Simulating a customer's internal registry for airgap installs

Mitch · July 28, 2022, 7:51pm

I had to wrestle with this configuration and wanted to share. This lets you run a local registry on an Ubuntu 20.04 VM. After you do this procedure, you can disable outbound networking and simulate a totally offline environment for a kots airgap install.

Install docker registry:

$ sudo apt update
$ sudo apt install docker-registry

We will configure for no security and no TLS. Replace /etc/docker/registry/config.yml with this


version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/docker-registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

Next, note your hostname, in my case it’s mitch-deploy-test2.

Edit /etc/containerd/config.toml, commenting out the whole registry paragraph that’s already there and put our own, substituting your hostname like this.

    [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."mitch-deploy-test2:5000"]
          endpoint = ["http://mitch-deploy-test2:5000"]
      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."mitch-deploy-test2:5000".tls]
          insecure_skip_verify = true

    # [plugins."io.containerd.grpc.v1.cri".registry]
    #   config_path = ""
    #   [plugins."io.containerd.grpc.v1.cri".registry.auths]
    #   [plugins."io.containerd.grpc.v1.cri".registry.configs]
    #   [plugins."io.containerd.grpc.v1.cri".registry.headers]
    #   [plugins."io.containerd.grpc.v1.cri".registry.mirrors]

Finally restart the registry and containerd.

$ sudo systemctl restart docker-registry
$ sudo systemctl restart containerd

Now we can tell Kots to push airgap images. We provide ANY user/pass to docker login or to kots. Make sure to give the hostname here and NOT localhost, eg:

$ kubectl kots admin-console push-images kotsadm.tar.gz mitch-deploy-test2:5000 \
    --registry-username xxx --registry-password yyy

$ kubectl kots install your_thing/dev --kotsadm-registry mitch-deploy-test2:5000 \
    --registry-username xxx --registry-password yyy \
    ... etc ...

Fernando_Cremer · August 3, 2022, 3:48pm

Thank you for sharing, this is great! I will need to bookmark this

Topic		Replies	Views
How can I separate the "push images" and "deploy" steps of installing an application using Replicated? Supporting your customers kots	3	435	July 5, 2022
How can I change application and Admin Console registry in airgap installs? kots , airgap	1	277	November 28, 2022
Is Sonatype Nexus Repository 3 supported as a private docker registry? Supporting your customers kots , registry	2	378	April 6, 2023
Using Third Party Registries Packaging an application	2	2790	March 11, 2019
Generate an external support bundle in an airgapped environment Supporting your customers	0	862	June 21, 2019

Simulating a customer's internal registry for airgap installs

Related topics