Manage container images

You can use Skopeo to copy container images from public registries to your private registry within the Mission Control environment. Skopeo is a command-line utility that lets you interact with container images and registries. You can copy images between different registries, inspect remote images, and more.

You can also use the KOTS CLI with the kubectl plugin to push container images to a private registry from an airgap file.

Storing container images in private registries enhances security by ensuring that your images are scanned and vetted within your controlled environment. Storing images locally also reduces latency and network dependency, improving system performance and reliability.

Prerequisites

To copy container images, you need the following:

  • Skopeo installed.

  • Credentials for the private registry.

  • Access to Mission Control and permissions to manage container images.

Container image tags

Container image tags are available in the following repositories:

When you deploy a Mission Control cluster, a cqlsh-pod is automatically created. The cqlsh-pod container runs the cqlsh utility, allowing you to interact with your database cluster using CQL commands. You cannot retrieve the cqlsh-pod image on Docker Hub because the code backing it is not open source. For more information, see Use the CQL console to interact with the databases in your datacenter.

To view the container images and specific versions included with each Mission Control release, see the Release notes.

Override registry credentials for airgap installations

You can configure custom image registries and repositories when deploying Mission Control with Helm. To do this, you need to set the image.registry and image.repository values in your values.yaml file. You can also set the image.tag value to specify the version of the image you want to use.

For more information, see Manage container images.

Global configuration patterns

You can specify image coordinates across the various charts and sub-charts in several ways.

  1. Direct image fields: Using image.registry, image.repository, and image.tag

  2. Image configs: Using imageConfigs.registryOverride and specific repository overrides

  3. Registry prefixing: Some components use a combined registry/repository pattern

  4. Sub-chart-specific patterns: Each sub-chart may implement its own configuration pattern

Configure the main chart image

Specify the main chart image configuration using the image key in your values.yaml file.

# Main operator image configuration
image:
  registry: REGISTRY_ADDRESS:REGISTRY_PORT
  repository: datastax/mission-control
  pullPolicy: IfNotPresent
  tag: v1.4.0

# Global override for all images
imageConfigs:
  registryOverride: REGISTRY_ADDRESS:REGISTRY_PORT
  reaper:
    repository: thelastpickle/cassandra-reaper
  medusa:
    repository: k8ssandra/medusa

Replace the following:

  • REGISTRY_ADDRESS: The address of your registry

  • REGISTRY_PORT: The registry port

Configure client and job images

Specify the client and CRD patch job images using the client and crdPatchJob keys in your values.yaml file.

# Client image configuration
client:
   image:
     registry: REGISTRY_ADDRESS:REGISTRY_PORT
     repository: k8ssandra/k8ssandra-client
     tag: latest

# CRD patch job image configuration
crdPatchJob:
  image:
    registry: REGISTRY_ADDRESS:REGISTRY_PORT
    repository: bitnami/kubectl
    tag: 1.30.1

Replace the following:

  • REGISTRY_ADDRESS: The address of your registry

  • REGISTRY_PORT: The registry port

Configure the UI component image

Specify the UI component image using the ui key in your values.yaml file.

# UI component image configuration
ui:
  image:
    registry: REGISTRY_ADDRESS:REGISTRY_PORT
    repository: datastax/mission-control-ui
    tag: v1.4.0

Replace the following:

  • REGISTRY_ADDRESS: The address of your registry

  • REGISTRY_PORT: The registry port

Configure the Grafana sub-chart image

Specify the Grafana sub-chart image using the grafana key in your values.yaml file.

grafana:
  # Global registry for Grafana's internal images
  imageRegistry: REGISTRY_ADDRESS:REGISTRY_PORT

  # Main Grafana image configuration
  image:
    repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/grafana

  # Sidecar container image configuration
  sidecar:
    image:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/k8s-sidecar

  # Download dashboards image configuration
  downloadDashboardsImage:
    image:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/curl

  # Init container image configuration
  initChownData:
    image:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE

Replace the following:

  • REGISTRY_ADDRESS: The address of your registry

  • REGISTRY_PORT: The registry port

  • REGISTRY_NAMESPACE: The namespace within your registry

Configure the K8ssandra operator sub-chart image

Specify the K8ssandra operator sub-chart image using the k8ssandra-operator key in your values.yaml file.

k8ssandra-operator:
  # Main operator registry configuration
  image:
    registry: REGISTRY_ADDRESS:REGISTRY_PORT
  cass-operator:
    # Cassandra operator image configuration
    image:
      registry: REGISTRY_ADDRESS:REGISTRY_PORT
    # System images used by the operator
    imageConfig:
      systemLogger: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/system-logger:v1.22.1
      configBuilder: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/cass-config-builder:1.0-ubi8
      k8ssandraClient: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/k8ssandra-client:v0.5.0

Replace the following:

  • REGISTRY_ADDRESS: The address of your registry

  • REGISTRY_PORT: The registry port

  • REGISTRY_NAMESPACE: The namespace within your registry

Configure the Loki sub-chart image

Specify the Loki sub-chart image using the loki key in your values.yaml file.

loki:
  # Kubectl image used in Loki
  kubectlImage:
    registry: REGISTRY_ADDRESS:REGISTRY_PORT

  # Sidecar container image configuration
  sidecar:
    image:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/k8s-sidecar

  # Global registry for Loki's internal images
  global:
    image:
      registry: REGISTRY_ADDRESS:REGISTRY_PORT

  # MinIO images if using local storage
  minio:
    image:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/minio
    mcImage:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/mc

Replace the following:

  • REGISTRY_ADDRESS: The address of your registry

  • REGISTRY_PORT: The registry port

  • REGISTRY_NAMESPACE: The namespace within your registry

Configure the Mimir sub-chart image

You specify the Mimir sub-chart image using the mimir key in your values.yaml file.

mimir:
  # Main Mimir image configuration
  image:
    repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/mimir

  # Memcached image configuration
  memcached:
    image:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE

  # Memcached exporter image configuration
  memcachedExporter:
    image:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/memcached-exporter

  # NGINX image configuration
  nginx:
    image:
      registry: REGISTRY_ADDRESS:REGISTRY_PORT

  # Gateway NGINX image configuration
  gateway:
    nginx:
      image:
        registry: REGISTRY_ADDRESS:REGISTRY_PORT

  # Enterprise metrics image configuration
  enterprise:
    image:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/enterprise-metrics
    mcImage:
      repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/mc

Replace the following:

  • REGISTRY_ADDRESS: The address of your registry

  • REGISTRY_PORT: The registry port

  • REGISTRY_NAMESPACE: The namespace within your registry

Configure Vector component images

You specify the Vector component images using the agent and aggregator keys in your values.yaml file.

# Agent Vector image configuration
agent:
  image:
    repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/vector

# Aggregator Vector image configuration
aggregator:
  image:
    repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/vector

Replace the following:

  • REGISTRY_ADDRESS: The address of your registry

  • REGISTRY_PORT: The registry port

  • REGISTRY_NAMESPACE: The namespace within your registry

Configure additional components

Specify the additional components images using the replicated, kube-state-metrics, and dex keys in your values.yaml file.

# Replicated image configuration
replicated:
  enabled: false
  images:
    replicated-sdk: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/replicated-sdk:v1.0.0-beta.14

# Kube-state-metrics image configuration
kube-state-metrics:
  image:
    registry: REGISTRY_ADDRESS:REGISTRY_PORT

# Dex identity provider image configuration
dex:
  image:
    repository: REGISTRY_ADDRESS:REGISTRY_PORT/REGISTRY_NAMESPACE/mission-control-dex

Troubleshoot image registry overrides

If you encounter issues with image registry overrides, consider the following troubleshooting options:

  • After installation, list all container images used in your deployment:

    kubectl get deployments -n NAMESPACE -o jsonpath='{.items[].spec.template.spec.containers[].image}'

    Replace NAMESPACE with the namespace where Mission Control is installed.

  • Review the Helm chart templates to find all image references.

  • Check for init containers. Some components use init containers with their own image definitions.

  • Test your configuration to see all resources that would be created:

    helm install --dry-run --debug

Copy or push container images

Use Skopeo to copy images from public registries to your private registry, or use the KOTS CLI to push container images to your private registry from an airgap file.

  • Skopeo

  • KOTS CLI

Copy container images

To copy an image from a public registry to your private registry in Mission Control:

  1. Authenticate to your private registry:

    skopeo login PRIVATE_REGISTRY_HOST

    Replace PRIVATE_REGISTRY_HOST with the host name of the private registry.

  2. Copy the container to your private registry. The following example uses the DSE registry. Replace the registry path with your target container image registry and tag.

    skopeo copy docker://cr.dtsx.io/datastax/dse-server:6.9.0 docker://PRIVATE_REGISTRY_HOST/PRIVATE_REGISTRY_NAMESPACE/dse-server:6.9.0

    Replace the following:

    • PRIVATE_REGISTRY_HOST: The host name of the private registry

    • PRIVATE_REGISTRY_NAMESPACE: The namespace of the private registry

Verify images

Verify the copied image in your private registry:

skopeo inspect docker:/PRIVATE_REGISTRY/IMAGE_NAME:TAG

Replace the following:

  • PRIVATE_REGISTRY: The private registry

  • IMAGE_NAME: The image name to inspect

  • TAG: The tag of the image

To push container images to a private registry from an airgap file:

Some versions might be 6 GB or larger. Ensure you have enough disk space to download and extract the airgap bundle.

  1. Download the airgap bundle:

    curl -f https://replicated.app/embedded/mission-control/stable/VERSION_NUMBER -H "Authorization: LICENSE_ID" -o mission-control-stable.tgz

    Replace the following:

    • VERSION_NUMBER: Mission Control version number, for example v1.7.0. By default, use latest, or specify a version number, such as v1.7.0, if you need to install a specific version.

    • LICENSE_ID: License ID to authenticate the download. The ID is available in your Mission Control license file.

  2. Extract the installation assets:

    tar xvzf mission-control-stable.tgz mission-control.airgap

  3. Push images to your registry:

    kubectl kots admin-console push-images \
  ./mission-control.airgap \
  PRIVATE_REGISTRY_DOMAIN/REGISTRY_NAMESPACE \
  --registry-username REGISTRY_USERNAME \
  --registry-password REGISTRY_PASSWORD

    Replace the following:

    • MISSION_CONTROL_VERSION: The Mission Control airgap bundle version number

    • PRIVATE_REGISTRY_DOMAIN: The private registry domain

    • REGISTRY_NAMESPACE: The registry namespace

    • REGISTRY_USERNAME: The username for the registry

    • REGISTRY_PASSWORD: The password for the registry

Troubleshoot registry issues

To troubleshoot connection issues, ensure you have network access to both the source and destination registries. If you encounter authentication problems, verify your credentials and permissions for the private registry in Mission Control. For command-related errors, carefully review the error messages and see the Skopeo documentation for more information.

Common issues

Here are some common issues you may encounter when configuring image registry overrides:

  • Mixed registry patterns: Some sub-charts expect full image paths while others expect separate registry/repository values

  • Missing namespace: In air-gapped environments, ensure all images include the appropriate namespace within your registry

  • Version skew: Ensure the image tags match the expected versions for the release you’re deploying

  • Registry authentication: Ensure your Kubernetes cluster has the necessary pull secrets for your registry

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com