Skip to main content
Skip table of contents

AWS Elastic Container Registry (ECR)

Load Images into your Registry

Because air-gapped environments do not have direct access to the Internet, you must download, extract and load several required images to your local container registry, before installing DKP.

This page is to explain ECR specifics, but assumes you have already downloaded and extracted the bundle from the Prerequisites. The sections below explain further how you are pushing the images to your AWS ECR registry and then using them in creating a cluster.

AWS ECR

AWS ECR (Elastic Container Registry) is supported as your air-gapped image registry or a non-air-gapped registry mirror. DKP added support for using AWS ECR as a default registry when uploading image bundles in AWS.

Prerequisites

Upload the Air-gapped Image Bundle to the Local ECR Registry:

A cluster administrator uses DKP CLI commands to upload the image bundle to ECR with parameters:

CODE 
dkp push bundle --bundle <bundle> --to-registry=<ecr-registry-address>/<ecr-registry-name>

Parameter definitions:

  • --bundle <bundle> the group of images. The example below is for the DKP air-gapped environment bundle

  • --to-registry=<ecr-registry-address>/<ecr-registry-name> to provide registry location for push

An example command would be:

CODE 
dkp push bundle --bundle container-images/konvoy-image-bundle-v2.8.1.tar --to-registry=333000009999.dkr.ecr.us-west-2.amazonaws.com/can-test

NOTE: You can aslo set an environment variable with your registry address for ECR:

CODE 
export REGISTRY_URL=<ecr-registry-URI>

  • REGISTRY_URL: the address of an existing local registry accessible in the VPC that the new cluster nodes will be configured to use a mirror registry when pulling images.

  • The environment where you are running the dkp push command must be authenticated with AWS in order to load your images into ECR.

Air-gapped Environment Information regarding your AWS ECR Account

The cluster administrator uses existing DKP CLI commands to create the cluster and refer to their internal ECR for image repository. The administrator does not need to provide static ECR registry credentials. See Use a Registry Mirror and Create an EKS Cluster from the CLI for more details.

Export Variables to Use as Flags in Cluster Creation

Below is an AWS ECR example:

CODE 
export REGISTRY_URL=<ecr-registry-URI>

  • REGISTRY_URL: the address of an existing local registry accessible in the VPC that the new cluster nodes will be configured to use a mirror registry when pulling images.

  • NOTE: Other local registries may use the options below:

    • JFrog - REGISTRY_CA: (optional) the path on the bastion machine to the registry CA. This value is only needed if the registry is using a self-signed certificate and the AMIs are not already configured to trust this CA.

    • REGISTRY_USERNAME: optional, set to a user that has pull access to this registry.

    • REGISTRY_PASSWORD: optional if username is not set.

For more information to set up a private registry with a registry mirror, see this page for details on using that flag.

Next Topic

AWS Registry Configuration

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close