Manage container images

You can use Skopeo to copy container images from public registries to your private registry within the Mission Control environment. Skopeo is a command-line utility that allows you to interact with container images and registries. You can copy images between different registries, inspect remote images, and more.

You can also use the KOTS CLI with the kubectl plugin to push container images to a private registry from an airgap file.

Storing container images in private registries enhances security by ensuring that your images are scanned and vetted within your controlled environment. Storing images locally also reduces latency and dependency on external networks, improving performance and reliability.

Prerequisites

To copy container images, you need the following:

  • Skopeo installed.

  • Credentials to access the private registry.

  • Access to Mission Control and permissions to manage container images.

Container image tags

Container image tags are available in the following repos:

To view the container images and specific versions included with each Mission Control release, see the Release notes.

When you deploy a Mission Control cluster, a cqlsh-pod is automatically created. The cqlsh-pod container runs the cqlsh utility, allowing you to interact with your database cluster using CQL commands. You cannot access the cqlsh-pod image on Docker Hub because the code backing it is not open source. For more information, see Use the CQL console to interact with the databases in your datacenter.

Copy or push container images

Use Skopeo to copy images from public registries to your private registry, or use the KOTS CLI to push container images to your private registry from an airgap file.

  • Skopeo

  • KOTS CLI

Copy container images

To copy an image from a public registry to your private registry in Mission Control, do the following:

  1. Authenticate to your private registry:

    skopeo login PRIVATE_REGISTRY_HOST

    Replace PRIVATE_REGISTRY_HOST with the host name of the private registry.

  2. Copy the container to your private registry. The following example uses the DSE registry. Replace the registry path with your target container image registry and tag.

    skopeo copy docker://cr.dtsx.io/datastax/dse-server:6.9.0 docker://PRIVATE_REGISTRY_HOST/PRIVATE_REGISTRY_NAMESPACE/dse-server:6.9.0

    Replace the following:

    • PRIVATE_REGISTRY_HOST: The host name of the private registry

    • PRIVATE_REGISTRY_NAMESPACE: The namespace of the private registry

Verify images

To verify that the image copied successfully to your private registry, you can inspect it:

skopeo inspect docker:/PRIVATE_REGISTRY/IMAGE_NAME:TAG

Replace the following:

  • PRIVATE_REGISTRY: The private registry

  • IMAGE_NAME: The image name to inspect

  • TAG: The tag of the image

To push container images to a private registry from an airgap file, do the following:

Some versions might be 6 GB or larger. Ensure you have enough disk space to download and extract the airgap bundle.

  1. Download the airgap bundle:

    curl -f https://replicated.app/embedded/mission-control/stable/VERSION_NUMBER -H "Authorization: LICENSE_ID" -o mission-control-stable.tgz

    Replace the following:

    • VERSION_NUMBER: Mission Control version number, for example v1.7.0. By default, use latest, or specify a version number, such as v1.7.0, if you need to install a specific version.

    • LICENSE_ID: License ID to authenticate the download. The ID is available in your Mission Control license file.

  2. Extract the installation assets:

    tar xvzf mission-control-stable.tgz mission-control.airgap

  3. Push images to your registry:

    kubectl kots admin-console push-images \
  ./mission-control.airgap \
  PRIVATE_REGISTRY_DOMAIN/REGISTRY_NAMESPACE \
  --registry-username REGISTRY_USERNAME \
  --registry-password REGISTRY_PASSWORD

    Replace the following:

    • MISSION_CONTROL_VERSION: The Mission Control airgap bundle version number

    • PRIVATE_REGISTRY_DOMAIN: The private registry domain

    • REGISTRY_NAMESPACE: The registry namespace

    • REGISTRY_USERNAME: The username for the registry

    • REGISTRY_PASSWORD: The password for the registry

Troubleshoot registry issues

To troubleshoot connection issues, ensure you have network access to both the source and destination registries. If you encounter authentication problems, verify your credentials and permissions for the private registry in Mission Control. For command-related errors, carefully review the error messages and see the Skopeo documentation for more information.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com