How can I separate the "push images" and "deploy" steps of installing an application using Replicated?

I need to push all images into a registry before deploying an application in airgap mode because my organization requires that all images be scanned first. I noticed that kots install performs both functions. How can I perform these steps separately?

1 Like

kots admin-console push-images command can be used to push images from both kotadm and application airgap bundles. And the kots install command has the --disable-image-push flag.

Prerequisites:

  • registry address
  • registry username
  • registry password
  • KOTS Admin Console airgap bundle file
  • Application airgap bundle file

Procedure:

  • First, upload all the images into the registry with the kots admin-console push-images command
kubectl kots admin-console push-images ./kotsadm.tar.gz <registry-address> --registry-username <username> --registry-password <password>
kubectl kots admin-console push-images ./application.airgap <registry-address> --registry-username <username> --registry-password <password>
  • then perform any necessary steps on the registry to scan/validate images
  • finally, perform an installation using KOTS and use the --disable-image-push flag since our images are already present in the registry
kubectl kots install <application> \
  --namespace <application> \
  --shared-password <admin-console-password> \
  --license-file ./license.yaml \
  --config-values ./configvalues.yaml \
  --airgap-bundle ./application.airgap \
  --kotsadm-registry <registry-address> \
  --kotsadm-namespace <application> \
  --registry-username <registry-username> \
  --registry-password <registry-password> \
  --disable-image-push \
  --no-port-forward