Manage container images
You can use Skopeo to copy container images from public registries to your private registry within the Mission Control environment. Skopeo is a command-line utility that allows you to interact with container images and registries. You can copy images between different registries, inspect remote images, and more.
You can also use the KOTS CLI with the kubectl plugin to push container images to a private registry from an airgap file.
Storing container images in private registries enhances security by ensuring that your images are scanned and vetted within your controlled environment. Storing images locally also reduces latency and dependency on external networks, improving performance and reliability.
Prerequisites
To copy container images, you need the following:
-
Skopeo installed.
-
Credentials to access the private registry.
-
Access to Mission Control and permissions to manage container images.
Container image tags
Container image tags are available in the following repos:
To view the container images and specifc versions included with each Mission Control release, see the Release notes.
Copy or push container images
Use Skopeo to copy images from public registries to your private registry, or use the KOTS CLI to push container images to your private registry from an airgap file.
-
Skopeo
-
KOTS CLI
Copy container images
To copy an image from a public registry to your private registry in Mission Control, do the following:
-
Authenticate to your private registry:
skopeo login PRIVATE_REGISTRY_HOST
Replace
PRIVATE_REGISTRY_HOST
with the host name of the private registry. -
Copy the container to your private registry. The following example uses the DSE registry. Replace the registry path with your target container image registry and tag.
skopeo copy docker://cr.dtsx.io/datastax/dse-server:6.9.0 docker://PRIVATE_REGISTRY_HOST/PRIVATE_REGISTRY_NAMESPACE/dse-server:6.9.0
Replace the following:
-
PRIVATE_REGISTRY_HOST: The host name of the private registry
-
PRIVATE_REGISTRY_NAMESPACE: The namespace of the private registry
-
Verify images
To verify that the image copied successfully to your private registry, you can inspect it:
skopeo inspect docker:/PRIVATE_REGISTRY/IMAGE_NAME:TAG
Replace the following:
-
PRIVATE_REGISTRY: The private registry
-
IMAGE_NAME: The image name to inspect
-
TAG: The tag of the image
To push container images to a private registry from an airgap file, do the following:
Some versions might be 6 GB or larger. Ensure you have enough disk space to download and extract the airgap bundle. |
-
Download the airgap bundle:
curl -f https://replicated.app/embedded/mission-control/stable/VERSION_NUMBER -H "Authorization: LICENSE_ID" -o mission-control-stable.tgz
Replace the following:
-
VERSION_NUMBER
: Mission Control version number, for examplev1.7.0
. By default, uselatest
, or specify a version number, such asv1.7.0
, if you need to install a specific version. -
LICENSE_ID
: License ID to authenticate the download. The ID is available in your Mission Control license file.
-
-
Extract the installation assets:
tar xvzf mission-control-stable.tgz mission-control.airgap
-
Push images to your registry:
kubectl kots admin-console push-images \ ./mission-control.airgap \ PRIVATE_REGISTRY_DOMAIN/REGISTRY_NAMESPACE \ --registry-username REGISTRY_USERNAME \ --registry-password REGISTRY_PASSWORD
Replace the following:
-
MISSION_CONTROL_VERSION: The Mission Control airgap bundle version number
-
PRIVATE_REGISTRY_DOMAIN: The private registry domain
-
REGISTRY_NAMESPACE: The registry namespace
-
REGISTRY_USERNAME: The username for the registry
-
REGISTRY_PASSWORD: The password for the registry
-
Troubleshoot registry issues
To troubleshoot connection issues, ensure you have network access to both the source and destination registries. If you encounter authentication problems, verify your credentials and permissions for the private registry in Mission Control. For command-related errors, carefully review the error messages and see the Skopeo documentation for more information.