Simulating a customer's internal registry for airgap installs

I had to wrestle with this configuration and wanted to share. This lets you run a local registry on an Ubuntu 20.04 VM. After you do this procedure, you can disable outbound networking and simulate a totally offline environment for a kots airgap install.

Install docker registry:

$ sudo apt update
$ sudo apt install docker-registry

We will configure for no security and no TLS. Replace /etc/docker/registry/config.yml with this

version: 0.1
    service: registry
    blobdescriptor: inmemory
    rootdirectory: /var/lib/docker-registry
  addr: :5000
    X-Content-Type-Options: [nosniff]
    enabled: true
    interval: 10s
    threshold: 3

Next, note your hostname, in my case it’s mitch-deploy-test2.

Edit /etc/containerd/config.toml, commenting out the whole registry paragraph that’s already there and put our own, substituting your hostname like this.

          endpoint = ["http://mitch-deploy-test2:5000"]
          insecure_skip_verify = true

    # [plugins."io.containerd.grpc.v1.cri".registry]
    #   config_path = ""
    #   [plugins."io.containerd.grpc.v1.cri".registry.auths]
    #   [plugins."io.containerd.grpc.v1.cri".registry.configs]
    #   [plugins."io.containerd.grpc.v1.cri".registry.headers]
    #   [plugins."io.containerd.grpc.v1.cri".registry.mirrors]

Finally restart the registry and containerd.

$ sudo systemctl restart docker-registry
$ sudo systemctl restart containerd

Now we can tell Kots to push airgap images. We provide ANY user/pass to docker login or to kots. Make sure to give the hostname here and NOT localhost, eg:

$ kubectl kots admin-console push-images kotsadm.tar.gz mitch-deploy-test2:5000 \
    --registry-username xxx --registry-password yyy

$ kubectl kots install your_thing/dev --kotsadm-registry mitch-deploy-test2:5000 \
    --registry-username xxx --registry-password yyy \
    ... etc ...


1 Like

Thank you for sharing, this is great! I will need to bookmark this :slight_smile: