Check for
init
containers. Some components useinit
containers with their own image definitions. -
Test your configuration to see all resources that would be created:
helm install --dry-run --debug
Copy or push container images
Use Skopeo to copy images from public registries to your private registry, or use the KOTS CLI to push container images to your private registry from an airgap file.
-
Skopeo
-
KOTS CLI
Copy container images
To copy an image from a public registry to your private registry in Mission Control:
-
Authenticate to your private registry:
skopeo login PRIVATE_REGISTRY_HOST
Replace
PRIVATE_REGISTRY_HOST
with the host name of the private registry. -
Copy the container to your private registry. The following example uses the DSE registry. Replace the registry path with your target container image registry and tag.
skopeo copy docker://cr.dtsx.io/datastax/dse-server:6.9.0 docker://PRIVATE_REGISTRY_HOST/PRIVATE_REGISTRY_NAMESPACE/dse-server:6.9.0
Replace the following:
-
PRIVATE_REGISTRY_HOST: The host name of the private registry
-
PRIVATE_REGISTRY_NAMESPACE: The namespace of the private registry
-
Verify images
Verify the copied image in your private registry:
skopeo inspect docker:/PRIVATE_REGISTRY/IMAGE_NAME:TAG
Replace the following:
-
PRIVATE_REGISTRY: The private registry
-
IMAGE_NAME: The image name to inspect
-
TAG: The tag of the image
To push container images to a private registry from an airgap file:
Some versions might be 6 GB or larger. Ensure you have enough disk space to download and extract the airgap bundle. |
-
Download the airgap bundle:
curl -f https://replicated.app/embedded/mission-control/stable/VERSION_NUMBER -H "Authorization: LICENSE_ID" -o mission-control-stable.tgz
Replace the following:
-
VERSION_NUMBER
: Mission Control version number, for examplev1.7.0
. By default, uselatest
, or specify a version number, such asv1.7.0
, if you need to install a specific version. -
LICENSE_ID
: License ID to authenticate the download. The ID is available in your Mission Control license file.
-
-
Extract the installation assets:
tar xvzf mission-control-stable.tgz mission-control.airgap
-
Push images to your registry:
kubectl kots admin-console push-images \ ./mission-control.airgap \ PRIVATE_REGISTRY_DOMAIN/REGISTRY_NAMESPACE \ --registry-username REGISTRY_USERNAME \ --registry-password REGISTRY_PASSWORD
Replace the following:
-
MISSION_CONTROL_VERSION: The Mission Control airgap bundle version number
-
PRIVATE_REGISTRY_DOMAIN: The private registry domain
-
REGISTRY_NAMESPACE: The registry namespace
-
REGISTRY_USERNAME: The username for the registry
-
REGISTRY_PASSWORD: The password for the registry
-
Troubleshoot registry issues
To troubleshoot connection issues, ensure you have network access to both the source and destination registries. If you encounter authentication problems, verify your credentials and permissions for the private registry in Mission Control. For command-related errors, carefully review the error messages and see the Skopeo documentation for more information.
Common issues
Here are some common issues you may encounter when configuring image registry overrides:
-
Mixed registry patterns: Some sub-charts expect full image paths while others expect separate registry/repository values
-
Missing namespace: In air-gapped environments, ensure all images include the appropriate namespace within your registry
-
Version skew: Ensure the image tags match the expected versions for the release you’re deploying
-
Registry authentication: Ensure your Kubernetes cluster has the necessary pull secrets for your registry