When deploying MicroShift in air gapped networks it is often necessary to use a custom container registry server because the access to the Internet is not allowed.
This document describes how to mirror MicroShift container images into an existing registry in an air gapped environment.
Mirroring container images to an air gapped site involves the following steps:
- Obtain the Container Image List to be mirrored
- Configure the Mirroring Prerequisites
- Download Images on a host with the Internet access
- Copy the downloaded image directory to an air gapped site
- Upload Images to a mirror registry in an air gapped site
The list of the container image references used by a specific version of MicroShift
is provided in the release-<arch>.json
files that are part of the
microshift-release-info
RPM package.
If the package is installed on a MicroShift host, the files can be accessed at the following location.
$ rpm -ql microshift-release-info
/usr/share/microshift/release/release-aarch64.json
/usr/share/microshift/release/release-x86_64.json
Alternatively, download and unpack the RPM package without installing it.
$ rpm2cpio microshift-release-info*.noarch.rpm | cpio -idmv
./usr/share/microshift/release/release-aarch64.json
./usr/share/microshift/release/release-x86_64.json
The list of container images can be extracted into the microshift-container-refs.txt
file using the following command.
RELEASE_FILE=/usr/share/microshift/release/release-$(uname -m).json
jq -r '.images | .[]' ${RELEASE_FILE} > ~/microshift-container-refs.txt
After the
microshift-container-refs.txt
file is created with the MicroShift container image list, other user-specific image references can be appended to the file before the mirroring procedure is run.
Follow the instructions in the Configuring credentials that allow images to be mirrored
document to create a ~/.pull-secret-mirror.json
file containing the user credentials
for accessing the mirror.
As an example, the following section should be added to the pull secret file for
the microshift-quay:8443
mirror registry using microshift:microshift
user name
and password.
"microshift-quay:8443": {
"auth": "bWljcm9zaGlmdDptaWNyb3NoaWZ0",
"email": "microshift-quay@example.com"
},
Install the
skopeo
tool used for copying the container images.
Run the ./scripts/mirror-images.sh
script with --reg-to-dir
option to initiate the image download procedure into a local directory on a
host with the Internet connection.
IMAGE_PULL_FILE=~/.pull-secret-mirror.json
IMAGE_LIST_FILE=~/microshift-container-images.txt
IMAGE_LOCAL_DIR=~/microshift-containers
mkdir -p "${IMAGE_LOCAL_DIR}"
./scripts/mirror-images.sh --reg-to-dir "${IMAGE_PULL_FILE}" "${IMAGE_LIST_FILE}" "${IMAGE_LOCAL_DIR}"
The contents of the local directory can now be transferred to an air gapped site and imported into the mirror registry.
Install the
skopeo
tool used for copying the container images.
Run the ./scripts/mirror-images.sh
script with --dir-to-reg
option
in the air gapped environment to initiate the image upload procedure from a local
directory to a mirror registry.
IMAGE_PULL_FILE=~/.pull-secret-mirror.json
IMAGE_LOCAL_DIR=~/microshift-containers
TARGET_REGISTRY=microshift-quay:8443
./scripts/mirror-images.sh --dir-to-reg "${IMAGE_PULL_FILE}" "${IMAGE_LOCAL_DIR}" "${TARGET_REGISTRY}"